As the COVID-19 pandemic and holiday shopping season merge, millions of Americans are now at risk of added cyber threats, especially as technology has given people more opportunities to connect, socialize, conduct banking activities, and carry out daily business responsibilities. This trend has given way to new methods of obtaining personal data, which can lead to the loss of both assets and privacy.
With the latter risk, malicious actors can go on to sell personal information on the dark web many months or even years after they obtain that data in the first place, with the targeted individual unaware that their credentials are out in cyberspace, waiting for the highest bidder, according to Lisa Lindsay (pictured below), executive director of the Private Risk Management Association (PRMA).
“Cybercriminals are certainly becoming more sophisticated, in terms of being able to break into somebody’s email, understand how they write, and the nuances of their communication, and the way that they’re able to really pose as the high net worth individual is quite good,” she explained.
In addition to the risk of being targeted by a cyber hacker, individuals can face other obstacles to implementing effective cyber defenses. In fact, there are three cybersecurity ‘myths’ that McGraw says clients need to overcome. The first of these is that cyber risk is a technology problem and requires a technology-based solution, when it’s actually a behavioral issue.
“It’s the behaviors that you as an individual and as a family take or don’t take that is the biggest determinant in your exposure to cyber risk,” he noted.
The second myth is that there is nothing that can be done about being a victim of cyberattacks. Individuals and families may believe that if bad guys want to target them, they will likely be successful when, in reality, there are simple and affordable actions that people can take to protect themselves. Yes, acknowledged McGraw, you can’t completely defend yourself against cyberattacks, “but there are certainly things that you can do to make yourself a less visible target.”
The final myth is the opposite way of thinking – the ‘that’s not going to happen to me’ mentality. McGraw calls it the optimism bias – that cyber isn’t a problem for individuals, but rather, it’s a problem for big companies. To combat this way of thinking, insureds need to be exposed to stories about people being targeted by hackers, and the impacts this can have on their financial and mental well-being.
Read next: 5G rollout to pose new cyber risks – report
“We believe that the reason that people have adopted this way of thinking is because they think it’s super complicated,” added Lindsay. “It sounds like noise to them when they start thinking about firewalls and technology, because they are thinking about it as solely a technology problem. We as an industry need to keep talking to clients about this in a way that’s manageable and digestible … and it’s really incumbent on us to speak in a language that people can [understand].”
According to McGraw, the single most important thing individuals can do to protect themselves is realize that they as a family are the critical factor in enhancing their cyber defenses. If people believe that they hold the key to their own cyber risk, they tend to respond by implementing risk mitigation tools, such as password managers and VPNs for their home networks.
When it comes to risk management, Lindsay recommends that families set up a guest Wi-Fi for visitors to their home to separate that network from the one they’re using to conduct financial transactions and transmit personal information. Putting in place procedures to prevent fraudulent wire transfers, such as ensuring that a phone call needs to be made to confirm that the right person is making the request and transferring the money to a legitimate source, is also smart.
Brokers and advisors can play their part in helping high net worth families stay protected during this holiday season and beyond. McGraw says that professionals need to overcome the intimidation factor of approaching the cyber conversation with their clients, in part by learning the jargon and becoming familiar with the various insurance and risk management solutions.
“I had to get comfortable launching into conversations with my clients using other exposures as a launching point,” he explained. “If I’m talking to a family about their security system in their house, for example … that was my launching point to say, ‘It seems like we’ve got the exterior of your home protected against invasion – what about your digital lives? How do you guys protect yourself from some type of cyberattack?’”
PRMA members have likewise seen success in bringing up the cyber conversation by building it into regular communications with their clients and not overwhelming them. Considering today’s pandemic challenges, a conversation about kids doing school online full-time can open the door to discussing cyber risk, for instance, as well as talking to clients about things they’re purchasing for their home, such as smart home gadgets.
“I think there are a lot of ways in our regular conversations with clients that we can start to normalize the cybersecurity conversation in digestible bits,” said Lindsay.