If one thing’s for sure, cyber incidents are happening to businesses of all types in Ireland, costing them dearly. Companies and organisations are stung by cyber-related losses like fraudulent wire transfers and ransomware attacks. These attacks mean that while the need for cyber insurance has never been greater, cyber insurers have to look even more carefully at each potential client to make sure they are taking the most basic precautions to protect themselves. Our clients often ask us what types of cybersecurity measures they should adopt as a business to keep their insurance company happy. Here is how businesses are ticking the right boxes for their cyber insurance providers and getting the best price for their policy:
1. Insure that your multi-factor authentication (MFA) is turned on across all critical business software
MFA is an extra layer of security used to verify the person’s identity trying to gain access to an account. This could be anything from a thumbprint to a unique code texted to the individual and is a nearly ubiquitous feature across technology platforms these days. Criminals can quickly gain access to business email accounts without this extra piece of security. This often results in funds transfer fraud losses where money is rerouted to fraudulent bank accounts, leading to ransomware events and significant privacy breaches.
For that reason, cyber security insurance underwriters love when a business has MFA in use across all business email accounts and on other critical business software too.
2. Your system backups comply with best practice
Backup practices vary widely, so cyber insurance underwriters insist on knowing more. How often are they taken? Where are they stored? Cyber-insurance underwriters are keen to see that data is being backed up regularly, segregated from the main network, and stored offline in an offsite location. After all, out-of-date backups or backups stored on the same system as the files they are backing up aren’t much use when the whole system is compromised. Having good backups can be the difference between recovering systems quickly and easily following a ransomware attack and forking out over a six or seven-figure extortion demand to criminals who have encrypted entire systems, including backups.
3. Make sure your systems are running endpoint detection and response (EDR) tools
Firewalls and antivirus software are not enough to ward off today’s more sophisticated cybercriminals. That’s why cyber insurance underwriters like to see businesses using endpoint detection and response (EDR) tools. These apps continuously monitor all devices that can be connected to a network – the figurative doors and windows a business has around its technology infrastructure, ensuring that each is up to date, secure and free of malicious activity. An endpoint might be anything from an employee workstation to a company server to a mobile phone. Enabling EDR means that businesses are alerted if there are any blatant attempts by cybercriminals to breach their systems.
4. Have a data management strategy in place
Underwriters like to be able to quickly understand the types and amounts of data held by any company. But more than that, they want to be able to see that the data is being stored and segregated appropriately. For example, if a business holds 100,000 client records, they like to know that data is split across multiple servers. This means if one server is compromised, not all data is lost at once, reducing the likelihood of a business-ceasing event or catastrophic loss. If a business outsources its data management, as many small businesses do, it’s good to make sure that they have the right authorised access controls in place and that they run security checks on any third-party partners. All of this can indicate overall good cyber hygiene.
5. Show that a good attitude towards risk management is demonstrated
Insurance underwriters want to see evidence of cyber security awareness and training through policies, procedures and best practices. Does the business mention cyber-security in induction manuals? Does the business have policies and procedures in place concerning cyber risk and incident management? Have they put a person in charge of these policies and procedures? Companies and organisations that can prove that they have a good attitude toward cyber risk management will go a long way toward appeasing their cyber insurance underwriter and reducing their insurance policy costs.
6. Check that your unused RDP ports are closed (and open ones are protected)
Remote Desktop Protocol (RDP) allows users to remotely access their office desktop and computing resources. While convenient, especially in the age of working from home, it can also make business networks extremely vulnerable to ransomware attacks if not configured correctly. Over half of the ransomware attacks stem from open RDP ports, making it the single most common cause of these types of events. If RDP is needed, we recommend that it be secured behind a well-configured firewall and enable multi-factor authentication.