As a business owner youneed to hear a simple, clear message when it comes to cybersecurity insurance. Companies that invest in cybersecurity will have an easier time getting insurance and their premiums will be less expensive. The opposite holds true for companies that fail to take cybersecurity seriously.
How Network-iQ can Help Your Company Meet Insurance Requirements to Reduce the Likelyhood of a Denied Claim
Cyber insurance coverage requirements.
In order to determine your premium, coverage limits and what you nered to do to qualify for cyber insurance, most providers will carry out a cyber insurance risk assessment as part of their underwriting process. Depending on the size of your company, this process can range from a questionnaire to a detailed analysis carried out over multiple weeks by a cyber security firm. Regular check-ups and reassessments are also possible.
To keep risks at an acceptable level, policyholders are required to meet basic IT security standards in order to qualify for cyber insurance. At a minimum, a company interested in buying cyber insurance must have the following safety measures in place:
Use multi-factor (MFA) authentication in every situation it can be applied.
This is one of the simplest, yet most effective, actions that any organization can take to protect themselves. If you’re not enabling it, you’re essentially leaving your doors unlocked. MFA protects your applications by using a second source of validation, like a phone or token, to verify user identity before granting access.
Conduct an annual comprehensive risk assessment. This will help identify your cyber risk in the same way you would identify problems with your plumbing or electrical. But identifying risks doesn’t mean much without taking the next step—so be sure your risk assessment is followed by a detailed plan of action.
Require security awareness training for all staff. The most significant vulnerability in your network is your people. Teaching them the basics, and also building a culture of cybersecurity within your organization will help to greatly reduce risk.
Mandate secure remote access or VPN connections or setup a Virtual Desktop Infrastructure (VDI)
With remote work here to stay, this is more important than ever. Using home networks or public WiFi networks can increase risk and exposure—but ensuring secure access can reduce this risk.
All PCs must be equipped with endpoint protection (antivirus/antimalware) and it must be kept up to date. This simple requirement is often not met as ensuring it is up to date is left in the hands of the end user. It must be centrally managed to ensure it has the latest information to combat malware.
Targeted phishing emails have become one of the top three sources of stolen credentials. an employee to grant funds or access to the external hacker. Anti-phishing technology combined with ongoing employee training to identify phishing emails can reduce the possibility of this kind of breach.
The company network must be protected using a next generation firewall.
Business data must be regularly backed up using external media and/or a secure cloud service.
Backups should be designed in specific ways that prevent malware from infecting them and depending on your regulatory or insurance requirements, they must meet standards for archiving and curation.
User access rights and permissions must follow a secure provisioning process. All logins and access to files must be logged and monitored for any changes or breeches in access privileges.
Network-iQ employs a Zero Trust platform for meeting these requirements.
Documentation for policies, procedures, and network information must be created, maintained, and reviewed for accuracy, consistency, and relevancy. In many cases, an insurance or compliance auditor will first ask for copies of your documentation. This will include employee computer access policies, written security policies, password policies, facility access policies and all of the documentation on related procedures. Without these documents it is possible you may find a rejection of your claim - or in the case of regulatory compliance - your company may be facing fines for non-compliance.
Password Management is increasingly becoming a requirement of cybersecurity insurance underwriters. Weak, re-used, and slightly altered passwords are among the top cited vulnerabilities. A proper password management policy and management system is crucial to a secure network. Good password management will also including password auditing and logging.