Make sure to get your cyber house in order ahead of the holiday season.
By Bryan Johnson, IT Director, Alliant National Title Insurance Company
It’s that time of year again. Another summer has come and gone. The days are getting shorter. And soon, we will all be caught up in the hustle and bustle of the holiday season. That’s why it’s important to embrace Cybersecurity Awareness Month while we still can. For 20 years each October, Cybersecurity Awareness Month has served as an important moment for businesses to stop and assess their current cybersecurity setup. Follow along to see how you can use this moment to reduce your risk exposure. That way, you and your business can be on a better footing as we approach the new year.
Building a cyber strong America
One of the best ways you can become more cyber secure this October is by checking out the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA). Each year during Cybersecurity Awareness Month, CISA puts out a public awareness campaign organized around a core theme. This year’s topic is “Building a cyber strong America.” Although geared specifically toward businesses that deal with “critical infrastructure” like telecommunications, energy, and transportation, the campaign is packed with helpful safety tips that are relevant for the title industry as well.
Don’t get phished
One of the first tips mentioned in CISA’s campaign is to avoid phishing. Data suggests that phishing email activity has grown by nearly 18% in 2025, with insurance being one of the primary industries targeted by scammers. Phishing attacks aren’t just growing in quantity. Their cost is similarly skyrocketing, coming in at the hefty average sum of $4.88 million. The silver lining to this gloomy picture is that there are tried and true methods for mitigating such risk. Given that 90% of attacks involve human error, educating your staff on the perils of phishing can go a long way toward keeping your business safe.
Require MFA and strong passwords
It may seem simple, but one of the best ways to protect your organization still comes down to strong passwords. The CISA campaign rightfully points out that password best practices should always include multi-factor authentication as well. Other essential steps to follow include using long phrases, with the minimum being between 12-16 characters. No matter how annoying it is to remember multiple passwords, you should never reuse a password across sites. One breach could set off a chain reaction that leaves your entire system compromised.
In 2025, it’s also wise for title agencies to ditch password recovery questions altogether. Fraudsters have gotten really good at guessing common questions like “What is your mother’s maiden name?” Such information is often readily available online.
You must also secure the password reset process. Use an authenticator or passkey instead of text messages. Also, add a dedicated recovery email and create backup codes to store in your password manager. Attackers, you see, often target resets, so protecting that path is just as important as the password itself.
Additional precautions
Once you’ve mastered the basics, CISA outlines additional safeguards you can deploy to strengthen your cybersecurity position, such as:
- Encryption: For many industries, but particularly for data heavy fields like title insurance, encryption technologies are an essential tool for protecting customers and transactions. Ensure you have encryption deployed across your organization, and check out our piece on client-side encryption to learn how it can further reinforce your security.
- Data backups: A cornerstone of robust cybersecurity isefficient and consistent data backups, specifically the 3-2-1 backup rule. This data protection strategy recommends keeping three copies of your data: one original and two backups. These backups should be stored on two different types of media, with one copy kept offsite or in the cloud to protect against local disasters. Malware scanning and immutability should also be employed to reinforce your overall strategy.
All of this ensures you can minimize your organization’s downtime, prevent data loss and maintain customer trust. Thankfully, it has become easier than ever to automate your backups, which is great for peace of mind.
- System monitoring: To effectively monitor your systems, it is best practice to deploy a multi-level approach involving robust threat intelligence, detection and incident response. Putting up multiple layers of defense ensures that even today’s most insidious attackers will face an uphill battle to breach your systems.
Take action now for a cyber strong agency
By the time you read this, you will probably already be putting plans in place for your holiday season. Maybe those involve shopping or cooking. Maybe they involve booking a flight or two. But as important as those plans are, the cybersecurity of your agency is equally pertinent. Act now by following the advice detailed on CISA’s website and on this very blog. Then you can put your feet up during the holidays and congratulate yourself on a job well done.
