If your organization isn’t practicing basic security hygiene, you may not have access to cyber liability insurance. Most underwriters require the businesses they work with to implement cybersecurity best practices in the following areas before they will consider offering a policy:
1. Provide Employee Training on Best Cyber Practices
Your employees represent a critical line of defense against relentless phishing attempts carefully designed to gain access to your (and your customers’) sensitive data and information systems.
Each email they receive may be a threat, so it’s important to remind your team to be cautious with all messages, even from people they have previously communicated with and trust. When viewing email, remind your employees to think before they act, and report suspicious messages immediately.
Unfortunately, even our best efforts at protection will fail if our employees are not educated on what's expected of them and required to comply. Implement mandatory training to help your employees identify phishing attempts.
Related Reading: #FightThePhish: Tips for Combating Today’s Top Cybersecurity Threat
It’s also important to teach employees the importance of using complex passwords that are changed regularly. Generally, a password of eight or more characters, with both upper- and lower-case letters and at least one number, is considered strong. Require employees to change their passwords every two to three months.
2. Implement E-mail Filtering Solutions
Cyber liability carriers expect organizations to have processes in place for:
- Identifying spam
- Classifying email as External vs. Internal
- Recognizing personal identifiable information (PII) such as social security numbers, account information, and client data—especially on any outgoing emails—and providing encryption solutions
3. Implement Rigorous MFA Controls
According to Fortinet’s 2021 Ransomware Survey Report, the prevalence of ransomware grew by 1,070% between July 2020 and June 2021. About half (48%) of ransomware attack victims in the study reported that attacks caused significant operational downtime, exposure of sensitive data, and reputational damage.
Additionally, 61% of security leaders identify cloud infrastructure and applications as the feature of the digital environment most susceptible to attack, followed by networks. About half point to email and collaboration tools—the instruments of remote work— as their most vulnerable digital feature.
To combat these threats, businesses should:
- Adopt “zero trust” principles
- Create privileged user accounts (separate privileged users where a single user holds all the “keys to the kingdom”)
- Implement network segmentation both physically and virtually
- Provide MFA for remote access to computer systems by employees
- Provide MFA for all access to computer systems and software by vendors and independent contractors
- Provide MFA to users when accessing email remotely
- Implement MFA when employees are accessing cloud resources
- Disable all remote desktop protocol (RDP) ports and remote desktop gateways
- Implement daily backups and provide MFA for users to access
4. Implement Endpoint Detection & Response (EDR)
Businesses should consider using anti-malware tools to deliver threat protection solutions across the entire enterprise.
5. Implement a Patch Management Program—And Stick to It
Every time a software manufacturer releases a new version, it will include fixes and updates that "patch holes" and prevent hackers from accessing your systems. Be sure to update all your systems and software to the latest versions whenever available and install patches regularly. Just one outdated computer provides a criminal with easy access to your records, files, and customer data.
6. Implement External Penetration Testing
Your IT team should develop a process for implementing external penetration testing at least once per year.
With cyberattacks at an all-time high, cyber liability insurance is more critical than ever for business owners. Like other forms of insurance, you need protection before an incident occurs. While it may be impossible to completely protect your organization from a cybersecurity breach, you can help protect your business from the aftermath by having a comprehensive cyber liability insurance policy.
We can provide you with a free analysis of your current cyber liability insurance, or if you don’t have one, we can develop a policy that’s tailored to your business needs.
Let Us Know What You Thought about this Post.
Put your Comment Below.