by Felicien | Jun 14, 2023 | Education
Don’t assume you can buy coverage—insurance carriers may not want your money if your cybersecurity standards aren’t up to par. We will help you qualify for the cybersecurity insurance you need.
During the past few years, as many of our client’s cybersecurity insurance came up for renewal, a clear trend has emerged.
Cybersecurity insurance carriers are requiring more sophisticated written cyber policies, tools, training, and disaster recovery systems before processing the renewal, and in many cases are also significantly increasing premiums for individual cybersecurity risk items that are not being addressed.
This has nothing to do with whether there has been a claim or not in the past, and everything to do with what steps the applicant must now take to address cyber security risks. All the carriers now have additional forms filled with cybersecurity questions that must be answered accurately before the carrier will renew the policy.
Furthermore, you can be sure that if a claim against the policy is ever submitted, the carrier will check the answers provided to determine if there is any way for them to deny coverage. This is why you have to ensure your cybersecurity is up to par; failing to do so can raise your premiums and put your coverage in jeopardy in the aftermath of an event.
15 Questions Your Cybersecurity Insurance Carrier Is Going To Ask…
Does your business have a policy against opening unverified email attachments?
Does your business use an Endpoint Detection & Response (EDR) solution?
Does your business test cybersecurity standards with regular vulnerability scans?
How many users have local administrator rights enabled?
Do you have a content filtering solution?
Does your business monitor traffic into and out of the network?
Do you have recent and tested backups of all mission-critical data, applications, and configurations?
Are your offsite backups protected by an air-gap and separate authentication mechanism?
Is your cloud data backed up?
Can staff members access business email on their personal devices?
Do you have an email encryption solution in place?
Is your staff regularly tested and trained on phishing and other social engineering attack vectors?
Do you have a Security Incident and Event Management (SIEM) system in place?
Do you have an update and patch management system in place?
Do you work with a third-party IT company?
If you can’t answer these questions correctly (and prove your cybersecurity capabilities), be prepared to have your coverage denied or accept a significant premium increase. Regardless, it is abundantly clear that the days of the wild wild west in cybersecurity insurance are rapidly coming to an end.
3 Steps To Qualifying For Cybersecurity Insurance
Assess your infrastructure
The best way for you and your team to determine the kind of coverage that is best for your organization is to understand your IT infrastructure. By evaluating your systems from top-to-bottom, you’ll have a clear idea of all the different access points that could be leaving your network vulnerable to threats.
Remediate your vulnerabilities and risks
Don’t forget to look into how investing in your cybersecurity could save you money on premiums. Open up a dialogue about it with your potential Cybersecurity Insurance provider and see what they suggest.
Continually reassess
Next, it’s best practice to conduct a risk assessment and an impact analysis. Carefully review all your organizational assets—including financial data, customer information, and intellectual property.
Categorize assets according to risk and make considerations for the potential impacts that a data security event could have on all aspects of your business.
It’s important to understand that the way you manage your cybersecurity can directly affect the coverage and premiums you qualify for. The more robust your cybersecurity posture is, the better you’ll do with carriers. Your investment can potentially return on lower insurance expenses.
How We Help Our Clients Qualify For Cybersecurity Insurance
Many of our clients attempt to fill out these questionnaires on their own, but more often than not, we have to make corrections before they’re submitted. The fact is that this sort of documentation can be very complicated for those who don’t have extensive experience with IT.
We can manage the questionnaire on your behalf, identifying any areas that require changes in order to help you qualify for a policy or even a lower insurance premium.
We endeavor to make modifications and changes that cost as little as possible. In many cases, it’s simply a matter of developing the right documentation or changing settings in your systems to comply with your carrier’s cybersecurity standards. We also offer templates for cybersecurity management policies and statements of operations so that you don’t have to start from scratch.
Need Help Qualifying For Cybersecurity Insurance?
Meeting the stipulations laid out by cybersecurity insurance providers may not be easy depending on the state of your cybersecurity posture. We can help you improve your approach to cybersecurity.
Our team provides cybersecurity and technology services for businesses like yours—we are available to help you develop a robust cybersecurity defense.
We can ensure you qualify for a policy and minimize the chance that you’ll have to make a claim on your cybersecurity insurance.
Get in touch with our team to get started.
by Felicien | Jun 14, 2023 | Education
Cybersecurity insurance is becoming more complicated, more expensive, and more necessary. Are you putting off getting a policy? You shouldn’t wait any longer.
The cybercrime landscape is getting more unpredictable and complex every day. Cybercriminals are finding more effective ways to infiltrate business networks and steal critical business data—but you already know all this.
Cybercrime is a serious and expensive threat. The average cost of a data breach in the United States is currently $5M—can you afford that?
That’s why so many businesses are considering investing in cybersecurity insurance, which is designed to help businesses cover the recovery costs associated with any kind of cybersecurity incident.
What You Should Know About Cybersecurity Insurance
First of all, it’s not a trend that’s going to go away. Over the past few years it has rapidly grown as an industry:
The global market for cybersecurity insurance was USD $7.60 billion in 2021 and is expected to grow to USD 20.43 billion by 2027
In the past three years, cyber insurance claims have increased by an order of 100% and payouts by a total of 200%
Cybersecurity insurance is a relatively new type of protection designed specifically to help cover the potentially massive expenses associated with an unavoidable data breach. It can be a worthwhile investment, so long as you know how it works.
The somewhat inevitable nature of modern cybercrime has led businesses to consider cybersecurity insurance as a final layer of reassuring protection. In fact, it’s becoming more and more necessary, as many insurance providers have begun drawing a clear line between normally covered losses, and those incurred by cybercrime-related events.
That means that if your cybersecurity doesn’t meet the standards of your insurance provider, you may not be as well covered as you think.
Types of Cybersecurity Insurance
Breach and event response coverage
A very general and high-level form of coverage, this covers a range of costs likely to be incurred in the fallout of a cybercrime event, such as forensic and investigative services; breach notification services (which could include legal fees, call center, mailing of materials, etc.); identity and fraud monitoring expenses; public relations and event management.
Regulatory coverage
Given that a range of organizations has a hand in regulating aspects of cyber risk in specific industries, there are usually costs that come with defending an action by regulators.
This covers the costs associated with insufficient security or “human error” that may have led to a privacy breach. Examples may include an employee losing a laptop or e-mailing a sensitive document to the wrong person.
However, this type of coverage is not just limited to governmental and healthcare-based privacy breaches. It can also be useful for non-governmental regulations that intersect with the payment card industry and are subject to payment and financial regulatory standards.
Liability coverage
This type of coverage protects the policyholder and any insured individuals from the risks of liabilities that are a result of lawsuits or similar claims. If the covered entity is sued for claims that come within the coverage of the insurance policy, then this type of coverage will protect them.
There is a range of types of cybersecurity insurance liability coverage, which include:
Privacy liability
This applies to the costs of defense and liability when there has been a failure to stop unauthorized use/access of confidential information (which may also include the failure of others with whom the entity has entrusted data).
Coverage can also extend to include personally identifiable information and confidential information of a third party.
Security liability
On a higher level, this type of coverage applies to the costs of defense and liability for the failure of system security to prevent or mitigate a computer-based cyber attack, which may include the propagation of a virus or a denial of service.
An important note — failure of system security also includes failure of written policies and procedures (or failure to write them in the first place) that address secure technology use.
Multimedia liability
This type of coverage applies to the defense and liability for a range of illegal activities taking place in an online publication, such as libel, disparagement, misappropriation of name or likeness, plagiarism, copyright infringement, or negligence in content.
This coverage extends to websites, e-mail, blogging, tweeting, and other similar media-based activities.
Cyber extortion
This type of cybercrime event is generally a form of a ransomware attack, in which a cybercriminal keeps encrypted data inaccessible (or, alternatively, threatens to expose sensitive data) unless a ransom is paid.
Coverage of this type addresses the costs of consultants and ransoms, including cryptocurrencies, for threats related to interrupting systems and releasing private information.
Will Cybersecurity Insurance Completely Protect Your Business Against Cybercrime?
A common misconception is that a cybersecurity insurance policy is a catch-all safety net, but that’s simply not the reality. Without a comprehensive cybersecurity strategy in place, a business may not qualify for a policy in the first place.
Furthermore, in the event of a hack, a business may not qualify for full coverage if their cybersecurity standards have lapsed, or if they can be found to be responsible for the incident (whether due to negligence or otherwise).
The core issue is that as cybercrime becomes more common and more damaging, insurers will become more aggressive in finding ways to deny coverage. It’s in the interest of their business to pay out as little as rarely as possible, which means the policies will tend to rely on a series of complicated clauses and requirements that covered parties have to comply with.
A key example of this is when Mondelez International was denied coverage for the $100 million of damage they incurred from the NotPetya attack. Their insurer, Zurich Insurance, cited the obscure “war exclusion” clause, claiming that Mondelez was a victim of a cyberwar.
This is not an isolated incident. As discovered by Mactavish, the cybersecurity insurance market is plagued with issues concerning actual coverage for cybercrime events:
Coverage is limited to attacks and fails to address human error
Claims are limited to losses that result directly from network interruption, and not the entire period of business disruption
Claims related to third-party contractors and outsourced service providers are almost always denied
All this goes to show why business owners need to look carefully at the fine print of their cybersecurity insurance policy and ensure their cybersecurity standards are up to par. No one should assume they’re covered in the event of a cybercrime attack—after all, for every $1 million paid in premiums, insurance companies only pay out $320,000 in claims.
We’ll Manage Assist With Your Cybersecurity Insurance Needs
Need help assessing and improving your business’ cybersecurity before you sign up for an insurance policy?
Our team provides cybersecurity and technology services for organizations like yours—we are available to help you develop a robust cybersecurity defense.
We can ensure you qualify for a policy and minimize the chance that you’ll have to make a claim on your cybersecurity insurance. Get in touch with our team to get started.
by Felicien | May 22, 2023 | Education
What Exactly Does A Password Manager Do?
A password manager generates, keeps track of and retrieves complex and long passwords for you to protect your vital online information.
It also remembers your PINS, credit card numbers and three-digit CVV codes if you choose this option. Plus, it provides answers to security questions for you. All of this is done with strong encryption that makes it difficult for hackers to decipher.It also remembers your PINS, credit card numbers and three-digit CVV codes if you choose this option.
What Options Are There For Password Managers?
LastPass
This password manager will help you keep track of passwords and what sites they’re intended for. LastPass uses a master password or your fingerprint to identify you.
After logging in to LastPass, you can view and edit your passwords and their associated sites, as well as your usernames and the website you’re accessing.
A premium membership for LastPass costs $24 a year ($2 a month) and includes password sharing with those you designate. This membership also provides priority technical support if you need assistance.
Dashlane
Dashlane is free and provides many of the same benefits as LastPass. However, if you want to sync your passwords to a mobile device or use two-factor authentication, you must pay $39.99 for their Premium Plan. They also offer a Business Plan for $48 a year that includes everything in the Premium Plan plus:
Smart Spaces for unlimited work and personal password storage.
An Admin Console with Custom Policies.
Secure Password Sharing with Group Management.
Easy Account Administration (SAML, MSI, Active Directory).
Extra 2FA Options.
A Dedicated Account Manager (for accounts 50+).
1Password
1Password offers a free 30-day free trial. After this expires a personal account costs $2.99 a month, or $4.99 a month for a family with five members. They also offer a “lifetime license” for $65.00. 1Password is the only password manager that allows you to store passwords locally via their Local Vault rather than in the cloud. 1Password 6 for Windows does not currently support local vaults, but 1Password 7 for Windows does. If you’re worried about losing access to the Internet, you might consider this.
How Do You Set Up A Password Manager?
Using a password manager is pretty simple. When using a password manager, you simply download and install the software. You must also download and install the extensions for the different browsers you use.
If you want to use these password managers on your smartphone, you must download their mobile apps. None of this is complicated and should only take a few minutes.
To set up an account, you must provide your email address, and you’ll also need to come up with a master password—a long, random, complicated one, along with at least one security question. Then you must provide information about your various accounts.
You can either import passwords that you have stored in your browsers or let the password manager store your username and password when you log in to a website. Once you get started, the password manager will help you along the way.
Do You Really Need A Password Manager?
Not necessarily, depending on who you are. You do not need a Password Manager if you can do the following on your own:
1. Create long, complex, unintuitive strings of characters, unique for each account you access on a regular basis
2. Memorize each and every one of these passwords
3. Update them on a regular basis
Let’s be honest, though—doing all of the above on your own is a lot of work, and you’re likely to make a mistake at some point. That’s why it’s easier to simply use a manager.
Don’t Let A Weak Password Be The End Of Your Practice
In the end, managing a strict password policy, creating strong passwords, and using password managers can be frustrating, but it’s incredibly important. If you’re unsure about implementing these procedures, you can get a little help from our team
Privacy and security are major concerns for personal users and businesses alike these days, and so you have to be sure that you aren’t making it easy for hackers to access you or your business’ private data.
Get in touch with our team to start enhancing your password security.
by Felicien | May 8, 2023 | Education
What is Lorem Ipsum?
Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry’s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Ipsum.
Why do we use it?
It is a long established fact that a reader will be distracted by the readable content of a page when looking at its layout. The point of using Lorem Ipsum is that it has a more-or-less normal distribution of letters, as opposed to using ‘Content here, content here’, making it look like readable English. Many desktop publishing packages and web page editors now use Lorem Ipsum as their default model text, and a search for ‘lorem ipsum’ will uncover many web sites still in their infancy. Various versions have evolved over the years, sometimes by accident, sometimes on purpose (injected humour and the like).
Where does it come from?
Contrary to popular belief, Lorem Ipsum is not simply random text. It has roots in a piece of classical Latin literature from 45 BC, making it over 2000 years old. Richard McClintock, a Latin professor at Hampden-Sydney College in Virginia, looked up one of the more obscure Latin words, consectetur, from a Lorem Ipsum passage, and going through the cites of the word in classical literature, discovered the undoubtable source. Lorem Ipsum comes from sections 1.10.32 and 1.10.33 of “de Finibus Bonorum et Malorum” (The Extremes of Good and Evil) by Cicero, written in 45 BC. This book is a treatise on the theory of ethics, very popular during the Renaissance. The first line of Lorem Ipsum, “Lorem ipsum dolor sit amet..”, comes from a line in section 1.10.32.
The standard chunk of Lorem Ipsum used since the 1500s is reproduced below for those interested. Sections 1.10.32 and 1.10.33 from “de Finibus Bonorum et Malorum” by Cicero are also reproduced in their exact original form, accompanied by English versions from the 1914 translation by H. Rackham.
Where can I get some?
There are many variations of passages of Lorem Ipsum available, but the majority have suffered alteration in some form, by injected humour, or randomised words which don’t look even slightly believable. If you are going to use a passage of Lorem Ipsum, you need to be sure there isn’t anything embarrassing hidden in the middle of text. All the Lorem Ipsum generators on the Internet tend to repeat predefined chunks as necessary, making this the first true generator on the Internet. It uses a dictionary of over 200 Latin words, combined with a handful of model sentence structures, to generate Lorem Ipsum which looks reasonable. The generated Lorem Ipsum is therefore always free from repetition, injected humour, or non-characteristic words etc.
by Felicien | May 8, 2023 | Education
What is Lorem Ipsum?
Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry’s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Ipsum.
Why do we use it?
It is a long established fact that a reader will be distracted by the readable content of a page when looking at its layout. The point of using Lorem Ipsum is that it has a more-or-less normal distribution of letters, as opposed to using ‘Content here, content here’, making it look like readable English. Many desktop publishing packages and web page editors now use Lorem Ipsum as their default model text, and a search for ‘lorem ipsum’ will uncover many web sites still in their infancy. Various versions have evolved over the years, sometimes by accident, sometimes on purpose (injected humour and the like).
Where does it come from?
Contrary to popular belief, Lorem Ipsum is not simply random text. It has roots in a piece of classical Latin literature from 45 BC, making it over 2000 years old. Richard McClintock, a Latin professor at Hampden-Sydney College in Virginia, looked up one of the more obscure Latin words, consectetur, from a Lorem Ipsum passage, and going through the cites of the word in classical literature, discovered the undoubtable source. Lorem Ipsum comes from sections 1.10.32 and 1.10.33 of “de Finibus Bonorum et Malorum” (The Extremes of Good and Evil) by Cicero, written in 45 BC. This book is a treatise on the theory of ethics, very popular during the Renaissance. The first line of Lorem Ipsum, “Lorem ipsum dolor sit amet..”, comes from a line in section 1.10.32.
The standard chunk of Lorem Ipsum used since the 1500s is reproduced below for those interested. Sections 1.10.32 and 1.10.33 from “de Finibus Bonorum et Malorum” by Cicero are also reproduced in their exact original form, accompanied by English versions from the 1914 translation by H. Rackham.
Where does it come from?
Contrary to popular belief, Lorem Ipsum is not simply random text. It has roots in a piece of classical Latin literature from 45 BC, making it over 2000 years old. Richard McClintock, a Latin professor at Hampden-Sydney College in Virginia, looked up one of the more obscure Latin words, consectetur, from a Lorem Ipsum passage, and going through the cites of the word in classical literature, discovered the undoubtable source. Lorem Ipsum comes from sections 1.10.32 and 1.10.33 of “de Finibus Bonorum et Malorum” (The Extremes of Good and Evil) by Cicero, written in 45 BC. This book is a treatise on the theory of ethics, very popular during the Renaissance. The first line of Lorem Ipsum, “Lorem ipsum dolor sit amet..”, comes from a line in section 1.10.32.
