Highlander’s Steve Brown explains why cybercrime is now a hot topic for business insurers
Renewing the business insurance isn’t up there with my favourite tasks of the year; plenty of form filling, box-ticking and number checking is required.
It is, however, becoming a more important task from a technology point of view, and that is down to the ever-evolving threat to businesses from ‘cybercrime’.
We are seeing a huge increase in companies asking for help to understand the renewals coming through, and assistance to put in place simple measures to manage the risk and reduce potential threats out there.
Data breaches, leading to data loss, ransomware, and extortion are all common cyber threats, and the most common risk to your business is still phishing. The criminals will still pretend to be someone that they’re not and do all that they can to get at you via email, calls and texts.
On renewing our insurance, I was surprised how the level of questioning has gone from the simple ‘Do you change passwords regularly?’, to now including questions around gathering threat intelligence data or domain control on managed endpoints. Are general businesses supposed to know the answers to these questions, or the solutions?
What it does show is that the threat is real, and the technology levels required are getting higher, but it is still simple for a company to be more proactive and manage the risk better.
Here are some easy measures you can implement to stave off the threat of cybercrime:
Multi-factor authentication (MFA). This is the process where the system requires more than one authentication verification factor to gain access. For example, you log into your email and a code is sent to your mobile. Simple, but it works.
Email filtering tools. Stop those emails coming into your staff’s inbox before they have a chance to open them.
We’ve set up phishing simulations and ‘caught’ the most unlikely of people! It’s good to stop them from landing via filtering and have these simulations in the background as it does make you think twice.
Quality password policies. It may be a minor hassle to change these and make them complex, but it’s nothing in comparison to trying to retrieve your data from someone on another continent.
Insurance underwriters want to see the above and are almost insisting in some cases. Going to the next level and implementing a security information and event monitoring system (SIEM) or completing regular disaster recovery and data recovery tests will please the underwriters too but start with the simple and relatively low-cost options that you already have available.
If you want a check on your current security policies, then please get in touch. We have staff who are well trained, educated and dedicated to this threat and it doesn’t cost the earth. You may have most of the tools already in place, but not deployed.