Phishing in the Time of COVID-19

April 22, 2020 Becky Schroeder


Working from home and figuring out how to serve insureds during this situation is tough. And if that weren’t enough, there’s another issue to keep in mind. That hackers and cybercriminals are trying to get your clients’ data.

Insurance has always had a cybersecurity target on its back. The personally identifiable information (PII) in your comparative rater and agency management system is worth more than you think.

And now that so many people are working from home, your client data is at even more risk. According to Gallup, 62% of Americans say they have worked from home. That number was at 31% in mid-March.

What does working from home have to do with cybersecurity risk?

According to Mike Vizard, tech journalist who has covered IT for more than 25 years, “the only thing standing between cybercriminals and near total access to every enterprise application is the strength of the password employed by the end user.”

On top of the security challenges of working from home, the number of COVID-19-related phishing attacks has increased since January.

Now that’s scary.

Google said last week that it saw 18 million phishing and malware emails a day the first full week of April. IT company Barracuda said in their Threat Spotlight report, that these COVID-19 attacks to steal credentials or distribute malware are becoming more sophisticated.

These criminals are using our emotions to get the response they want. However, it’s not all bad news.

Yes, the security challenges of working from home and the COVID-19-related threats may be new. But, the tips on how to spot these scams and how to protect your data are the same.


How to Spot and Avoid These Scams

  1. Beware of requests for personal information from organizations or senders you don’t normally get email from. If the sender is not someone you know, take a closer look. Check the email address and/or link before you click a link or open an attachment. Hover over the link to see if the URL it leads to is what you expect. If you’re not sure, don’t click on the link. Instead, enter the URL directly into your browser.
  2. Pay attention to the content in the email. Spelling and grammar mistakes are a big clue you have received a phishing email.
  3. Look for generic greetings like “Dear sir/madam.” It is improbable that phishing emails will use your name. So, if you get one that looks suspicious and it uses a generic greeting, delete it.
  4. Avoid emails that ask you to act right now. Phishing emails prey on emotions to add urgency to their request for information. If an email demands you take immediate action, it may be a phishing attempt.


How to Protect Your Clients and Your Data

Now is also a good time to brush up on the steps you should take to protect your agency data.

  1. Educate your staff

Communicate with your employees on these increased cybersecurity attacks. Educate them on what to watch for. If you get a phishing email, chances are they did as well. When one gets through our firewall at ITC, our IT department shares it with everyone, so we all know what is not a legitimate email.

Help your staff understand their responsibility in protecting your agency and client data. They are your first line of defense. Their understanding of what is at risk and how to protect your data can make a difference.

  1. Use complex passwords.

The time for a password that is simple has passed. Your passwords need to be complex. At least 10-12 characters and include upper- and lower-case letters, numbers and special characters. If you haven’t updated your password lately, now is a great time to do that.

  1. Enable multi-factor authentication on every program that offers it.

Many technology vendors offer multi-factor authentication as an extra security measure. Basically, this method requires a user to successfully present two ore more pieces of verification to gain program access. Reach out to your technology vendors to see if they offer this security feature.

Complex passwords and multi-factor authentication can be annoying. But, easy access for you is also easy access for hackers.

The world is changing fast right now, including those who are looking for opportunities to get a hold of your data. Stay vigilant and remember these tips to avoid phishing emails and protect your agency data.

About the Author

Becky Schroeder

As Chief Marketing Officer, Becky Schroeder is responsible for driving ITC’s overall marketing strategy for the company and its products. Her specialties include creating and documenting processes; establishing metrics for managing those processes; developing content strategy and generating leads; and developing marketing strategy. Becky was named an Elite Woman in Insurance by Insurance Business America in 2016. She has a master’s degree in integrated marketing communication from Emerson College in Boston and a bachelor’s degree in journalism from Texas A&M University. Becky is a big Texas A&M football fan and enjoys cooking, reading and spending time with her husband and their three daughters.

Follow on Twitter Follow on Linkedin More Content by Becky Schroeder
Previous Article
State of Insurance Rating COVID-19 Weather Report #4
State of Insurance Rating COVID-19 Weather Report #4

The following weather report is the week of April 13 through April 17.

Next Article
Why You Should Start That Blog During The Pandemic
Why You Should Start That Blog During The Pandemic

Now is the time to take the leap and start a blog for your insurance agency. Here’s why.

ITC is powering agencies during this crisis

Get in Touch