Cowbell is passionate not just about offering comprehensive and effective insurance policies to small and mid-sized enterprises, but also about empowering policyholders to manage their cyber risk and prevent incidents in the first place. In this week’s episode, our podcast host, Alexis Vaughn, invited Cowbell’s Director of Risk Engineering, Manu Singh, to educate listeners about cyber risk, how to manage it, and how Cowbell can help.
At Cowbell, Manu works closely with policyholders to help them understand our continuous risk assessment process. “My function surrounds the question on how to reduce the frequency and severity of cyber security incidents and breaches for policyholders.”
From understanding our Cowbell Factors™ (that also gave this podcast its name), utilizing our Cowbell Connectors and Insights, as well as deploying our cybersecurity awareness training for employees, our risk engineering team will be there for every step of the way to make policyholders more secure online. “Anyone who has a Cowbell cyber policy can schedule a call to address their cyber risks and ask any questions.”
Of course, all this cannot be done in just one meeting. Manu explains: “Generally, we meet with policyholders two to three times. The first call can be done the pre-bind, during which we give businesses clarification on cybersecurity measures, and how to implement them.”
“The second call occurs post-bind. We onboard the policyholder, and educate them about the value-add that comes with their policy. This includes education around navigating the Cowbell platform, our internet-facing scans, and how our Cowbell Connectors give businesses deeper insights into their cyber environment.”
“The third call would be after a claim. If a claim were to occur, we like to discuss what happened, what the business learned, and what security controls could be applied moving forward, so that the frequency and severity of that particular cyber incident can be reduced.”
Of course, avoiding incidents is our goal. To help policyholders understand their cyber risk posture, we developed the Cowbell Factors, our proprietary risk rating factors, that assess businesses’ internet-facing systems and create scores based on the results.
Improving one’s Cowbell Factors should be a priority for organizations. This can be done by utilizing Cowbell’s risk management tools. “The number one way to improve your scores is by addressing the Cowbell Insights that we identify by scanning the business. Each Insight will give you a description of a particular vulnerability, whether it’s actionable or not, its severity, and which Cowbell Factor is most impacted by it.”
“Another way is by using our Cowbell Connectors. Connectors are APIs that are built for certain tenant software environments. Utilizing those will improve the security in your cyber environment and therefore improve your Cowbell Factors.”
Apart from the results of individual Cowbell Insights, businesses should also pay attention to certain cybersecurity best practices: deploying Multifactor Authentication, creating a digital asset inventory, and coming up with an incident response plan.
“No matter what size organization you are, you should apply Multi-Factor Authentication on remote access and VPN, on email accounts, and google and cloud applications. Most bad actors will give up on the spot if they see that they need a second factor for log-in.”
“As for the inventory, this helps you to become aware of what your software assets include, what they store and process, and which vendor technology is utilized. This can, for example, tell you if they are vulnerable to the most recent Apache Log4j2 vulnerability.”
Last, but certainly not least, comes the incident response plan (IRP). “The purpose of an incident response plan is to be proactive in addressing an incident or breach whilst it occurs.”
If your organization doesn’t have an IRP put in place yet, you can download a template on our website. If you are a policyholder, our risk engineering team will be happy to meet with you and create a personalized IRP for your organization.
“No matter what size organization you are, you should apply Multi-Factor Authentication.”
Cowbell’s risk engineering is an important part of our closed-loop approach to cyber insurance. Manu and his team work closely with policyholders every day to ensure that they can become safer online.
You can reach out to the risk engineering team at firstname.lastname@example.org. If you are interested in getting appointed with Cowbell Cyber or purchasing a Cowbell cyber policy, you can reach out to us through our website, or by writing to email@example.com or firstname.lastname@example.org.
You can visit the Cowbell Factor Podcast library to listen to last season’s episodes and stay up to date on new ones. It is available on most Podcast platforms (Spotify, Google podcast, Apple podcast, Anchor, Breaker, and Radio Public).