If one thing’s for sure, cyber incidents are happening to businesses of all types in Ireland, costing them dearly. Companies and organisations are stung by cyber-related losses like fraudulent wire transfers and ransomware attacks. These attacks mean that while the need for cyber insurance has never been greater, cyber insurers have to look even more carefully at each potential client to make sure they are taking the most basic precautions to protect themselves. Our clients often ask us what types of cybersecurity measures they should adopt as a business to keep their insurance company happy. Here is how businesses are ticking the right boxes for their cyber insurance providers and getting the best price for their policy:
1. Insure that your multi-factor authentication (MFA) is turned on across all critical business software
MFA is an extra layer of security used to verify the person’s identity trying to gain access to an account. This could be anything from a thumbprint to a unique code texted to the individual and is a nearly ubiquitous feature across technology platforms these days. Criminals can quickly gain access to business email accounts without this extra piece of security. This often results in funds transfer fraud losses where money is rerouted to fraudulent bank accounts, leading to ransomware events and significant privacy breaches.
For that reason, cyber security insurance underwriters love when a business has MFA in use across all business email accounts and on other critical business software too.
2. Your system backups comply with best practice
Backup practices vary widely, so cyber insurance underwriters insist on knowing more. How often are they taken? Where are they stored? Cyber-insurance underwriters are keen to see that data is being backed up regularly, segregated from the main network, and stored offline in an offsite location. After all, out-of-date backups or backups stored on the same system as the files they are backing up aren’t much use when the whole system is compromised. Having good backups can be the difference between recovering systems quickly and easily following a ransomware attack and forking out over a six or seven-figure extortion demand to criminals who have encrypted entire systems, including backups.
3. Make sure your systems are running endpoint detection and response (EDR) tools
Firewalls and antivirus software are not enough to ward off today’s more sophisticated cybercriminals. That’s why cyber insurance underwriters like to see businesses using endpoint detection and response (EDR) tools. These apps continuously monitor all devices that can be connected to a network – the figurative doors and windows a business has around its technology infrastructure, ensuring that each is up to date, secure and free of malicious activity. An endpoint might be anything from an employee workstation to a company server to a mobile phone. Enabling EDR means that businesses are alerted if there are any blatant attempts by cybercriminals to breach their systems.
4. Have a data management strategy in place
Underwriters like to be able to quickly understand the types and amounts of data held by any company. But more than that, they want to be able to see that the data is being stored and segregated appropriately. For example, if a business holds 100,000 client records, they like to know that data is split across multiple servers. This means if one server is compromised, not all data is lost at once, reducing the likelihood of a business-ceasing event or catastrophic loss. If a business outsources its data management, as many small businesses do, it’s good to make sure that they have the right authorised access controls in place and that they run security checks on any third-party partners. All of this can indicate overall good cyber hygiene.
5. Show that a good attitude towards risk management is demonstrated
Insurance underwriters want to see evidence of cyber security awareness and training through policies, procedures and best practices. Does the business mention cyber-security in induction manuals? Does the business have policies and procedures in place concerning cyber risk and incident management? Have they put a person in charge of these policies and procedures? Companies and organisations that can prove that they have a good attitude toward cyber risk management will go a long way toward appeasing their cyber insurance underwriter and reducing their insurance policy costs.
6. Check that your unused RDP ports are closed (and open ones are protected)
Remote Desktop Protocol (RDP) allows users to remotely access their office desktop and computing resources. While convenient, especially in the age of working from home, it can also make business networks extremely vulnerable to ransomware attacks if not configured correctly. Over half of the ransomware attacks stem from open RDP ports, making it the single most common cause of these types of events. If RDP is needed, we recommend that it be secured behind a well-configured firewall and enable multi-factor authentication.
In the podcast, we talk to an IT Specialist (Joe McGivern) about the importance of cyber insurance and what cyber insurers are looking for in potential clients. We get an in-depth look at the procedures that every company should have in place to protect their data and their infrastructure. Joe gives us lots of advice about what everyone should be doing to protect their data, like regularly patching, the latest anti-virus, storing your data in different locations, a well-configured Firewall, and multi-factor authentication.
Cyber insurers are looking for good practice. They are looking to see your approach to data management and backups, patch management, anti-virus and anti-spam, and access control. They also want you to show evidence of Cyber security awareness and training through policies, procedures and best practices.
If you are a client of supportIT, we can do a lot of that for you using our remote management tool. If you have Office 365, you can pull reports to show the protocols you have in place like multi-factor identification; data classification best practices and strong passwords policies. Training and induction records will show best practices around security awareness training.
Insurance Brokers are looking for best practices. As part of our standard contracts, we produce health reports each month to show the status of hardware. Brokers are interested in this data because it shows security best practices.
The main objective for cyber security is to have as many layers of protection as possible and to have staff trained to recognise any threats on your network. Firstly you must know where your data is located, what type of data you have and who has access to it. A good practice to have implemented is data classification; this will have different security procedures in place depending on the nature of the data. Another good practice is patch management to ensure the machines are up to date and have the latest anti-virus software installed, plus the latest third party updates available.
It all comes down to data; if you have anti-virus software and firewalls but no data to protect it, then it’s pointless. However, if you have a significant source of data and sensitive data, then good management is paramount. You should have it in the cloud, backed up on an internal and offline server in separate locations to maximise the security and safety of the information. Understanding the type of data and the GDPR around this is crucial; if the data is no longer required, remove it from your network to be as efficient as possible.
If you are a company with data of any kind, you will need cyber insurance to protect the data and your business. Five years ago, only certain companies needed cyber insurance; however, in recent times, many companies have moved their workforce online, which has increased the need for it. Also, with the new rules around GDPR, the need to secure your data and have a contingency plan will only become more paramount in the coming years.
Find out how we can support your business, email us at enquire@supportIT.ie or Low-Call 1800 887 818.