CREATE AN ACCOUNT
LOG IN

Property Underwriting

A guide to key risks in Washington state: fire, wildfire and earthquakes.


Help Center

Self-serve articles on how to use our products. Available 24/7. 

Commercial Property

Information on Loss Costs, policy rating and assessment tools 


InsuranceEDGE

Weekly newsletter covering the P&C industry, curated by our experts. 

Protection Classes

The evaluation process explained from start to finish.


WSRB Blog

News on emerging risks as well as our latest products. 

Library

In-depth content on essential insurance topics.


Industry Toolkit

Links to help you work smarter and serve your customers.  

Maintaining Your Access to WSRB Data through Cybersecurity

June 9, 2020

Like many companies in the insurance industry, we’re adapting to the novel coronavirus outbreak, and that adaptation includes our cybersecurity practices. In this post, we share some of what we’re doing to ensure you get uninterrupted access to the data and information you need.

We began these practices well before the pandemic, as part of our ongoing cybersecurity efforts, but we’ve adjusted them because our teammates are now all working from home.

Employee education and behavioral guidelines

Cybersecurity is as much about behavior as it is about technology. Our employees are smart and conscientious, but we can’t expect them to learn everything they need to know about cybersecurity on their own.

So, we provide frequent interactive training and set specific rules about using company equipment and networks. We send out updates on new cybersecurity threats and how to thwart them, and we reward employees for reporting suspicious emails that are likely phishing, spear-phishing, social engineering or other attempts.

We also invest in tools to make it easier for employees to follow our guidelines. For example, we provide a password management system so our teammates can easily create and store unique, strong passwords for all online accounts.

Insurance industry employee working from homeAs many insurance professionals work remotely, it’s essential to maintain effective cybersecurity practices

 

Related:
Coronavirus Resources for Insurers

 

Separate access for work and personal devices

Before COVID-19, we set up a separate network in our office for employees’ personal devices, such as smartphones, and for guests. This separation protects the network storing Protection Class and Loss Cost data, commercial property reports, circulars and other critical information. If, for example, an employee or guest unknowingly connects a personal device that’s been compromised to this designated network, the threat is contained, and there is no threat to the network storing the information you depend on.

Now, many of our teammates are connecting to our network through a virtual private network (VPN), and we’re maintaining that same separation but in a new way. We require employees to connect only WSRB issued and maintained devices through the VPN. Personal devices are not allowed. On WSRB devices, we’ve installed specialized endpoint protection software and ensure they’re updated with the latest security patches. We don’t have the same level of control over employees’ personal devices, so we need to keep them off the VPN.

Some companies allow employees to connect any device through the VPN, but that practice creates greater risk of malware infection because the company lacks control over the device. That laptop, phone or tablet may not have sufficient protection against malware and could potentially be accessed by multiple users in the home who are not employees. If those users don’t know WSRB’s cybersecurity practices — and most likely, they do not — they could unintentionally download malicious software to the device that later ends up on the WSRB network.

Using multi-factor authentication

Many cybercriminals attempt to steal user names and passwords through phishing or spear-phishing. Although we train employees to recognize and avoid these scams, we know it’s important to have an extra layer of protection. Multi-factor authentication is that extra layer.

Our entire team uses this process when logging into critical accounts. They enter their user names and passwords and an additional code randomly generated by an app on a separate device. If a cybercriminal did succeed at stealing credentials, that information alone would not be sufficient to access our employees’ accounts.

We’re also taking several other cybersecurity steps, but we won’t share all of them publicly. Why? Doing so could actually increase risk to the WSRB network and the data you need every day to make smart decisions. If you’re a Subscriber and have questions about what we’re doing, feel free to contact us at 206-217-0101 and ask for me by name.


Anthony Higgins is WSRB’s Security Analyst. In that role, he oversees cybersecurity practices, employee training and our partnership with Gartner, a trusted information technology security consultant.

Guy-reading-insuranceEDGE

InsuranceEDGE

Like our blog? Check out InsuranceEDGE. We curate the week’s must-read stories from top industry sources. You stay informed and save time.

START READING

Sign up for our blog