We're sorry but your browser is not supported by victorinsurance.com

For the best experience, please upgrade to a supported browser:

X

Cyber hygiene controls are critical

Cyberattacks continue to increase, fueled by more sophisticated and persistent attackers. With companies in all sectors at risk, ransomware attacks have increased and multimillion-dollar ransom payment demands are no longer a rarity. 

Controls are key

As cyberattacks and related claims have skyrocketed, more questions are being asked than ever before about applicants' cyber operating environment and the controls they have in place to become cyber resilient. While these controls have been established best practices for several years, some organisations are still struggling to adopt them - most often because they have not been able to justify the cost or did not understand or see the need for controls. Although cyber resilience controls were previously required in regulated industries, they were often more about checking a box than enhancing security. 

Organisations across the board need to make a concerted effort to adopt controls that mitigate ransomware risks and improve their cybersecurity posture and resilience. 

 

Five controls to adopt now 

There are 12 main areas that organisations should focus on (see infographic below). However, as a starting point, they should prioritise the following five cyber hygiene controls to have the most impact on insurability, mitigation and resilience:

  1. Multifactor Authentication (MFA)
    Hackers today have access to technology able to break user passwords, even ones considered strong – especially when users reuse passwords across multiple sites, which occurs frequently. Organisations should bolster their security through MFA, which requires at least two pieces of evidence (factors) to prove the user’s identity. Usually, the two factors are something you know and something you have. For example, a time-sensitive pin code delivered either through an app or via text message is often a second factor on top of the user’s password. Although no cybersecurity tools are perfect, MFA provides a substantial barrier to entry. 

  2. Endpoint Detection and Response (EDR)
    It’s important for companies to have up-to-date information about the security posture of any devices employees use to receive corporate information, whether it’s a laptop, desktop, or mobile device. Widely available software gathers critical information, such as the location of the device, the last time it was updated, current software version, and any attempts to download new software. EDR offers continuous monitoring and more advanced detection and automated response capabilities. The monitoring software will watch for any suspicious or irregular activities. EDR also facilitates rapid incident response across an organisation’s environment.

  3. Secured, Encrypted, and Tested Backups
    Increased ransomware activity underscores the need for organisations to have a robust backup strategy for their critical data and applications. Backup intervals will depend on how often the data changes, but most organisations run periodic full backups — for example weekly or multiple times per month — and more regular incremental backups daily or every few days. Backups should be encrypted so that they cannot be tampered with. It is a best practice to logically separate backups from the network to ensure they’re not easily accessible to any threat actors. Immutable backups, which lock up previous versions of your backup to prevent it from being altered or deleted, offer a similar layer of security. The IT / IS department should establish a data restoration testing schedule during which backups are restored to ensure that they are working as intended.

  4. Privileged Access Management (PAM)
    Users should be required to use higher security login credentials to access administrator or privileged accounts. And, special users — such as IT, network, or database administrators — should only be allowed to carry out specific tasks through their privileged access. Users with privileged or administrator accounts should be required to log out of their privileged accounts to conduct any non-privileged tasks. That means that a system administrator that logged in through his or her privileged account to change security settings should log out after that task is completed and be required to use "standard user" credentials to check email or browse the web, even if these are work-related tasks. Many organisations implement privileged access management solutions to automate privileged credential management and session management.

  5. Email Filtering and Web Security
    Email and web browsing platforms are full of pitfalls and need to be controlled to avoid threat actors gaining an initial foothold into your network. Email filtering seeks to identify any messages that include links or attachments. Advanced systems will screen links and attachments to identify any potential malware or other malicious content. Flagged attachments can be opened in a “sandbox” to be thoroughly checked for malware. Organisations should block access to any web pages that are deemed inappropriate and those that may contain malware. These security controls should be active at all times, whether a user is working at the office or remotely, to prevent exposure to websites where bad actors may be seeking to take advantage of unsuspecting web browsing activity.

Having the necessary cyber hygiene controls in place can help organisations achieve their risk transfer goals, provide a higher level of security, a better ability to identify threats, and ideally allow them to recover more quickly from an attack.

Contact us for more information.