Property Casualty 360 - 07/09/15
By Martin Hartley
"Good morning, Leslie. In light of an investment that I’m finalizing, I need you to wire $150,000 from the cash reserves in our primary brokerage account to United Industries. The wire instructions are…”
Leslie, the personal assistant for a highly successful entrepreneur, didn’t find anything unusual about this request from her boss. At least, not until she received another one like it within a week of processing the wire.
“Leslie, we’ll need to move another $90k to United Industries. Please process accordingly using the same instructions.”
Although this e-mail, like the one prior, was sent from her boss’ personal e-mail account and included his customary signature and private details of his personal account, something seemed off. Leslie picked up the phone.
“I received your second request to wire additional funds to United Industries but wanted to check with you before processing it.” The 60 seconds that followed felt like a painful eternity for both parties on that call. The next call was to law enforcement to report a cybercrime.
Although this scenario is fiction, it could easily happen to any company on any day.
A cybercriminal exploited a relatively common vulnerability in Peter’s “secure” home network to access his world: files containing personal information ranging from Social Security numbers for his family members to medical and financial documents. After shadowing Peter’s e-mail to understand how and with whom he communicated, the cybercriminal had everything he needed to send those emails—and swiftly erase the entire thread during the process so Peter would never see it.
Reducing and transferring cyber risk has become a hot topic in our industry following high profile data breaches at Anthem, Home Depot, Sony Pictures and other firms. Perhaps because the premiums (and commissions) associated with firms like these are vastly greater than those of typical personal insurance clients, much of the energy and innovation around cyber has been part of the commercial insurance universe. As the world becomes increasingly connected and cyber threats grow in size and complexity, personal insurance professionals have a tremendous opportunity to help our clients protect their identities, financial assets, reputations, and more.
According to CNN Money, 47% of adults in the U.S. (110 million people) had personal information exposed by hackers in 2014 alone. In fact, 432 million accounts essentially were hacked and the number of fraudulent transactions and resulting loss of personal wealth is on the rise despite the important financial protection afforded by top credit-card providers and other financial institutions. As this story reminds us, knowing the security protocols of all third-parties with whom you share your personal information is a critical first step. Here are a few other things you and your clients can do to help prevent significant loss and the hassle of restoring an identity following an event.
1. Use strong, unique passwords for every site, account and device. The more complex the password is, the harder it is for hackers to crack, regardless of their technology.
2. Use multifactor authentication. This refers to the use of multiple points of authentication from independent categories to verify a user’s identity. It typically combines “something you know” (most commonly your username and password) with “something you have” (your smartphone) or “something you are” (your fingerprint). When used together, these can greatly increase security because a hacker would need additional authentication requirements to access your account. Most top banks and investment houses now require or allow multifactor authentication.
Other important services, like e-mail, more now provide the same options. For example, Gmail will send users a text message with a one-time code as a log-in requirement to supplement the user name and password.
3. Further protect your laptop and other mobile devices.
4. Network smarter.
5. Play it safe online.
These are just a few important strategies to reduce cyber risk. There are numerous others, like insurance, obtaining an annual credit report, subscribing to an identity monitoring service, and so on.
As part of developing our new CyberSafe Solutions, PURE collaborated with Concentric Advisors, an elite personal security firm, to produce a white paper that provides a far more comprehensive look at cyber risks and ways to mitigate them.
Martin Hartley serves as the executive vice president and chief operating officer at PURE Group of Insurance Companies.