Insurance Companies Neglect Basic Email Security
HelpNet Security, Friday, June 23, 2023
Only 3.54% of of insurance companies have correctly implemented basic phishing and spoofing protection, according to EasyDMARC.
Insurers operate using highly sensitive, private information that they've been trusted by clients and customers to protect.
They function in a highly regulated industry, meaning it is even more important that they have access to resources that will protect them and their customers, while remaining compliant with changing security regulations.
The survey reviewed the deployment of the Domain-based Message Authentication, Reporting and Conformance (DMARC) standard among the domains of insurance companies.
First published in 2012, the DMARC standard enables the automatic flagging and removal of receiving emails that are impersonating senders' domains, which is a crucial way to prevent outbound phishing and spoofing attempts.
EasyDMARC's research found that only 22% of the reviewed domains had implemented the decade-old DMARC standard. Of those 2694 institutions, only 699 (26%) had implemented a 'reject' policy that automatically rejects emails imitating a legitimate domain.