Cyber Insurance has become a necessity for every business, no matter the size or industry. Taking these 5 steps ahead of applying to cyber insurance will lead to more relevant coverages and market-level pricing. It will help you expedite the process of getting a quote and improve your buying experience so that you can get back to running your business.
1. Find out about your industry-specific cyber risks
Even though every business has a cyber risk, some threats are tied to, or amplified in specific industries. Understanding what your class of business’ threat landscape looks like can help you choose adequate coverages and limits. You can learn more about what makes your industry susceptible to cyber incidents by checking our industry-specific resources.
2. Conduct an individual cyber risk assessment of your company
Conducting a risk assessment is the next step. Why? Every organization has a unique digital footprint and deploys technology in its own way. This means a unique risk profile with unique exposures to cyberthreats. Identifying security weaknesses and addressing them will give you more options when applying for insurance.
As a provider of cyber insurance, Cowbell prioritizes transparency. This is why we offer tools and services for every organization to understand their risks and offer recommendations so that IT and security teams (whether internal or outsourced) can improve your organization’s risk profile.
Cowbell’s continuous risk assessment delivers value prior to applying for cyber insurance and every day after your policy is issued:
- Industry peer benchmark: is your organization more or less secure than peers?
- Online access to your risk ratings (Cowbell Factors)
- Deeper insights and refined ratings once connectors are activated
- Insights and recommendations (Cowbell Insights) to fix security weaknesses such as MFA not being applied systematically to all accounts
3. Ensure that basic security measures are in place
Zero risk does not exist but organizations need employees to do their part to keep the business secure when operating online and also working from home:
Are all employees exclusively connecting through a secure network?
The idea of working in a cafe or a park and connecting to work through a public Wifi is endearing, but not very secure. When cybercriminals can share the same network as you, it is easier for them to intrude on your systems. Employees should connect to work through secure, private networks.
Have employees activated Multi-factor Authentication everywhere?
Most online services now make Multi-factor Authentication (MFA) available out-of-the-box at no charge with the option to enforce MFA for all users. Every administrator of online services (Microsoft 365, GMail, CRM systems, online banking, cloud infrastructure, website, and so on) should make MFA mandatory, with no exception.
What is MFA? It requires you to confirm a log-in on a device through another device. For example: You log into your bank’s website on your PC. The website will then send a code via text message or email that you will have to enter in order to ultimately access your account.
MFA is one of the easiest steps that companies can take to protect their digital assets. If you have third parties running IT for you, ask them to activate MFA on all systems.
Do employees know to not click on links from senders they don’t recognize?
95% of employees are not able to consistently recognize phishing emails. Cybercriminals are getting more sophisticated in sending malicious emails that appear authentic to a broad audience, waiting for one of the receivers to make a mistake. Cybercriminals will try to establish trust by impersonating someone employees know well (i.e. a supplier who changed their bank information), or a sense of panic and urgency (i.e. an important client who has a complaint in an attached file).
Training employees to recognize malicious activity on email and online services could become your first and strongest line of defense.
This is why Cowbell bundles cybersecurity awareness training with its policies so that employees can proactively stop malicious activities before any damage is done.
4. Know how often (if at all) you backup your systems
If there is an incident during which some of your systems get compromised, having recent backups of data and systems can give you the upper hand. Generally, it is advised to conduct backups at least bi-weekly, preferably weekly, and store the backup in a separate environment, ideally not connected to the internet.
5. Validate that your cloud environments are configured for security
In the small and mid-size market, cybercriminals rarely target a specific organization. They scan the web, looking for unsecured access points to systems. Misconfigured cloud services offer easy entrance. So, it is more important than ever to validate that your cloud environments are set up with security best practices in mind.
Major cloud infrastructure offer readily available tools to validate configurations. Cowbell also enables you to evaluate the configuration of major cloud environments (Microsoft 365/Office 365, Azure, Google, AWS) when activating Cowbell Connectors.
There’s a lot more to be done, especially if you have experienced a cyber incident in the past, but the above five are great starting points.
Carefully reviewing the above will increase your options when applying for cyber insurance. It will also provide the basic security everybody needs in this time of exponentially increasing cyberattacks. If you want to find out more, you can contact us at firstname.lastname@example.org.