We rely on the internet every day, whether we are logging into carrier platforms or managing our own agency systems. And while that access is essential, it also comes with risk. Bad actors are constantly looking for ways to access sensitive data, which makes protecting client information a responsibility every agency shares. 

Most agencies are not IT experts, and they should not have to be. That is why we rely on tools like VPNs and antivirus software to help protect our systems. We also rely on those vendors to keep their products secure and clearly communicate when action is needed. When a vulnerability is identified, especially one that is not fully understood, it can create confusion and leave agencies exposed. 

That is exactly what happened with a SonicWall vulnerability first disclosed in August 2024. The issue, known as CVE-2024-40766, involved improper access control that could allow unauthorized access to devices. SonicWall issued guidance at the time, including upgrading to newer systems and implementing security steps such as multi-factor authentication (MFA). However, the connection between the vulnerability and MFA was not clearly explained, which led to confusion. 

In some cases, agencies disabled MFA after making system updates because they believed it contributed to the issue. As a result, some systems became more vulnerable. Reports later confirmed that attacks tied to this vulnerability continued into 2025. 

Because of how widely SonicWall is used across agencies, OIA worked to better understand the issue and help clarify what actions should be taken. We partnered with Beazley and Arlington/Roe to break down the technical details and provide clear direction. 

Here is the key takeaway: MFA is still essential. 

According to Beazley, MFA remains a critical security control for SonicWall VPNs, even with the known vulnerabilities. While attackers have attempted to bypass it in some cases, removing MFA entirely leaves systems exposed to common attacks like credential theft and password guessing. 

What actually caused the issue? 

• The vulnerability was tied to improper access control, not a failure of MFA 
• Attackers primarily targeted weak or reused passwords, especially during system migrations 
• Systems with outdated or unchanged passwords were at the highest risk 

What should agencies do now? 

• Make sure MFA is enabled on all systems 
• Update and patch SonicWall devices 
• Reset all local user passwords, especially after system upgrades 
• Confirm security features like botnet filtering are active 

The bottom line is simple. The issue was addressed through software updates and stronger password controls, not by removing MFA. 

If your agency uses SonicWall, now is a good time to check your systems. Work with your IT provider or visit MySonicWall.com to confirm your devices are updated and secure. SonicWall also provides tools to help reset credentials and identify any areas that need attention. 

If you have a cyber policy with Beazley, you can also access their risk management resources for additional support. If you would like help reviewing your coverage, OIA is here to assist.

Cybersecurity may not be your primary role, but it is an important part of protecting your business and your clients. Tools like MFA are a simple but powerful way to reduce risk and strengthen your agency’s defenses. 

If you have questions about cybersecurity or cyber coverage, reach out to OIA at (800) 555-1742 or directly at katie@ohioinsuranceagents.com. We are here to help you take practical steps to stay protected.