What IT security do you need to reduce your Cyber Insurance costs?
With cyber attacks on the rise, many companies have included cyber insurance as part of their IT security plan. Here is the IT security you need before you opt for cyber insurance.
The proliferation in the scale and sophistication of cyber attacks has alarmed many businesses. One logical option that organisations are exploring is to seek cyber insurance cover, so that if a breach happens, there is an avenue available to recover some of the financial losses associated with an attack.
However, actually obtaining cyber insurance from a provider is becoming an increasing challenge, as insurance underwriters now look to understand what IT security measures are in place before offering any level of cover. Additionally, the cost of insuring your company maybe prove to be prohibitive. Below is a list of some controls that cyber insurers are likely to look for before issuing a quotation to your organisation.
1. Multi Factor Authentication (MFA)
In 2020, 81% of data breaches were due to compromised credentials. Often the nature of these credentials being compromised is due to employee failings when creating and managing secure passwords or a brute force attack by hackers. Implementing a sign-in process that goes beyond simple password entry can massively help mitigate against a breach. Having an employee take a second step in authenticating themselves, often via a separate app on a different device, massively reduces the risk of a breach being caused by compromised credentials. It is extremely difficult to obtain cyber insurance without MFA being in place.
2. Network access controls
With employees increasingly being encouraged to access corporate information on personal devices, controlling what can and cannot access your infrastructure is becoming increasingly complex and important. A robust network access control system (also known as Conditional Access) will effectively limit access to your network to devices and users that are compliant with security policies and have the correct authorisations.
3. Secure backups
One obvious way to make yourself more secure from an attack is to duplicate your data and store it remotely as a backup. Although backups are now becoming another part of the attack pattern of hackers, having a robust backup system in place can help mitigate the impact of a breach and also dramatically reduce the amount of time it takes your business to return to normal operations. An immutable backup is a data backup that cannot be altered in any way; nobody can gain access to, lock access to or destroy an immutable backup. Making your backups immutable is considered the most effective way of securing your backups from attacks.
4. Email security
Everyone knows, or should know by now, that email is the number one threat vector for almost all of the malicious attempts to gain access to your IT systems. Attackers use relatively sophisticated methods via email to target people’s lack of education and curiosity as things drop into their inbox. One wrong click on a suspect link or attachment can be all that is needed to compromise your security posture. Email security can often be easily improved via an existing Microsoft Office 365 or Microsoft 365 licence, where the technology just needs to be deployed.
5. Secure remote access
Since the COVID-19 pandemic, remote working has become an increasingly common business practice. Employees expect to be able to work from the office, home, coffee shop, hotel, and airport with equal ease. Employers need to ensure that this can be done in a way that does not compromise IT security. Secure remote access is the use of a number of tools to make the above possible. It puts in place a system where users can have a location-agnostic experience while accessing centralised applications, databases, resources, and systems, whether they are on premises or in the cloud.
While cyber insurance may not be the right fit for everyone due to the cost of implementing the requisite IT security features or the cost of cover itself, it is certainly something every company needs to consider and decide upon.
And, regardless of whether cyber insurance is what your company needs, implementing some or all of the above standard IT security features will absolutely reduce your risk of being successfully attacked. If you have any questions about any of the above technologies and services, or are concerned about cyber security and cyber insurance in general, contact our team of friendly and knowledgeable experts who can guide you on the path to a safer future for your business.
Question?
Our specialists have the answer