Cyber risks remain prevalent as we continue to stay in remote work environments. Many leaders have begun to understand the value a cyber insurance policy has in protecting a company’s data. Cyber insurance may be costly, but going through a cybersecurity audit with your insurance carrier, IT department, or vendor can limit vulnerabilities and reduce your cyber insurance premium.

Our SVP, Managed IT Services, Tom Shanley, recently went through our own cyber liability insurance renewal and recommends the following proactive steps to help you prepare and lower cyber insurance costs, which often can increase by as much as 50%.

TURN ON MULTI-FACTOR AUTHENTICATION AND ENFORCE A FIRM PASSWORD POLICY

You’re probably familiar with this: when you log in to your network, email, or other application, you receive a text to your phone (or a message to an “authenticator” app, also on your phone) with a one-time code that you have to enter before being able to access your network.

IMPLEMENT CYBER TRAINING FOR EMPLOYEES
Educating employees on common threats is imperative to fight against malicious intent. Additionally, a comprehensive cybersecurity awareness training program lowers the risks of security threats. It also frees up the IT department’s time by avoiding cybersecurity breaches.

EFFECTIVE THIRD-PARTY MANAGEMENT
Use of a Managed Security Services Provider offers support for your company’s tech for a fee. They proactively monitor a business’s network, help minimize IT problems, and troubleshoot any issues that come up on the network. Instead of outsourcing IT when a problem occurs, managed services allow for consistent network monitoring. Also, a managed services provider handles all updating and maintenance tasks.

REGULARLY INSTALLING PATCH UPDATES
Patches are intended to upgrade, optimize, or secure existing software, computers, servers, and technology systems that maintain operational efficacy or mitigate security vulnerabilities. Most growing businesses struggle to identify critical patch updates and test and install patch releases to fix problems as they occur. The average time to patch is 102 days. 57% of cyberattack victims stated that applying a patch would have prevented the attack. 34% say they knew about the vulnerability before the attack.

ENCRYPTING DATA AND PERFORMING REGULAR BACKUPS STORED SEPARATELY FROM THE NETWORK

A backup is a stockpile of your company’s data in one location. That means it could make a very attractive target for anyone looking to gain access to this data.  At a basic level, encryption is the process of scrambling text (called ciphertext) to render it unreadable to unauthorized users. You can encrypt individual files, folders, volumes, or entire disks within a computer. You are also able to encrypt USB flash drives and files stored in the cloud.

DEVELOPMENT OF A CLEAR INCIDENT RESPONSE PLAN
Incident response planning is essential, because it outlines how to minimize the duration and damage of security incidents, identifies stakeholders, streamlines digital forensics, improves recovery time, and reduces negative publicity and customer churn. A proper incident response process allows your organization to minimize losses, patch exploitable vulnerabilities, restore affected systems and processes, and close the attack vector used.   According to IBM and the Ponemon Institute, the average data breach cost in 2021 was $4.24 million.

REGULAR PENETRATION TESTING
Penetration testing is testing a computer system, network, or Web application to find vulnerabilities that an attacker could exploit. The point is to test for weaknesses and identify potential vulnerabilities that a malicious user could take advantage of to do harm. Penetration testing is not a one-and-done activity. Instead, it is a process that an organization must undertake regularly. The frequency of the tests depends on risk assessments and the company’s organizational structure.

SmartSource® is a Managed Security Services Provider. We are a proactive RMM/Remote Monitoring and Management partner providing asset discovery, IT automation, endpoint and patch management, and more.