If you’re a business owner, you’ve probably heard quite a bit lately about cyber insurance. Not only are you hearing about the usual stats about cyber attack this and cyber breach that, but now the difficulty in even being able to get cyber insurance coverage for your business. So, what does it actually mean to be “Cyber Insurance Ready”? How do you prepare yourself, your employees, and your organization to be in the best position to get a cyber insurance quote? And how will being cyber ready protect you in the future from things like hacks, ransomware, social engineering, and phishing schemes (just to name a few)?
We’ve partnered with Fortify, our network solutions provider, to run down the nine key areas to focus on before your application for cyber insurance is submitted. Many insurance companies are saying the following are now the bare minimum “table stakes” for organizations to get the proper cyber insurance coverage:
1. Access Control
Providing a barrier to entry is the first step to ensure you don’t have a security breach within your IT systems. Think everything from good password practices like frequent forced changes, complexity requirements to tools like multi-factor authentication. Also, your remote access security is more important than ever with work from home and hybrid working arrangements being so prominent these days.
Does your system have a firewall implemented and is it being actively managed and monitored? All of your web content and internet traffic (including emails) needs to be filtered to protect your IT environment. Having firewalls and an intrusion detection system in place are the basics to help ensure you keep the bad actors out.
3. Patch & Update
Sure, you have everything set up and running smoothly now, but with technology things are constantly evolving. That means regularly used software and security systems need to be patched and updated regularly. These include operating systems (both servers and workstations), applications, and devices that connect within your network. Updating software as soon as possible after a patch is released is essential to a good maintenance routine.
Think of your data as the pot of gold at the end of the rainbow. This is what cyber criminals are after and the reason you’re investing in security measures to prevent their access. First, ensure your databases are encrypted at rest and that backups are frequent and securely transferred offsite. You will also want to regularly test the restoration of your data and critical servers from backup, to make sure your business continuity plan will work when you need it.
5. Monitor & Scanning
Network monitoring and vulnerability scanning are critical to ensure everything is running as it should. Deploy penetration testing to scan for vulnerabilities which could be used to break into your network and exploit those weaknesses. Then be sure to work with your IT security consultant to fix any of those vulnerabilities. Regular scanning will keep you on top of evolving security risks within your network. Finally, a security operations centre is important to have in place if an attack occurs.
6. Documentation & Process
Any good process will have a business continuity and disaster recovery plan, in case the worst-case scenario happens. Internal policies should be in place and understood to cover email and internet usage, including social media. It’s also important have incident response plans and security policies so you know not only how your information is being secured and stored, but how to respond when a cyber breach occurs.
Most people have become familiar with the spam emails that enter our inboxes from time to time. Some are obvious giveaways, while others can be very convincing. Ultimately, these fraudulent messages are meant to invade your network, installing malicious code, and/or separate you from your money. Similar to the other attack types, cyber criminals are always becoming more sophisticated with their email attempts. That’s why it’s important to have email filtering services scanning for threats, spam, and risky attachments. Other defences include email authentication/validation protocols in place, such as SPF, DKIM, Sender ID, or DMARC.
8. People & Behaviour
The importance of education cannot be overestimated. A business can have all the best security software and practices in place, but at the end of the day the last line of defence are your people: your employees who are using the technology on a daily basis. Most people believe that they won’t become a victim of a cyber crime, but sophisticated attackers know that a chain is only as strong as its weakest link (i.e. a vulnerable user). Programs like regularly scheduled cybersecurity awareness training and testing help strengthen that ‘chain’. Also, don’t forget about your physical building and its security measures such as barriers to server rooms and other valuable spaces.
9. Device Security
Just as important as the person using the device is that device’s security. Think virus and malware protection for servers, computers, and any other end-user devices. Implement endpoint detections and response software and encryption on all levels of connected devices in your network. Keep in mind mobile devices: how they are secured and how they can access the network and servers. Finally, keep track of older devices and retired technology assets. Be sure to properly store or dispose of obsolete devices in a way that ensures sensitive data is destroyed.
The world of cyber threats and cyber insurance is complex and always evolving. For more details, visit our new Cyber Insurance page outlining important categories to address to ensure your business is prepared and cyber secure.
Working with a broker brings experience, expertise, and advocacy to you and your organization. With an individual broker, they learn your business, provide recommendations, and you have the ability to personalize insurance solutions for your unique needs. Find out why there are 7 Really Good Reasons to use an Insurance Broker.
. . .
Be Wise. Staebler Insurance is a general insurance broker specializing in auto insurance, home insurance, small business, and commercial insurance. Staebler brokers proudly serve Kitchener, Waterloo, Cambridge, Guelph, Stratford, Listowel, Fergus, Elora, Wellington County, Perth County, Waterloo Region and southern Ontario. Get started with a free quote today.