10 Questions to Prepare for Cyberinsurance
Cyberinsurance continues to be a hot button issue. Rates are going up, some businesses cannot even get quotes. CGP’s founder, Dustin Bolander, has spent the last year consulting inside the cyberinsurance business and developed extensive insider knowledge. That has allowed us to put together a list of ten questions that will help you be in a great position for renewal or acquiring cyberinsurance. CGP also has a turnkey package, including an extensive 56 point form that we use for preparation audits, alongside a vulnerability scan for your network, to prep for renewal or getting coverage for the first time.
1. Do you have endpoint detection & response (EDR) deployed to all computers?
EDR is the next evolution of antivirus. It looks at all activities on a computer, for example commands being ran against the backup service on a server, and correlates those to identify threats. Insurers are starting to require EDR for many situations, such as high risk companies. Popular choices include Sentintel1, and you should strongly consider having a dedicated 24x7 team watching for any alerts.
2. Do you have backups that are fully separated from your main network/applications?
With the rise of ransomware, backups are a critical part of recovery. Too many businesses make the mistake of having the backup systems connected to the main network, so hackers quickly find and delete them. You should have backups somewhere that requires a completely different system of access, and located elsewhere (a datacenter, cloud, etc.) Don’t forget to backup systems like 365 and other cloud apps! At CGP we are a big fan of using Dropsuite for backing up 365 or Google.
3 & 4. Do you have multifactor authentication (MFA) deployed for all outside applications? What about cloud/third party systems?
MFA is a critical defense, in 2019, Microsoft identified it would have stopped 99% of 365 breaches. Google published similar results. Insurers are starting to require MFA across the board, along with more secure configurations. Make sure ALL users are protected with MFA, especially admins. Any access from outside the office should require MFA, including VPN, webmail, remote tools, etc. Your cloud based accounting system or ERP are at risk too, create a vendor and company policy that requires all third party services to have MFA enabled as well. If a service does not offer MFA in 2022, that should raise serious flags about it’s overall security. At CGP we include Cisco’s Duo in all our managed IT packages due to it’s ease of use and ability to integrate with almost any system.
5. Patching
New security issues are identified daily, and software patches to fix them are created just as often. Many breaches happen due to these not being installed quickly enough. As one example, Huntress, a threat hunting and security research company, identified major attacks starting around Dec 25th, even though an update had been available since earlier that month. This is a great example why many insurers want urgent updates installed within a 14 or 30 day window.
5a. Vulnerability Scanning
Many IT departments will simply use Windows’ built in patching, or an agent of some kind (such as System Center/Intune or Remote Management & Monitoring/RMM) to install patches. However this can leave undocumented applications and devices still at risk. A vulnerability scanner uses a catalog of known issues to scan both inside and outside your network for flaws and alerts you. This helps catch such examples as the outdated camera system that you have plugged into the network. Think of vulnerability scanning as a verification system for your patching.
Ready for questions 6 through 10? Register here to receive them via an email.