Cyberattacks are on the rise, so it’s no surprise that cyber insurance continues to be one of the fastest growing areas in the insurance industry. For insurance agencies, there are two sides to this coin, the growth opportunity associated with cyber insurance and the potential for a malicious cyber attack against their own agency website. How can you make your insurance agency’s website more secure and limit your exposure to a cyber attack or breach?

The basics

  • Install SSL. This is a mandatory step for all websites!
  • Update your software frequently. This includes the operating environment, coding, theme, plugins, etc.
  • Use strong passwords. All passwords for all users to access your website should be complex. It is often best to use the computer-generated passwords provided by the system.
  • Educate your users. Take the time to ensure all employees and contractors understand cybersecurity best practices, including preventing phishing emails and other hacking emails.
  • Use anti-malware solutions. Invest in anti-malware solutions for continuous scans and prevent malicious attacks.


  • Strengthen your server. Server hardening is a set of techniques used to enhance the security of your server. For example, you need to manage server access, minimize external footprint (including hiding key files from public view), fix vulnerabilities, restrict administrator access, and minimize user access permissions. users.
  • Use parameter queries to mitigate SQL injection attacks.
  • Multi-factor authentication should be used for login security. MFA is an excellent addition to your security protocol, and authenticator apps like LastPass, Microsoft Authenticator, and Google Authenticator are easy to use. They reside on your smartphone and allow you to enter a 6-digit code to validate secure access.
  • Add a firewall. Most hosting environments offer a firewall option and you should take advantage of that. For example, most hosting organizations offer an optional firewall to help prevent hacking attempts. These are an inexpensive addition and should come standard. Note that you will need to change your DNS A record when adding a firewall.
  • Protection from XSS attacks. Cross-site scripting (XSS) attacks can inject malicious JavaScript code into your insurance agency’s web pages, which can modify browser page content or potentially steal information. The best defense is to limit how and what JavaScript runs on the page. For example, your website can disallow any non-hosted scripts from running (disallow inline JavaScript).
  • Manually accept comments on the site. Don’t allow comments to be posted automatically, this reduces spam and script attacks.
  • Use captcha. Each form should have a captcha, and if you have problems with the cookie compliance captcha, create a required field that requires the user to decide something. For example, 5+4=___).
  • Encrypt data. If you’re capturing information of any kind, or as a general safeguard, encrypt your data while it’s at rest.

Preventing cybersecurity breaches is important for agency directors and clients alike. Make sure your insurance agency website is secure!

By skadmin

Leave a Reply

Your email address will not be published. Required fields are marked *