Sure, you have cybersecurity insurance coverage.

But are you sure it will pay out when you need it?

The worst case scenario for cyberinsurance coverage is unfortunately all too common:
Organizations discover the limits or exclusions of their policy after an incident occurs, and find out their cyberinsurance claim won’t be covered.

You can avoid the same fate by taking time now to review and understand the requirements for cyberinsurance coverage. Here are five best practices for cybersecurity that will satisfy your insurance company, whether you’re signing up for the first time or renewing your coverage.

✔ Enable multi-factor authentication.

Multi-factor authentication (MFA) is literally the simplest— and most cost effective — security tool. It’s a multi-step login process that requires users to enter more than one type of identifying information before gaining access to an application. It should be the first thing you do for all your accounts to stop hackers. MFA requires using an authenticator app (which is the most secure method of authentication) or a text message or email to confirm your identity.

There’s no good reason NOT to enable MFA because it’s (usually) free and simple to do. If you’re familiar with admin consoles, you can enable this yourself without any special tool or outside help needed. If you can implement this for cloud vendor accounts, do it. It’s a proven way to stop hackers from breaching your systems and accessing your data.

If you haven’t enabled this simple, and usually free, security tool, insurance companies may give some pushback when it comes to paying claims.

✔ Back up your data regularly.

From an insurance company’s perspective, backed up data is crucial. Proof of backups are required by many insurance companies in order to gain coverage.

To prevent hackers stealing or destroying your data, you need both immutable backups (those that cannot be altered or deleted once created) and segregated backups (completely separate from your system). You can back up your data yourself (air gapped cloud backups are not difficult to do) or look for a vendor like ADS to help.

✔ Make sure you have an endpoint detection and response solution in place.

An endpoint detection and response solution is an AI-driven agent on a machine that actively monitors endpoints for suspicious or malicious activity and, if need be, quarantines or shuts down a program on its own. This type of solution, which works around the clock, is invaluable for companies that don’t have specialized IT and cybersecurity employees.

Managed detection and response does the above — plus it adds a built-in team member who jumps into action when a problem occurs. With managed detection and response, a human is immediately available when an issue is reported to ensure timely remediation.

Did you know… Atlantic Data Systems offers flexible endpoint security deployment and management options through a single agent. This can be managed on-premise, through the cloud or in a hybrid model; with a single console with real-time threat visibility. You can learn more here.

✔ Secure your company’s email.

Securing email goes beyond simply using what Google and Microsoft offer. The goal of these companies is to help you be productive, not to ensure email security.

Specialized email security products filter out malicious actions by inspecting for any signs of malicious payload (links, attachments, etc); identifying suspicious email senders; and either quarantining emails or releasing them to your company’s inboxes. This added layer of security does not cost a lot, and while it may not currently be required by your insurance, it will likely be added on as a requirement soon.

✔ Train your employees on cybersecurity awareness.

For many businesses, the human aspect of cybersecurity is the most difficult one: It’s incredibly challenging to steer employees away from using unsafe password practices, clicking on links they shouldn’t, and opening suspicious email attachments. Employee training can help your team become aware of risky behavior and learn alternate, better behaviors. Training could be anything from a single group session to one-on-one training courses; it can even be sprinkled into team meetings based on your company’s needs and your employees’ levels of cybersecurity sophistication.

Let’s address cybersecurity issues before they cost you big time.

If your business isn’t doing one or more of these practices, contact Atlantic Data Systems today for help. We’ll audit your cybersecurity to ensure any of these missing pieces are addressed, so you can be sure you get the coverage you deserve when an attack strikes.