By Trent Cooksley, Cowbell Cyber Co-Founder & COO
Businesses of all sizes are facing a cyber pandemic with ransomware and other malicious attacks on the rise. Cyber insurance, which helps organizations return to normal operations faster in the aftermath of an incident, is also facing a turning point with the rise of claims – both in frequency and severity. As a result, cyber insurance providers have a longer checklist than ever for prospective policyholders. The good news is that many of the strategies and tools that companies use to improve security hygiene are relatively easy to implement. The typical requirements for policyholders to ensure insurability:
- Multi-Factor Authentication (MFA)
MFA requires the user to confirm a log-in on a device through another device. For instance, if you log into your bank’s website on your PC, you will be sent a code via text message or email that you will have to enter in order to gain access to your account. MFA is available with most online services out-of-the-box at no charge with the option to enforce MFA for all users. All administrators of online services (Microsoft 365, GMail, CRM systems, online banking, cloud infrastructure, website, and so on) should make MFA mandatory, without exceptions. As one of the easiest steps that organizations can take to protect their digital assets, it’s no surprise that most cyber insurers require it.
Encrypted backups of your systems and data are crucial to getting your organization back up and running following a cyber attack. However, those backups need to be recent. It is recommended to perform backups at least bi-weekly, but preferably weekly. Those backups should be stored in a separated environment, ideally not connected to the internet, where it is safe from cyber criminals.
- Double Authorization Check for Wire Transfer
Most businesses operate using payment through wire transfer. In order to keep any transfer secure, it’s recommended to use double authorization. Double authorization is an internal security tool that allows small business banking customers to require certain types of activities and transactions to have a second user’s credentials approve a submitted transaction.
- Incident Response Plan
An incident response plan should be in place to help you recover as quickly as possible. In case of a cyberattack employees should know right away, whom to call, what steps to take (or not to take, like engaging directly in ransom negotiations), what information to collect. This should all be laid out before an actual incident. Cyberattacks are a time of crisis and making sure people have clear directions and help in the immediate aftermath. The cyber incident response plan should be clear with key personnel identified to carry out specific tasks and responsibilities the second a cyberattack hits. It should also include specific actions to take for ransomware events. The incident plan is a living document that also needs to be tested and updated on a regular basis.
- Cybersecurity Awareness Training
According to a recent study from Computer Disposals, 95% of employees fail to consistently spot phishing emails. In fact, a global survey by ThycoticCentrify notes that only 44% of respondents received cybersecurity training in the past year. Cybercriminals are becoming more sophisticated in deploying malicious messages that seem authentic to a wide audience, waiting for one of the receivers to make a mistake. The attackers often try to establish trust by impersonating someone well-known in the company (i.e. a boss requesting bank information), or a sense of urgency and panic (i.e. a client asking employees to open an attached file). Teaching employees to recognize suspicious activity on online services and email should be businesses’ first and strongest line of defense. Some cyber insurers even go the extra mile to bundle cybersecurity awareness training with their policies to ensure the employees of policyholders are well-equipped to detect scams and cyberattacks. While many enterprises are struggling to allocate adequate resources for cybersecurity, the current cyber risk landscape demands tighter measures. Insurers have the obligation to help policyholders set cyber risk mitigation tools in exchange for lower rates. The complex worlds of cybersecurity and insurance have traditionally operated in silos but need to work together to make it easy for policyholders to understand where they stand against today’s biggest cyber threats. Likewise, cyber insurers are no longer just providing policies, they are also helping with response and detection by being on constant watch for policyholders. They’re providing insights on how to improve cyber hygiene and controls. By informing policy holders the actions they need to take to prevent potential cyberattacks, detect any threats, and finally how to act in the unfortunate case of an event, we are bettering a client’s cybersecurity posture. By taking the simple steps listed above you are not only putting yourself in a better position for a good policy, you’re providing yourself with a good infrastructure. Now you’re not simply relying on cyber insurance to cover you in the event of an attack, you’re taking the steps necessary to prevent an attack.
About the Author Trent Cooksley is the Co-founder & Chief Operating Officer at Cowbell Cyber. Cowbell Cyber provides standalone cyber insurance for small and mid-size enterprises. Cowbell Insurance Agency is currently licensed in 50 U.S. states and the District of Columbia.