Securing Your Insurance Agency Website From Cyber Attack
Cyberattacks are on the rise, so it’s no surprise that cyber insurance continues to be one of the fastest growing areas in the insurance industry. For insurance agencies, there are two sides to this coin, opportunity for cyber insurance related growth, and the potential for a malicious cyberattack against their own agency website. How can you make your insurance agency website more secure and limit your exposure to a cyberattack or breach?
The Basics
- Install SSL. This is a mandatory step for all websites!
- Update your software frequently. This includes your operating environment, coding, theme, plugins, etc.
- Use complex passwords. All passwords for all user access to your website should be complex. It’s often best to use the computer-generated passwords provided by your system.
- Educate your users. Take the time to ensure all employees and contractors understand cyber security best practices including preventing phishing emails and other hacking emails.
- Use anti-malware solutions. Invest in anti-malware solutions for ongoing scans to and prevent malicious attacks.
Advanced
- Harden your server. Server hardening is a set of techniques used to improve the security of your server. For example, you should manage server access, minimize the external footprint (including hiding key files from public view), patch vulnerabilities, restrict admin access and minimized user access permissions.
- Use parameter queries to mitigate SQL injection attacks.
- Multifactor authentication should be used for login security. MFA is an excellent addition to your security protocol, and authenticator apps like LastPass, Microsoft Authenticator, and Google Authenticator are easy to use. They reside on your smartphone and allow you to enter a 6-digit code to validate secure login.
- Add a firewall. Most hosting environments offer a firewall option, and you should take advantage of this. For example, most hosting organizations offer an optional firewall to help prevent hacking attempts. These are an inexpensive addition and should be a standard. Note that you will need to change your DNS A record when adding a firewall.
- Protect against XSS attacks. Cross-site scripting (XSS) attacks can inject malicious JavaScript into your insurance agency web pages, which can change browser page content, or potentially steal information. The best defense is to limit how and what JavaScript is executed in the page. For example, your website can disallow the running of any non-hosted scripts (disallow inline JavaScript).
- Manually accept on-site comments. Don’t allow comments to automatically post, this cuts down on spam and script attacks.
- Use captchas. Every form should have a captcha, and in the event of cookie compliance captcha issues, create a mandatory field which requires the user to decide something. For example, 5+4=___).
- Encrypt data. If you’re capturing information of any kind, or as a general safeguard, encrypt your data while at rest.
Preventing cyber security breaches is important to both agency principals and clients. Make sure your insurance agency website is protected!