Crisis breeds opportunity, so the saying goes.
Unfortunately, malicious actors – from common fraudsters to sophisticated cybercriminals – understand this all too well and are exploiting the current norm-altering COVID-19 pandemic and remote-work culture to launch online scams and cyberattacks.
For those of us in the insurance industry, the need for increased vigilance and hyperawareness of potential risks is paramount as we work to protect the information and financial security of all those we serve. Here are some basic steps you can take to help ensure you work as securely as possible from your home office.
Don’t get scammed
Cybercriminals are seizing on coronavirus fears by using online scams to extract internet users’ personal and financial information. These scams – sent through email, texts, or social media – claim to provide coronavirus awareness, sell virus prevention products, and/or ask for donations to a virus-related charity for victims. They can often appear to be from a legitimate organization or individual, including a business partner or friend.
Tips to avoid scams:
- Do not provide personal or financial information in an email, through text messaging, or over the phone during a call that you did not initiate. Do not respond to unsolicited requests for this information, which includes not following links sent via email or text messages.
- Pay attention to URLs. Malicious websites can look exactly like legitimate sites, but the URL may use a slightly different spelling or a different domain (e.g., .com versus .net).
- If you are unsure whether an email, text message, mailed letter, or phone request is legitimate, try to verify the identity of the sender before taking any action. Do so by contacting the individual or company using verified information from previous correspondence or another trusted source rather than via information included in the suspicious communication.
Secure your home office
Working from home can be challenging, even overwhelming, as you adjust to your new workspace. Just as your company is a target for cyber attackers, so are you – your personal information, personal accounts, and even your personal devices. Plus, you may not have all the security resources at home that are available at the office.
Amid all this disruption, here are some simple, effective tips you can follow to create a cyber-secure home:
- Don’t default. Your connected home likely includes a wireless network, or Wi-Fi, that allows you to connect devices to the internet. Securing your home office starts here. Your Wi-Fi access point controls your wireless network and most likely came with a default administrator username and password. Once your access point is configured, be sure to change the password and, if possible, the default username as well. Next, change the default name of your wireless network, or service set identifier (SSID), ideally selecting a name unconnected to your address or family name.
- Optimize encryption. Use the strongest encryption possible to configure your wireless network and avoid using older forms of encryption, such as wired equivalent privacy (WEP). If you are unsure of the type of encryption being used on your network, check the settings on your device and/or consult the manual for your wireless router. Again, don’t forget to choose a strong password or passphrase to access to your wireless network.
- Secure all devices. Once your network is secure, it’s time to secure the devices connected to it. This can include not only your computer, but also smart TVs, gaming consoles, and “internet of things” devices such as thermostats, doorbells, baby monitors, and even light fixtures. Once you have an inventory of connected devices, check that each has a strong, unique password. Some default passwords can be accessed through a simple internet search, so you’ll want to complete the simple process of setting your own. Consider a password manager to help you keep track of passwords on all your personally owned devices.
- Protect your conversations. You can’t be too careful with your home office. For those with “listening” devices in your homes – Alexa, Google Home, Siri, etc. – take extra care to protect sensitive conversations and conference calls from potential eavesdropping. Better safe than sorry.
- Stay up to date. All software on internet-connected devices – PCs, smartphones, tablets etc. – should be kept up to date to reduce risk of infection from malware. And check with your internet service provider for potential help in protecting your home network.
- Take the extra step. Always enable two-step verification for your online accounts whenever you can – it is one of the most effective steps you can take.
- Keep your distance. We’ve all been instructed to practice social distancing, which works online, too. Limit the amount of personal data you share on social media, share all data via online secure cloud applications, and avoid USB memory sticks in sharing data as they can spread malware.
- Use common sense. In the end, you are your own – and your company’s – best defense. So be aware, be vigilant, and be safe.
Cybercriminals prey on fear and confusion, but as with the COVID-19 pandemic itself, we can conquer this threat through knowledge and continuous preventive action.
RGA continues to organize the eighth annual RGA Fraud Conference, scheduled for August. Stay tuned for more details on the life insurance industry’s premier cross-discipline fraud event, and please contact us with your fraud and data privacy questions.