Think of your cyber insurance premium as your car insurance premium.
When it comes to your vehicle coverage, it’s pretty clear how you can get a better rate and cut costs. Most insurance providers will give you a reduced rate based on safe driving habits, good student ratings and the safety rating of your vehicle.
Cyber Liability Insurance
I've worked through the process of securing cyber liability insurance with clients, and getting the best rates isn’t always that straightforward.
Here are eight tips to help you achieve a better rate on your cybersecurity policy:
1. Enable Multi-Factor Authentication (MFA)
Multi-factor Authentication, sometimes called two-factor authentication, means presenting at least two credentials when logging into your account.
A great example of MFA is logging into your bank account. For me, the process goes something like this. I’ll log into my mobile banking app and enter my username and password. From there, my bank will auto-text me a code that I need to input so I can access my account.
So, to get into my account I need to provide something I know (password) and something I have (cell phone with access code).
2. Have an Incident Response Plan
Having an incident response plan (IR Plan) in place is required for cybersecurity coverage. It’s rare to find a provider that will cover your organization if you don’t have a plan.
An IR plan is a playbook that you lean on when you suspect your organization’s network has been compromised. In the event of an attack, response time is critical. People need to know what to do, who to contact and who needs to be notified when an incident occurs.
The goal is to minimize damage and get back to business as soon as possible.
3. Put a Backup Plan in Place
Every business needs a disaster recovery and business continuity plan (DR/BC). Sometimes things are out of our control and the world has different plans than us.
A disaster could be anything from a power outage, a robbery or a natural disaster like floods, fires or tornadoes. It could even be a cyber-attack, too.
When ‘you-know-what’ hits the fan, you need to be able to get your business back online AND recover your business data.
A DR/BC plan will help you preserve your data, restore your systems and keep doing business when your main systems are inaccessible.
4. Remove Outdated Software
Have you ever seen the TV show Hoarders?
That’s how most people’s PCs and systems look. Cluttered with outdated apps and software that leave their whole network vulnerable.
Outdated and End of Life software can be easily overlooked. If the software providers are pushing out new updates to keep it secure, then hackers can expose these vulnerabilities leaving you to pay the price.
5. Have an Endpoint Detection & Response (EDR) Solution
Endpoints, such as network-connected printers, are often overlooked entry points for cyber-attackers.
With an EDR solution in place, your network is constantly scanned and analyzed for anomalies that can be investigated further. Ultimately, this will reduce response and mitigate the damage done to your organization.
Managing your network’s endpoints can be a tough task with many organizations embracing remote work. You need to analyze and manage endpoints located outside of your perimeter.
6. Enable Logging for all Systems, Software and Perimeter Devices
Logging activity for all your systems and along your network perimeter is another key component to achieving ideal cyber insurance rates. Logging provides your IT team with valuable information about every event occurring in your network.
Security teams can use these logs to review your network using a SIEM solution and provide a comprehensive view of important events that have occurred.
The main benefit of event logging is the total visibility of your network systems, software and perimeter for both internal and compliance audits.
7. Train Your Employees to be Cyber-Aware
One of the greatest risks to your organization’s network is your end-users.
Your network can be compromised if someone clicks a malicious email link. If your people are trained to spot a phishing attempt or other threat, your organization’s risk is reduced.
You can choose to train your employees yourself and build your own end-user training curriculum, or you can hire a third party to manage the training for you.
There are several great services that specialize in end-user training. We subscribe to a service here at Loffler and have seen positive results.
They send fake phishing attempts and monitor who clicks on malicious emails, links and attachments. Employees who do not pass the phishing attempt are sent educational resources and more cybersecurity training to help them better identify threats.
Also, inform your people to stop commenting on social media posts that ask questions like:
- My first job was _______.
- My favorite pet growing up was my ______ named ______.
These posts seem harmless and are common on platforms like Facebook, but they’re just clever social engineering attempts. Don’t over-share social media.
8. Create a Password Policy
Chances are that your organization has some sort of password policy in place, so this is probably not a new concept.
Except, recommendations for a strong password constantly evolve. If you haven't revisited your password policy recently it’s time to take a hard look and ask yourself if it’s enough to keep your organization safe.
A couple of quick wins you can implement today are enabling MFA and continuing to educate end-users about cybersecurity.
Most of these tips you can implement on your own if your IT team has the bandwidth and experience. If you need help getting the best rates possible for your cyber insurance policy our engineers will work with you to implement these best practices.
Watch Next: 10 Ways to Increase Cybersecurity Insurability
