In the cyber insurance market, insureds need to have a laser focus on putting cybersecurity protocols, procedures, and measures into place to protect their businesses. Not having the proper protocols in place puts your business at risk of a cyberattack.
Equally as important is being able to effectively purchase a financial backstop, namely cyber insurance, which is made easier when implementing protocols. While there are several ways to protect yourself against a cyber threat, the following are five important protocols that every company should implement.
Important Protocols in Cybersecurity
Multifactor Authentication:
Authentication commonly requires a username and password, but multifactor authentication includes an additional step. This additional step could require biometrics, such as a fingerprint or facial scan, or a generated token. A generated token is the most common route and can be generated by an app on your phone or computer.
Multifactor authentication is important in accessing email, especially if it’s being accessed through a web portal. It is also important when gaining remote access, meaning anytime you’re accessing your network outside of the firewall. Another key area is multifactor authentication for all privileged users and privileged access. This includes anyone with elevated user privileges when they log into a different system or machine, such as an employee on the IT team.
Endpoint Detection and Response:
Endpoint detection and response is an outcropping of antivirus. Antivirus software knows what key threats to look for within the system and stops them once they pop up. Unfortunately, threat actors are using methods that antivirus software may not recognize; This is where endpoint detection and response comes in. EDR looks at your system, gauges whether there’s any unusual activity, malicious code or software, and then alerts you to the threat.
Backups:
Robust backups that are both protected by multifactor authentication and air-gapped are critical to cybersecurity. Air-gapped means the backups are offline and “read-only,” meaning users can’t come in and make unwanted changes to the backups. One of the key procedures that carriers are looking for is testing the backup by bringing it into the environment and relying upon it. Backups should be tested once or twice a year to ensure that everything is working as it should be.
User Training:
Make sure all users are properly trained. Knowledgeable users are an incredibly effective defense system. Make sure that users are utilizing multifactor authentication when accessing their accounts. Training users on cybersecurity can include watching videos, sending practice phishing emails, and sharing cybersecurity policies.
Incident Response:
Have a plan in place and practice it. Work with your broker, lawyer and/or consultant or internal team to know what resources are available to you and become acquainted with those resources before having an incident. This way, if an incident were to occur, you could respond quickly and mitigate risk more effectively. In addition to the other protocols mentioned above, having a plan can save your company from a financial headache.
Although there are other items to implement, the mentioned focus areas are high-stakes, and the baseline that carriers seek in cyber insurance. With these protocols in place, you’re more likely to receive better coverage options from multiple carriers. Not having these protocols in place can cause a struggle to find a carrier.
Keeping Cybersecurity on Your Radar
Brokers and insureds alike should not let cybersecurity fall by the wayside. The rate at which cyber changes means the best thing one can do is stay up to date. By implementing these five key protocols, you’ll be one step ahead. It’s easy to forget the dangers when all is quiet, but it only takes one bad actor to throw a company’s system into disarray.
Material posted on this website is for informational purposes only and does not constitute a legal opinion or medical advice. Contact your legal representative or medical professional for information specific to your legal or medical needs.