The agency had antivirus on every device.
Updated, active, reporting clean.
The breach ran for 4 weeks before anyone knew it had started.
Antivirus scans files. When something malicious attempts to execute on a device, it flags it. That is the job, and it does the job.
The problem is that the three most common attacks on small insurance agencies do not involve a malicious file.
They involve a malicious person.
A phishing email arrives.
It looks like a carrier notification or a client message.
Someone clicks a link and enters credentials on a page that looks exactly like a real login. No file was downloaded. No alert fired.
The attacker now has a valid username and password to a real account.
Passwords get stolen, guessed, or purchased in bulk.
Once an attacker has valid credentials, they walk into the account the same way a legitimate user would.
Antivirus monitors the device. It does not monitor the account being accessed from somewhere else.
An attacker gains access to a mailbox and goes quiet.
They read everything for weeks.
They learn payment patterns, vendor names, the way the owner writes.
Then they step into a live conversation and redirect a wire.
The breach was not the moment they got in. The breach was the moment they decided to act.
Most people think hackers are trying to break in. They already got in 6 weeks ago.
The moment that changed things for me was sitting across from an agency owner who had done everything right by the standard everyone was using.
She found out about the breach from a client. A wire transfer had been redirected four weeks earlier. The attacker had been in her email the entire time.
Cybersecurity is more than just one tool.
It should be a complete solution with different software guarding all fronts.
And even more than that, having someone you can call and ask about an email that looks suspicious and be sure you will be guided and secure.
If this is the first time you are thinking seriously about this, it can be overwhelming. Let us make it easier for you.
Book a time with our experts for a Free Cyber Assessment and take the first step.
This will identify which gaps are open in your agency and work from there.