Look, anyone can be phished. Yes, even the executives in their fancy suits. But that’s not what we’re here to talk about.
We’re here to talk about some of the reasons why phishing risk isn’t being properly managed. And yes, that means we’re calling out the higher ups in the insurance industry.
Don’t have the time right now? Don’t sweat it. It’s available when you need it.
Alright, now let’s talk phishing risk.
Getting phished is no big deal
According to Al, boards are more concerned with “public failure” or “reputational loss” than the dollar cost.
For insurance companies, reputation is everything. We get that.
What we don’t get is why executives don’t see exposing sensitive information as a “public failure”.
Sure, there’s a good chance that the public won’t find out that Paul from the Phoenix branch got phished. Heck, Paul might not even realize that he got phished. But not taking phishing seriously is in itself a major reputational risk.
If customers can’t rely on you with their data, can they trust your product?
Processes? What processes?
People are working remotely now more than ever. And that means inboxes everywhere are overflowing. And, according to James Linton (the man who phished the White House), it’s making it harder to spot phishing emails.
Without any processes in place, it’s harder for people to identify malicious emails—and easier for criminals to get the information they’re after.
Hey, we hate admin as much as anyone else. But a simple ‘I will never’ list can save you a whole lot of trouble. It’s basically a list of things you would ‘never’ ask your people to do.
Of course, you can’t just slap an ‘I will never’ poster on the wall and expect your phishing risk to disappear. To really reduce your risk, you need to change everything from how you run your simulations to how you manage your people.
We’re not going to get into too much detail here, but if you want to learn more and access some free templates, then we suggest you download our Agile Phishing eBook.
Want more hot takes? Watch our webinar, ‘Reducing phishing risk in the insurance industry’.