Did Somebody in Tulsa Call for Backup? Cyber Liability Insurance to the Rescue.
We receive numerous requests on a regular basis from clients in Tulsa, Oklahoma, asking ArcLight Group to help prepare their business for cyber liability insurance. As leading experts in cyber security, the safety of your business is our number one priority. These days, cyberattacks are happening at a dizzying pace, with breaches becoming more expensive and expansive over time. As a result, more company leaders are seeking out cyber liability insurance, fueled either by client mandate or by their own understanding that cyber threats are never going away.
List of 33 Questions Asked by Insurers
A large majority of insurance providers assess risk by seeking out information in three key areas: people, process and technology or data. We compiled a list of 33 questions most likely to be asked by insurers. Take a moment to ask yourself these key questions and answer as honestly as possible:
1. Does your organization screen email attachments?
2. Does your organization quarantine malicious and spam emails?
3. Does your organization sandbox/execute email attachments prior to delivery?
4. Does your organization utilize email advanced threat protection?
5. Does your organization use an endpoint protection product (antivirus)?
6. Does your organization use an endpoint detection and response (EDR) product?
7. Does your organization use multi-factor authentication (MFA) also called two-factor authentication (2FA) to protect user accounts?
8. Does your organization perform periodic vulnerability scans?
9. Does your organization block inbound connections via hardware and software firewalls?
10. Do users have local admin rights on their systems?
11. Is content filtering enabled?
12. Does your organization scan all traffic into and out of your network system for viruses and malware at the gateway?
13. Are users provided a password manager?
14. Are privileged accounts managed and administered to limit and log access?
15. Are all mission-critical data, applications and configurations backed up?
You may have noticed by now that many of the questions appear to be heavily focused on protecting your data, most especially your company’s email, network security and the storage and safety of internal communications. The prevention of data breaches is critical to the success of your business. Firewall support, multi-factor authentication and anti-virus scans are useful tools in safeguarding your technology against cyber threats. As you continue in answering the remaining questions, we encourage you to take mental or physical note of what tools you currently have in place and ensure that they are up to date and properly utilized.
16. Are backups encrypted at rest and in transit?
17. Are backups stored on-site and off-site?
18. Are off-site backups air-gapped and utilizing a separate authentication mechanism from the production environment?
19. Does your organization test backups via full restore into a sandbox environment to confirm functionality at least quarterly?
20. Does your organization use a cloud syncing service like OneDrive, DropBox, SharePoint, Google Drive, etc?
21. Does your organization back up your cloud solutions to a separate environment?
22. Do employees have access to email on their personal devices?
23. Do employees send or receive PII, ePHI or PCI information via email?
24. Does your organization utilize an email encryption system and are employees trained on its use?
25. Does your organization perform periodic phishing, testing and training as well as sending phishing emails to employees to gauge adoption and application of provided training?
26. Does your organization utilize a log aggregation system such as a security incident and event management (SIEM) system?
27. Does your organization perform timely and regular installation of all critical security updates at least monthly?
28. Does your organization monitor your network for malicious activity?
29. Does your organization utilize a third party for support and service?
30. Does your organization utilize an in-house or third-party security operations center (SOC)?
31. Does your organization encrypt all sensitive data at rest and in transit?
32. Does your organization have a well-documented, enforceable and enforced disciplinary plan for employees who fail to adhere to cyber security training and testing?
33. Does your organization meet all industry-specific regulatory guidelines and best practices for policies, procedures, enforcement, monitoring and reporting?
If you answered in the negative to any of the above questions, chances are your business is not well-prepared for a cyberattack. It’s easy to assume you are secure, but far too often this assumption is based on very flimsy evidence. Turning on Windows security updates on all computers does not guarantee that updates are being applied. Likewise, installing an antivirus agent does not ensure that the agent continues to receive regular updates and function as designed. It’s always best to consult with a cyber security expert when safeguarding against data breaches.
At ArcLight Group, we understand that it’s not a matter of IF your organization will suffer a data breach, but WHEN. We are here to make sure your business is well-protected in the instance of any harmful cyber event.
What Cyber Liability Insurance Does for Your Business
- Assists in the timely remediation of cyberattacks and incidents
- Protects against damages to your network stemming from theft of third-party data
- Covers some company losses in higher instances of cyber threats, including terrorism
- Enables you to recover from the loss of confidential information such as, but is not limited to, Social Security numbers, credit card numbers, account numbers, driver’s license numbers and health or medical records
Your information is critical to the success of your business and it’s of the utmost importance that it remains protected. Cyber liability insurance provides your business with a combination of coverage options that help protect your company from some data breaches and other cyber security issues, but only if you meet the provider’s specific cyber liability requirements. Adhering to your insurance providers recommended cyber security requirements will help safeguard against malware, viruses, outdated scan software, malicious attacks and spam emails. At ArcLight Group, our cyber security experts offer proven, professional and appropriate advice pertaining to the safety and security of businesses in Tulsa, Oklahoma.
Don’t wait until it’s too late. Let ArcLight rescue your company from the risk of cyberattack. Call us today.
Share the Knowledge
Managed Service Provider CHECKLIST
Land on the best IT solutions partner for your needs with this easy-to-follow, one-page download.