What cyber security measures are insurers looking for?
There is a list of actions businesses should consider when working to protect against cyber attacks and deter cyber criminals. These processes and techniques will all but assure security, with most only requiring minor adjustments to be implemented.
Another important reason why businesses should employ these preventative processes is because insurers and underwriters will factor these controls into their decision-making. These processes help businesses monitor control issues and work to minimise risk.
As a broker, our mission is to help businesses minimise risks and provide information on what insurers are focussing on. Hence, we have laid out these processes below with some explanation as to how they can be effectively implemented.
1. Multi-factor Authentication
Control access to your systems more acutely with multi-factor authentication, also known as MFA. This is an authentication method that requires the user to provide two or more verification factors to gain access. This means a stolen phone or laptop hard drive won’t be enough for criminals to access your systems. It secures the environment without requiring resets or complex policies. Most insurers are now making this a requirement to access cyber cover, meaning without utilising MFA, you either won’t be able to access cover, or won’t get your claims paid.
2. Secured and Tested Backups
A tactic for attackers is to try to eliminate any opportunities for resets by deleting backups. This will then make ransomware extremely capable of bringing down your business operations. Therefore businesses need to keep up to date backups, and keep them secure. Encrypt your backups and also isolate them from the network so they cannot be accessed online. Regularly test your backups to ensure they can be used in the event of a crisis.
3. Find vulnerabilities with penetration testing
Annual penetrate testing helps to find the vulnerabilities in your software. Make sure you find them before somebody else does.
Regular scans help you understand how a cyber criminal would gain access to your systems if they planned a targeted attack. Creating practices and procedures to ensure this is done regularly should be added to your risk management plan.
4. Filter emails
The primary and most common way hackers infect your systems is by sending links and data requests through emails. Don’t give your employees any opportunity to fall victim to these scams by filtering emails. This is the first line of defence and should easily test and block most malicious content.
5. Update systems
Regular updates are annoying but necessary. Keeping your systems updated will stop hackers exploiting old loopholes and gaps which have since been patched. Make sure you add this to your risk management plan as a regular practice to maintain. Mandatory updates from developers should also be conducted as it often means a patched hole or system weakness being resolved.
6. Limit number of admin accounts
The most important accounts, admin accounts and super admin accounts, should be limited in order to protect access. Fewer admin accounts means less risk of being victim to rogue employees or infiltration.
7. Incident response plans
Having an incident response plan in place is something we, as your broker, will strongly suggest and help you to set up. They are necessary to improve your quality of response to cyber incidents. It will also help to limit your overall cost of cyber security. Incident response plan should be tested, at least annually, and reviewed by your broker.
8. Protect Network
All businesses should be utilising firewalls. A firewall is a barrier that sits between a private internal network and the public Internet. Ensuring firewalls are up to date and healthy through the use of penetrative testing is imperative to maintaining a secure network.
9. Monitor Network
Your network should also be monitored constantly to ensure it is secure. Your IP address can be hidden through the use of a VPN. Tracking your bandwidth usage will help to uncover network issues and to discover if more than the intended number of devices are utilising your network. More devices or rogue devices will increase your company’s risk of a breach.
10. Anti-virus software
A whole host of anti-malware options are now available and choosing the correct one and keeping it up to date is essential. Prevent a data leak by having comprehensive anti-virus solutions installed and on-hand.
11. Don’t use default settings
Many businesses have operators that work on the road who are given phones and tablets for business use. These devices have extraordinary amounts of valuable customer data that can be easily hacked into and accessed. It’s just a matter of rogue individuals getting their hands on their device or utilising unprotected Wi-Fi.
To secure these devices, or harden as it’s known to be called, administrators should turn off or delete non-essential services and apps, use extended passwords and a password manager, ensure updates are only performed on your own network, and create a policy that prohibits employees from improper use of the device. This should help minimise the risk of data being stolen or devices being replaced.
12. Educate the workforce
The number one-way firms are being put at risk is through a poorly-educated and negligent workforce. No amount of technology can cater for an employee who falls for every trick in the book. Effective education is paramount for security as there will always be attackers that are out to deceive people. Combat phishing by ensuring your people remain vigilant.
The Broker's Dozen - 13. Use a broker
Broker’s will do a multitude of things for a client across all different fields, including helping to minimise cyber risks and reduce premiums. We will provide advice and guidance on cyber protocols that should be implemented, and be able to pick out gaps in your risk management plan. For comprehensive cyber insurance that will cover your finances in the event of a breach, there is no other option than to use an effective successful broker such as Romero Insurance Brokers.