How to Prevent Ransomware Attacks to Insurance Organizations

David Elfering is Senior Director, Information Security at ReSource Pro. He has 20+ years in building global information security policies and practices.

Healthcare is Latest Target of Cybersecurity Attacks

As a trusted partner, we want to pass along simple yet effective tips to help keep your organization safe. Please rest assured that ReSource Pro is prepared, and our associates, information technology, and security teams are at a heightened level of awareness during this time.

All employees of an insurance organization should embrace a healthy suspicion of email, even when it appears to be from people you know. Identifying suspicious emails is easy if you consider the following four questions:

1. Is this email trying to get me to take any action?

In the past, it was possible to fall victim to a cyberattack simply by opening an email. Modern cybersecurity measures prevent this kind of attack, so today’s cyber criminals need you to take more steps to compromise your data. For example, a malicious email might invite you to click on a link or attachment, which then triggers the infection. Links and attachments can appear normal while still being malicious, and simply reading the name is generally not enough to determine legitimacy.

2. Is this email trying to get me to reveal sensitive information about myself or my organization?

Remind yourself and colleagues to never enter login information anywhere even slightly suspicious. And as a rule, never share passwords over email.

3. Does this email demand an immediate response?

As mentioned, cyber criminals often need their victims to take action for the attack to be successful. To do so, they frequently employ tricks that play on common human psychology, such as wanting to meet a boss’s time-sensitive demands. Encourage employees to double check on any suspicious, last-minute requests.

4. Is this email unexpected? 

It isn’t uncommon for cyber criminals to take over mailboxes of people we know and use them in attacks. An email from someone you know that seems out of character and fits any of the above criteria can be a red flag. 

Prevent and Prepare for an Attack

Ransomware can be even more deadly than phishing since it encrypts your data and demands payment to unlock it. The best way to prevent a breach is to brief everyone in your organization on the above questions and, just as importantly, to back up your files. The ability to restore files will provide peace of mind, and quick recovery if an attack succeeds.

Read more on cybersecurity:

How Insurance Organizations Can Maintain Security on Zoom
Defend Your Data from Ransomware
WTF is Wire Transfer Fraud?!

Want to introduce more cybersecurity best practices into your insurance organization? Let’s talk.