The cyber insurance industry has changed dramatically in the past few years due to the explosion in security claims. As a result, many of the largest cyber insurers have imposed minimum security requirements.
Here are steps to improve your readiness, prepare your team, and meet the minimum security requirements for coverage.
- Enable Multi-factor Authorization – MFA is a security control that can reduce risks across your organization significantly reducing phishing attempts and ransomware.
- Create and Test Incident Response Protocols – An incident response plan can help you identify, respond, and recover from cybersecurity incidents. Plans should be regularly tested using real-world scenarios.
- Block Remote Access Ports at the Firewall – Allowing remote desktop access from the public internet to corporate networks is a major vulnerability. Implementing a VPN or other network filtering device can reduce attacks significantly.
- Create Encrypted, “Air-Gapped” Backups – Backups should be encrypted and air-gapped. Offsite storage means that your data is safe from anyone without physical access.
- Remove End-of-Life Devices and Software – Legacy systems are commonly targeted by hackers. For mission-critical systems that are no longer upgradeable, implement controls to alert you to suspicious activity.
- Implement Advanced Endpoint Detection and Response (EDR) Solutions – Many EDR solutions leverage machine learning to identify and prevent malware from engaging, even if it has never been identified.
- Enable Logs – Endpoint servers and network equipment can produce logs that are beneficial in the event of an incident. Most also have the capability to send them to a centralized logging platform for storage and threat correlation.
- Conduct Regular Awareness Training – Regular training can help your team recognize and respond to any incident from phishing and social engineering attacks to a network breach.
- Implement a Patch Management Program – A patch management program should include policies and mechanisms to keep all systems and commonly used software updated promptly.
- Deploy a Strong Password Program and a Password Manager – A password manager can reduce weak password risks. Employees can generate strong, unique passwords for each site they access.
These steps are the minimum security precautions necessary to be eligible for cybersecurity coverage with most major insurers. Taking these steps will make you eligible for insurance, but they will also help protect your business from bad actors.
About NATIONAL
Committed to their customers since 1927, NATIONAL offers a range of Managed Services including IT Support and Augmentation, Cybersecurity, UCaaS, Managed Print, Document Management as well as VoIP/Telephony, Cloud Services, Printers, Copiers, MFPs, Product Print Equipment and SmartBoards.
For the latest industry trends and technology insights visit NATIONAL’s Business Technology Theater.
