In an ever-changing digital landscape, the sophistication of technology allows companies to evolve more rapidly than ever before. But, as sophisticated as technology becomes, so too do the methods that cyber criminals use to infiltrate networks and carry out cybercrime in Australia.
Establishing a robust cybersecurity framework is crucial in ensuring that your business is protected against the risks of cybercrime. Cyber Insurance has become critical in the fight against cyberattacks and in covering firms in the aftermath of a cyber event.However, due to the rapidly evolving cyber liabilities, insurers are tightening the parameters and requirements for accessing cyber insurance.
Working with Josh Ryan from Hunter Broking Group who is an expert in cyber insurance, we have come up with the top 6 requirements that most insurers are looking for before they will consider covering you and your business.
1. Use Multi-Factor Authentication
Multi-FactorAuthentication, commonly referred to as MFA, has proven to be one of the most effective methods to help protect against unauthorised access to valuable information. Some common forms of MFA are:
· Email verification
· Biometrics such as a fingerprint scan
· Randomly generate pin numbers
· Physical tokens
MFA is so important that, according to Microsoft, MFA is able to block 99.9% of all account compromise attacks, helping to reduce your risk of data breach significantly. For more information on how MFA can help, take a look at our blog article here.
2 . Use encryption wherever possible
Encryption can be used in many different forms and for many different reasons. Most websites these days use encryption in the form of HTTPS to send data back and forth between the website and your browser. Encryption though, should be used when storing data (especially on removable devices like USB keys, laptops and external hard drives), securing backups and for connecting to data on the corporate network from outside of the office. In many cases this is done automatically for you but you should speak to your IT team to confirm where this might not be the case.
3 . Back up your data often
Cyber security isn't just about protecting your business from cyber attacks — unforeseen cyber events can lead to major data loss and cause business disruption. Whether from deleted or corrupted files or simple human error, significant system downtime can come at a high cost to your business. Regularly backing up your data should be standard business practice to minimise the risk of data loss or corruption. When reviewing your backup practices, be sure also to keep in mind data that is managed by cloud providers such as Microsoft Office 365. In most cases, including with Microsoft Office 365, the cloud provider puts the onus on the data owner to ensure that their data is backed up. Where possible, it's advisable to also create an offsite backup and to encrypt your backups!
To read more about backing up Office 365 and why this is so important, check out this article that explains the in's and out's.
4. Segment your systems
As tech specialists, we're accustomed to architectural approaches when it comes to system networks, however, as a business owner, you may not be aware that the way you structure your digital networks can aid in your cyber security! Network segmentation is one approach to network structure that divides your network into different segments, essentially operating as their own small network.
A great example of this is having a separate network for your web server and your office network. This reduces the risk of compromising non public data if your web server is attacked.
5 . Restrict user access
It might go without saying, but restricting access to sensitive, valuable or personal information to a 'needs access' basis is a reliable way to minimise the risk of mishandling data, or password theft.
Access to data and applications should be re-assessed often to ensure that when there are changes to your business or your employees, these changes are reflected in the permissions that users have.
6 . Have a plan in place
As a prudent business owner, you unquestionably have a business plan to guide your organisation's success. Protecting your intellectual property and that of your customers is no different; putting a cyber security plan in place should be a given for business risk management.
It's important to remember that just as you remain adaptable to changes in your business environment, you'll need to stay flexible to changes in your cyber liabilities. Cybersecurity risk management isn't a set-and-forget idea; it's an ongoing process involving identifying, then analysing, evaluating, and finally addressing all of the cybersecurity threats.
A sound cybersecurity plan includes consideration of disaster recovery, business continuity and a road map to reduce time waste in the event of an incident.
Find out more
At Sentrian, we firmly believe that IT security is no longer an optional extra. The devastation and destruction that cyberattacks and cyber events have on Aussie businesses can sometimes be irrecoverable. The 6 factors outlined above will help you on your path to securing your business and gaining coverage for cyber insurance but these are just the foundations of what you will require.
Whether it's to fill a specific deficit in your security armour or form part of a complete strategy, we partner with global leaders to facilitate formidable cyber security strategies, including cyber insurance.
To find out more how we can help you reinforce your cybersecurity, get in touch with us here.
For more information on Cyber Insurance and how to give yourself the best chance of gaining cover, speak to Josh at Hunter Broking Group.