Important: Make sure you’re prepared for cyber insurance renewal.
Firms may get cybersecurity insurance to protect against the financial consequences of a cyber attack or data breach. Cybersecurity insurance can cover the costs associated with responding to a cyber incident, such as legal fees, public relations expenses, and the cost of hiring a forensic investigator to determine the cause of the incident. It can also cover the costs of notification and credit monitoring services for affected customers, as well as the cost of providing these services to employees.
In addition to the direct costs of a cyber incident, a firm may also suffer indirect costs, such as lost revenue due to disrupted business operations or damage to the firm's reputation. Cybersecurity insurance can provide coverage for these indirect costs as well.
Overall, cybersecurity insurance can help a firm mitigate the financial impact of a cyber attack and ensure that it has the resources it needs to respond effectively.
Providing your staff with a cybersecurity checklist can help them understand the importance of protecting sensitive information and the steps they can take to secure it. A well-informed and security-conscious staff can be a strong defense against cyber threats. By following the checklist, your staff can reduce the risk of falling victim to phishing attacks, malware, and other cyber threats, which can lead to data breaches, financial loss, and damage to your company's reputation. In addition, a cybersecurity checklist can help ensure that your company's data and systems are protected, which can help reduce the risk of costly cybersecurity incidents.
Cybersecurity Checklist
Ensure that your organization has the right cyber risk management protocols in place. We offer strategies for every size of business and every budget, from multinational corporations to SMEs.
We will work with you to determine the most appropriate services for your cyber risk. We can offer our services on a retained basis as your ongoing cyber risk management partner.
Employee Training
Do you perform periodic cybersecurity training for all employees?
Cyberthreats extend to every employee of the organization. As a general rule, organizations should hold mandatory general cybersecurity training for employees on an annual basis. Training can be computer-based or offered as a slideshow, but either way, they should be accessible to employees who want to revisit them on their own time.
Do you perform periodic phishing exercises for all employees?
Employees are often the weakest link in the cybersecurity chain, and hackers often exploit this vulnerability through phishing emails. Employees need to recognize the signs of malicious emails, and understand how and where to report them. Without proper phishing training, employees will be more susceptible to clicking on malicious links contained in these emails, providing a means for cyberthreat actors to deploy malware and attack networks. Training should be done at least annually, and user performance should be tracked.
Email Hygiene
Do you screen incoming emails for malicious links or attachments and filter accordingly?
An email-based attack is one of the most common methods employed by hackers. Maintaining optimal security configurations should be a priority.
Do you authenticate incoming emails?
If you’re using a cloud server, multifactor authentication (MFA) is typically native, but if you are using on-premise email, you will need to purchase an MFA solution, then architect and implement that solution correctly for your server, which may involve a lot of effort for a smaller team. MFA is native to Microsoft 365. You can enable it by check box, but that doesn’t mean it will be enforced. If it is not set up correctly by the global administrator, there are ways to bypass it.
MFA and VPN's
Do you currently use MFA for all employee remote access and all access to privileged or administrative accounts?
Many cyber insurance companies will decline to quote or renew existing policies if an insured does not have proper MFA in place with respect to at least the access points addressed in the questionnaire. This security control validates identities and, in addition to the items cited in the questionnaire, often extends to backup data, vendor accounts and other areas.
MFA requires a second factor, like a one-time-use code, in addition to your password. If your password is stolen, it will be useless to an attacker that lacks possession of the required second factor. MFA needs to be in place for all remote access — VPN, cloud applications and anything you can access from the internet.
Do you use a virtual private network?
A virtual private network (VPN) allows users to log into a network environment remotely when they are physically in another location.
Do you use remote desktop protocol or virtual desktop incidences for remote access?
As more and more organizations adopt remote working, the need to secure these environments is critical. To help do this, a properly configured remote desktop protocol (RDP) should be implemented. This provides for a more secure remote environment that allows remote employees to continue to operate within the secure confines of your network.
Underwriters may use tools to detect publicly identified insecure protocols, and may decline or restrict coverage if they determine RDP controls are not sufficient.
If yes to the above, is MFA required for all RDP and virtual desktop instance access?
Users should not be able to log in as system administrators or heightened-privilege users from outside their corporate networks. Once they are inside the network as verified users, they can escalate access privileges and move to far-reaching databases within the network.
Breach Response Plan
Do you have a written incident/ransomware response plan?
Having a written data breach response plan in place is one of the best ways to mitigate both financial and reputational harm in the aftermath of a cyber incident. This plan identifies key internal stakeholders and external breach response experts that will play specific, defined roles. At minimum, it should identify roles and responsibilities specific to legal guidance, IT forensic investigations and evidence preservation, compliance, communications, operations, and law enforcement resources.
Detection and Duplication
Do you employ an endpoint detection and response solution throughout your entire network for all managed endpoints?
One of the best ways to mitigate the effects of a cyber attack is to arm your organization with endpoint detection and response capabilities that provide early notice of a network intrusion. By detecting the attack immediately, you may be able to prevent a hacker from moving laterally throughout your network.
Do you have backups of all data offline, encrypted and stored remotely using a cloud-based service?
By having immediate access to a secure backup copy of your data that is uncorrupted by the attack, you may be able to recover quickly from ransomware attacks without having to pay ransom demands while mitigating business interruption costs.
Have you performed at least a partial reinstall from backups within the past year?
Being able to reinstall data quickly will be a key to limiting downtime, avoiding ransom payments and saving bottom-line costs. Some cyber underwriters will inquire whether you can do this within a certain number of days or weeks. Those that can demonstrate that they can do this may be viewed as a better risk than those that cannot.