Go phish? This is something that you don't want your employees to play when they are on the job at your insurance agency.
Phishing scams are an ongoing and insidious way of damaging businesses, and unfortunately, the COVID-19 pandemic has spawned a new generation of these scams. Some of these phishing emails pretend to come from employers and target people who are working from home. Therefore it's critical to educate your employees on how you will communicate with them, especially if they have started working from home. Let them know they should contact you if they're even slightly suspicious of a work-related email they receive. What are phishing scams, and how can you protect your agency against them?
What is a Phishing Scam?
According to Imperva, a phishing scam occurs when "an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message." Phishing scams might be a scam email telling you that your account has been compromised, for instance. When you click on the link or download the attachment, this could install malware on your computer. You or your employees could also end up sending someone sensitive information about accounts and giving scammers access to computer files or bank accounts.
Phishing scams don't always work, but they operate under the assumption that if they send out enough emails to enough people, they will eventually find someone who will be duped by the scam.
There are also different and more targeted phishing attacks such as:
- Spear phishing: this phishing is specifically targeted towards a certain individual. Scammers may go to the extent of looking up the individual online or gathering information on social media. This makes the concerns posed in the phishing email all the more realistic, since they are informed by information that the person has shared online.
- Whaling: targeting the CEO of a company to gather even more sensitive information
Phishing now occurs on social media too. It's not just email-based any more.
Problems That Occur Due to Phishing
As an insurance company, you have a lot of sensitive information about your clients. A phishing scam does not only compromise core information for your company such as your bank accounts, it can also compromise your clients' information too. If your clients' information is compromised, you have a trust issue on your hands. You will need to tell your clients, and you may need to compensate them for the damage that has occurred. This can hurt your reputation as a business. While you probably have insurance such as E&O insurance, you don't want to have to manage the problems that come with a phishing scam and damaged reputation. How can you prevent such scams?
Stop Phishing Scams
How can you avoid having your employees get involved in a phishing scam, and how can you avoid them yourselves? Phishing.org suggests that you provide:
Ongoing education. Talk with your employees about scams and what they look like. As you can see above, scams have become more targeted over time. They may feel much more real than a poorly-spelled, generic email. Remind employees to avoid clicking on attachments and pop-ups.
Install toolbars on your browsers to avoid phishing sites that may look real, but aren't. These toolbars check the sites you are visiting to make sure that they are not commonly-reporting phishing sites.
Create safety processes at your agency. Check accounts regularly and change passwords regularly. Use firewalls and antivirus software. These basic internet hygiene procedures will help keep your business safe.
At American Agents Alliance, we provide your business with ongoing education and resources to help keep you safe and to help your employees learn more about your business, including safety-related information. Join us for a conference, or sign up for continuing education online. Contact us today.