If there’s one tool that has transformed the way agents and advisors do business today, it’s email. Email is vital for both personal and professional use—connecting people from thousands of miles away or from a few doors down the hall. Its use has grown rapidly over the past decade, and daily there are over 269 billion emails sent and received worldwide.
And because that number is so high, each message you get from clients, prospects and business colleagues comes with its own security risks. They expose you to viruses, ransomware attacks and other malware threats that could slow you down, at best, or, at worst, lead to regulatory actions and litigation.
If you sell life insurance, annuities and other financial services products and collect no protected health information, you face one level of information security compliance anxiety.
If, in the course of your activities, you collect enough protected health information to become a health plan’s business associate, you face another, much higher level anxiety.
Worries about increasingly sophisticated fraudulent phishing email are putting financial professionals’ very high level of anxiety in overdrive.
Based on a study by Intel Security, 97% of people worldwide are unable to identify fraudulent phishing emails: messages that try to trick consumers into sending sensitive information. That means the vast majority of people—and the companies they work for—are vulnerable to attacks that could result in thousands to millions of lost dollars or identity theft. In fact, the Federal Bureau of Investigation reports that organizations have lost more than $2.3 billion in phishing scams since 2013.
It’s become critical for companies to give email security awareness training to employees and to educate shareholders and customers too. Every person who interacts with your business should have an understanding of what to expect from your online business communications. And that should be communicated to them regularly—either by email, mail or the company website.
Listed below are several principles your company should include in its email security awareness training:
1. Be wary of links.
If you receive an email alert about one of your online accounts, instead of clicking the link, open your browser and go directly to the account page to see if there is a problem. Fraudulent links are one of the primary ways hackers break into a computer or an online account. To verify the alert, you should check the account firsthand. If it’s legitimate, the alert should appear online. Before clicking on a link sent via email, always hover over it to see the URL address and determine if it leads to a trustworthy site.
2. Define what company emails should look like.
One of the telltale signs of a phishing email is when the appearance differs from other email messages sent by the same company. By clearly defining what emails from your company will look like and sharing that information with staff and customers, they’ll be better able to detect if an email is posing as your company.
3. Inspect for misspelled words, links and domain names.
Another way to spot a phony email is if words and links are misspelled. Most companies take email communication seriously and will rarely send messages with multiple typos. Cyber criminals often include links that look correct but with one letter out of place, and if you click on it, your computer immediately becomes susceptible to malware or a virus. If you receive an email with several typos, be suspicious and contact the company directly.
4. Don’t open or download content you weren’t expecting to receive.
Some of the trickiest counterfeit emails appear to have come from a well-known contact. The email may invite you to view an attachment or download a file, but when you do, your account or computer gets hacked. A good rule of thumb is to not open or download files if you weren’t expecting to receive them. Contact the sender to verify he sent the file before clicking on it.
5. Don’t send sensitive information.
This may seem like an obvious guideline, but many people fall prey to cyber criminals by emailing sensitive information. When an email looks like it came from a bank or credit card company, people often assume it’s legitimate and submit the requested information, which can include credit card, social security or bank account numbers. This is another reason why it’s important to outline what your company will and will not ask for via email to help staff and customers discern when they’ve received a fraudulent email.
6. Don’t jump to conclusions.
Scam emails often include a sense of urgency to strike fear into the recipients. If you receive a notification that your account has been suspended or requires immediate action, don’t panic. Take time to examine the email, open your account from the main website, and if necessary, call customer service to confirm.
By implementing regular email security awareness training, you will better equip your customers and employees with the information they need to detect fraudulent emails. Send emails periodically to remind them of your company’s email policy and urge them to report any suspicious messages they receive. Doing this will instill a sense of trust in your company and reduce the number of people who fall victim to fraudulent emails each year.
— Read AHIP Institute 2013: Price Check on ThinkAdvisor