DIFS Promotes Cybersecurity Awareness Month to Help Consumers and Businesses Stay Protected

Media Contact: Laura Hall, 517-290-3779, DIFS-Press@michigan.gov
Consumer Hotline: 877-999-6442, Michigan.gov/DIFScomplaints

FOR IMMEDIATE RELEASE: October 8, 2021

(LANSING, MICH) October is Cybersecurity Awareness Month and the Michigan Department of Insurance and Financial Services (DIFS) is encouraging consumers and businesses to take steps to protect themselves and their personal information from cyberattacks.

"There are steps we must all take to ensure that we protect our insurance and financial information," said DIFS Director Anita Fox. "I encourage everyone to set aside time this month to learn more about how to protect their personal information and to take action to establish sound cybersecurity measures."

Many believe that most cybersecurity breaches are the work of sophisticated hackers and foreign agents targeting the elderly or people who are less tech savvy. What people do not know is most successful cyberattacks occur because of a failure to follow well-established cybersecurity practices.

Here are some initial steps that consumers can take to protect themselves and their personal information online:

• Don't access personal or financial information, such as bank accounts, online retail accounts, or medical records when using public Wi-Fi. Only connect to the internet over secure, password-protected networks.
• Password-protect all user accounts and devices that connect to the internet. Do not use the same password twice. Choose a password that means something to you and only you. Use a passphrase, like "Michiganhas1awesomesunsetperday!" to protect your accounts.
• Multifactor authentication offers extra security by requiring an additional step beyond entering a password to log into your account, such as a scan of your fingerprint, retina, or face on a mobile device, a passcode via an authentication app, or security key sent via text message or email.
• Be on the lookout for phishing emails - know the sender and hover over the name to see the address. Confirm the links in the email are legitimate. Do not click on links or pop-ups, open attachments, or respond to emails from strangers. Never use your work email for personal communications.
• Never give any personal/private information such as account numbers or passwords over the phone. Call your financial institution directly if you ever have questions; your financial institution will never call you and ask you for your passwords or account access information.

DIFS is also taking steps to ensure sound cybersecurity practices in the industries it regulates to support its mission of ensuring safe and secure insurance and financial services for Michiganders. The Department recently implemented new data security requirements for licensed insurers and producers under the Michigan Insurance Data Security Law, which requires insurance licensees to establish information security programs and notify DIFS  of a cybersecurity event involving nonpublic information. To further support regulated entities, DIFS has hired an IT Resource Specialist, Jake Martin, who will be responsible for increasing awareness and reducing the impact of IT and cyber risks in the financial services and insurance industries.

DIFS can assist consumers with questions or disputes that cannot be directly resolved with their insurers or financial institutions. Contact DIFS Monday through Friday from 8 a.m. to 5 p.m. at 877-999-6442, or file a complaint at Michigan.gov/DIFScomplaints.

The mission of the Michigan Department of Insurance and Financial Services is to ensure access to safe and secure insurance and financial services fundamental for the opportunity, security, and success of Michigan residents, while fostering economic growth and sustainability in both industries. In addition, the Department provides consumer protection, outreach, and financial literacy and education services to Michigan residents. For more information, visit Michigan.gov/DIFS or follow the Department on Facebook, Twitter, or LinkedIn.

####