Why Summer? You may be taking a vacation, but we can promise you, hackers are not. In fact, many hackers wait for times like these when IT teams are likely to be short staffed. In addition, as many employees are working remotely, or simply checking-in from their vacation, potential security pitfalls loom all around.
Results from our first BOXX Broker’s Digital Health Challenge
We brought in security experts, Digital Boundary Group (DBG), to perform a detailed penetration test to assess the broker’s security posture.
A pen test helps you understand what could happen if a hacker was to target you, as well as how they would do so, and the ease with which they could succeed.
Here are the high-level findings from the test conducted by Digital Boundary Group:
External Penetration Test
Type of Test: Being hacked by the good guys
The Risk: An external penetration test evaluates how easy it is to break into the network. The test identifies vulnerabilities, validates how effective current safeguards are, demonstrates existing risks by attempting to take control of the corporate network and provides remediation strategies.
The Result: During the test, DBG found weak passwords in use. Based on these findings, the broker was deemed to be at high risk of an attacker gaining unauthorized access to the internal network and privileged information.
Social Engineering Test
Type of Test: Testing your Human Firewall
The Risk: Social Engineering attacks should always be of concern. DBG sent a phishing email containing a hyperlink to the employees. Once the hyperlink was clicked, employees were asked to insert credentials and download a file.
The Result: A quarter of the broker’s employees clicked on the hyperlink found in the email message. Social engineering attacks could lead to hackers gaining access to confidential information.
Network Security Assessment Test
Type of Test: Testing your security controls
The Risk: A network security assessment evaluates the security posture of an organization’s internal network. Various aspects are assessed including remote access / VPN, firewall security, antivirus and malicious code and password strength, among others.
The Result: The broker’s internal security posture was deemed as being high-risk. Digital Boundary Group was able to gain full control over the broker’s network.
Should your firm test their Digital Health?
For the same reason you go to a healthcare provider for an annual wellness check, it makes sense to turn to highly-trained security consultants to check out your security.
A brokerage that does not take cybersecurity seriously exposes their firm to both financially motivated scams and damages and fines for failing to protect their client and employee data in the event of a cyber breach.
And the risks are getting bigger.
Many brokerages allow their staff to work remotely that amplifies their risk. The demand on your IT team is also that much higher. Few companies have cyber specialists on staff.And, if you outsource your IT, the MSP provider that maintains your technology may not have the time, skills, or objectivity needed to identify security flaws, understand your organization’s risk level, or help address and fix critical issues.
“Money’s most powerful ability is to allow bad people to continue doing bad things at the expense of those who don’t have it.” – Ben Kingsley in ‘Sneakers’
Blog written by Vishal Kundi,
CEO & Co-Found of BOXX Insurance Inc.