Personal Cyber Risks Every Homeowner Should Understand

Original article can be found HERE.

This post is part of a series sponsored by The Cincinnati Insurance Companies.

October is National Cyber Security Awareness Month and the perfect time to reach out to your clients with strategies to protect themselves from cyber security risks. In a recent interview with Insurance Journal, The Cincinnati Insurance Companies’ Don Culpepper shared best practices for securing one’s home, with a special focus on high net worth individuals and families. As a senior risk management territory advisor, Don brings extensive experience in personal lines and offers strategies to improve cyber security in the home.

Don, when you talk to people about cyber risk within the home, what are some of the trends that have emerged over the last few years?

Trend No. 1

“It is critical that we become more conscious and aware of what’s going on inside the home. Our home networks are far more vulnerable today than ever before.”

In the post COVID era, an increased number of people are working from home. If you are working with sensitive data, it’s essential that your network be secure. Don suggests the following best practices:

  • Update passwords using complicated combinations of at least 12 characters, incorporate capital letters, lowercase letters, numbers, and symbols.
  • Make sure that your company provides you with encryption software or a virtual private network (VPN), that will protect your data and keep those in the home from accessing your connection to the office network. Lock your machine when you are not at the computer.
  • Establish a guest WiFi for others to use to limit the likelihood of someone accidentally allowing a bad actor into your home or office network.
  • Change the manufacturer installed passwords on all devices installed in your home. Many of these devices are installed with ,000, 1234 or admin:administrator, and bad actors are aware of this.

Trend No. 2

“We have more children and college students now working or being educated from home. The more connected devices, the greater the exposure to bad actors.”

  • Make sure that your virus protection is up to date on all devices.
  • Consider installing a VPN to protect your home network.
  • Pay attention to update notices on all devices. For example, Apple released an emergency update in September to protect against Zero Click Malware.
  • Use a technology company that employs certified information security experts to set up your home network.

Trend No. 3

“We have more connected appliances and devices such as Alexa, Google Assistant, Facebook Portal and Echo. These devices are designed to assist homeowners with routine duties around the house. However, they also present potential for bad actors to access personal data or to listen in on conversations. Further, smart home appliances can be used to spread spam, malware, ransomware and more.”

Innovation in connected devices brings convenience to homeowners but requires vigilant password protection. Any connected device can become the pivot point by which a bad actor can send nefarious emails anonymously. Using these household items, such as smart refrigerators or washing machines, once hacked, the pivot point can send out thousands of emails per hour, shielding the bad actor’s identity. Bad actors are known to hack baby monitors to watch and scare sleeping infants, smart doorbell and television cameras are modified to watch homeowners, and your own laptop camera can be accessed remotely to monitor you.

Carefully consider the interconnected devices that you place in the home and their connectivity to the internet. For example, a digital internet connected thermostat cannot be controlled if the internet goes down. For those living in geographies with extreme weather conditions, this might not be advisable as loss of heating or cooling could put both residents and their home in jeopardy.

Trend No. 4

“There is an increase in extensive phishing attempts by bad actors, through email, text-based phone messages and social networks. So, looking at your email, being very careful about how you respond to email and the clicks that you make on your various devices is something that needs to be considered.”

Be watchful of these tactics:

  • Malvertising, a tactic used on Facebook, occurs when bad actors use online advertising to spread malware.
  • Unsolicited communication called ‘pretexting’ occurs when a bad actor has enough information about a person to convince them to try to do something that they would not normally do or provide information that they would not normally provide.
  • Recently, the airdrop feature on iPhone has been exploited in crowded areas to send unsolicited information and photos to people whose privacy settings have not been set on this information sharing function. (To secure your iPhone airdrop feature: Settings>General>AirDrop)

Don, let’s focus on high net worth families. Are they a target for a unique set of threats?

“Many high net-worth clients want the newest, latest and greatest in devices and appliances, and because of their busy professional and personal lifestyles, they don’t typically think about the risks and preventative behaviors we’ve discussed here, or they have people who are supposed to be handling those for them. One of the risks for high net-worth people is that the internet can be easily searched to reveal identity, financial status, family members, residences and things of that nature, so they are an easy target.”

Unique risks and mitigation strategies to consider for your high net worth clients:

  • These households often include many non-family members, including household staff, property maintenance and contractors. Homeowners should vet installers of devices and be vigilant about the access they provide non-family members to devices within the home.
  • Because privacy is so important, contractors and staff should sign confidentiality agreements before commencing employment, to protect the home’s location and identify of family members from being exploited on social media or having their privacy violated.
  • Avoid posting travel and location on social media in real time. From a photo posted on social media, a bad actor can use geotagging to identify exactly where the photo is taken, determine where a residence is located, or how far a homeowner is from that residence at that moment. To protect the identity of children, refrain from sharing their location and images on social media.
  • If travel is part of one’s job and requires social media exposure, heighten physical security at home while away.
  • High net worth individuals are often targets of financial scams. Use caution when receiving email solicitations for information or requests for electronic signatures. Either validate the sender by phone or delete the email and await further requests from legitimate contacts who will seek you out by other means.

What is your advice to insurance agents with high net worth clients?

“See if you can get an opportunity to meet with the client or their representative to get a real understanding of their lifestyle and whether that particular lifestyle accentuates the risk of identity theft or personal security issues.”

  • Determine their social media practices, platforms used and those of their extended family.
  • Ask who has access or use of their devices or passwords.
  • Suggest a social media or cyber security assessment.
  • Discuss any recent threats that that need to be considered.

What type of coverage or services do you advise for high net worth clients?

“In this particular environment, which changes frequently, agents should work with a company that is vigilant in terms of how it’s designing coverages and how it’s helping to respond to risks that their clients may face.”

Seek companies that offer the following for your clients:

  • Risk mitigation services through in-home safety consultation, cyber security assessment, home bug sweep and other detection services.
  • Identity theft coverage, cybersecurity coverage and personal security coverage.
  • Advocacy services specializing in assisting with recovery efforts in the event of an identity theft.
  • Crisis management and public relations services to restore reputation following a breach.

In closing, as we enter National Cyber Awareness Month, Don advises us all to be vigilant.

“The more you’re aware of what’s going on around you, within your home, within your devices and with whom you associate, you raise your level of understanding of potential risks to you and your family.”

Mitigate these risks with best practices and partnership with industry experts that remain abreast of emerging trends in cyber threat.