Canadian Underwriter
News

How brokers can keep clients’ data secure when working remotely

September 21, 2023   by Alyssa DiSabatino

Graphic of key approaching key hole

Print this page Share

Brokers may be at risk of unintentionally exposing client data or other proprietary information when they’re not working from the office.

But with much of the industry doing hybrid or remote work — and showing reluctance to return to the office full-time — there are measures brokers can take to keep their data secure.

Exposures 

When employees drop their guard when working from their home office, vulnerabilities can begin to surface.

“The first threat for us that happened was sending all the equipment home,” said Adam Mitchell, CEO of Mitch Insurance. “When all the equipment was on site, one IT team could quite easily monitor, update and keep track of anti-virus and [keep it] up to date.” 

But remote workers might tend to delay software updates without IT keeping a watchful eye. Brokers should make sure they install software updates as soon as their devices alert them. This can keep computer viruses at bay. 

Being at home offers increased distractions from family members, pets or guests, that may not occur in the office.

“As people started using these remote devices, somebody else could [use] it,” Mitchell said. “Is that the one your kid is playing Minecraft on and wandering around sketchy websites with?” 

Another problem is that some employees tend to mix use between their personal and work devices. 

It can be annoying to log into each separate device every time you want to shop online or check your personal email, but doing so can reduce the amount of sensitive data you’re exposing on one device if the other becomes compromised.

The plus side of remote work is the flexibility to work where you prefer. But employees who spend their time in co-working spaces or cafes may be exposing themselves to cyber vulnerabilities.

“I think one [thing] that’s super well talked about, but maybe not as well understood, is the vulnerabilities of free Wi-Fi networks,” Mitchell said.  

“[A cyber threat actor] can spin up 10 free Wi-Fi networks to try and get you to click on one of them,” he said. “If you join any of the [networks] that [the threat actor] offered you, they can monitor and track 100% of all keystrokes and everything going through it; That’s a complete cyber breach.” 

Using a virtual private network (VPN) or making sure the Wi-Fi network you’re using is secure and encrypted can be the factor that saves you from a data breach.  

Plus, many people tend to take notes the old-fashioned way — with pen and paper. This can expose sensitive info to friends and family who may not have confidentiality in mind.

“You [might] write down some notes, maybe it’s somebody’s VIN [vehicle identification number], or driver’s license or credit card number. Now, this is sitting here inside a house that probably has three or four other people,” Mitchell said. “You’re now able to have a data breach in a way that you wouldn’t have in an office where you have a controlled environment.” 

Having a secure, locked office set up and keeping devices and notes away from others is the way to go. This way, brokers can ensure data confidentiality for their clients. 

 

Staying secure 

Hackers are using more sophisticated breach or phishing methods than ever before, Mitchell suggested.  

“What you’re really trying to avoid is becoming the low-hanging fruit with wide-open doors so that these bots [and hackers] that are crawling around there can wander in.” 

Despite the myriad ways brokers might find themselves vulnerable, there are steps they can take to up their security.

Mitchell said his brokerage requires employees to follow eight steps for data security: 

  • Only use company equipment, and avoid logging into work sites with personal devices 
  • Make sure your company device is secure with password protection and up-to-date anti-virus software 
  • Don’t let family or friends use your work devices 
  • Use a VPN 
  • Secure all devices and company networks through multi-factor authentication (MFA) 
  • Require employees to follow minimum standards (i.e., network speed, or password complexity) 
  • Enable timeout on all devices (i.e., automatic shut-off if you’re away from your desk for a certain length of time) 
  • Have a clean desk policy. Don’t let employees leave sticky notes or documents lying around.

 

Feature image by iStock.com/Alfadanz

Print this page Share

More News