Secure your insurance company’s website against cyber attacks

Cyberattacks are on the rise, so it’s no surprise that cyber insurance continues to be one of the fastest growing areas in the insurance industry. For insurance agencies, there are two sides to this coin: opportunities for growth associated with cyber-insurance and the potential for a malicious cyber-attack on their agency’s website. How can you make your insurance agency’s website more secure and limit your exposure to a cyber attack or breach?

The base

  • Install SSL. This is a mandatory step for all websites!
  • Update your software regularly. This includes your operating environment, coding, theme, plugins, etc.
  • Use complex passwords. All passwords for all user access to your website should be complex. It is often best to use your system’s computer-generated passwords.
  • Educate your users. Take the time to ensure that all employees and contractors understand cybersecurity best practices, including preventing phishing and other hacking emails.
  • Use anti-malware solutions. Invest in anti-malware solutions for continuous scanning to prevent malicious attacks.


  • Harden your server. Server hardening is a set of techniques used to enhance the security of your server. For example, you need to manage server access, minimize the remote footprint (including hiding key files from public view), patch vulnerabilities, restrict administrative access, and minimize user access privileges.
  • Use parameter queries to mitigate SQL injection attacks.
  • Multi-factor authentication must be used for login security. MFA is an excellent addition to your security protocol, and authentication apps like LastPass, Microsoft Authenticator, and Google Authenticator are easy to use. They are located on your smartphone and allow you to enter a 6-digit code to validate secure login.
  • Add a firewall. Most hosting environments offer a firewall option and you should take advantage of it. For example, most hosting organizations provide an optional firewall to help prevent hacking attempts. This is an inexpensive addition and should be a standard. Please note that you will need to change your DNS A record when you add a firewall.
  • Protect against XSS attacks. Cross-site scripting (XSS) attacks can inject malicious JavaScript into your insurance company’s web pages, modifying the content of browser pages or potentially stealing information. The best defense is to limit how and what JavaScript is running on the page. For example, your website may prohibit the execution of non-hosted scripts (disallow inline JavaScript).
  • Manually accept on-site comments. Do not allow comments to be posted automatically, this will reduce the number of spam and script attacks.
  • Use captchas. Each form must have a captcha, and in case of cookie compliance captcha issues, you must create a required field for the user to decide something. For example 5+4=___).
  • Encrypt data. If you’re capturing information of any kind, or as general security, encrypt your data while it’s at rest.
See also  Health insurance

Preventing cybersecurity breaches is important to both clients and clients. Make sure your insurance company’s website is secure!