Hello, for those who don’t know me yet, my name is Gino and I’m the president of EasyWayIT.
Last week I published a video talking about the importance of being prepared when you look for cyber insurance. As you can imagine, I received several calls from people asking for more details.
First, I would like to say that we are not selling cyber liability insurance. EasyWayIT manages IT infrastructure, Cyber security, and Compliance.
Let me reinforce the fact that Insurers are demanding more sophisticated cyber security measures, leading to increasingly complex minimum criteria for cyber insurance.
I have analyzed the prevailing market requirements to identify the most frequently encountered ones.
Let’s review!
Backup Procedures: providers recognize the substantial benefits of reliable backups in minimizing business disruption and mitigating extortion demands during an attack. It means, businesses must adhere to specific backup requirements to be eligible for a policy.
Patch Management: This is important! It means consistent installation of patch updates, conducting regular inventories of operating systems, maintaining a comprehensive list of security controls.
Multi-Factor Authentication (MFA): It requires a combination of the following elements:
something you possess (like a one-time token),
something you know (like a password),
and something you are (like an iris scan or fingerprint).
Insurance experts are actively seeking the implementation of MFA across business email accounts and critical applications.
Zero-Trust: Before granting access to applications and data, organizations now need to mandate ongoing authentication and authorization for all users within their network This includes third-party providers who have continuous access to the network. This requirement ensures that the security posture of individuals is evaluated and validated on a continuous basis.
Endpoint Detection & Response (EDR): EDR software is specifically designed to constantly monitor, detect, investigate, and respond to sophisticated threats targeting endpoint devices. It enhances visibility into endpoints and effectively tackles extensive attack campaigns that span across multiple devices.
Identity and Access Management (IAM): IAM utilizes a series of rules and policies to monitor and regulate user actions. As an Example, IAM oversees both successful and unsuccessful login attempts, governs access permissions, and assigns administrative privileges to users as necessary.
Privileged Access Management (PAM): It functions in conjunction with IAM, serving as a guardian to maintain control and visibility over vital systems and data. It enables access to critical resources and privileged information while also auditing the activities of privileged users in the event of a security breach.
Guys, PAM plays a crucial role in reducing the risk associated with compromised privileged accounts, which are frequently targeted by threat actors.
Now, it is important to acknowledge that PAM is not only a commonly requested prerequisite by insurers, but also a necessity for compliance with various legislative frameworks governing privacy and data protection.
Like I said in the beginning, those are the most common requirements! There is a lot more!
EasyWayIT is here to help you be secure and prepared in case of an Incident.
Please call us at (727) 563-9200 for a free consultation and network assessment.
Thank you!
