If you’re an insurance company, you already know this secret, but if you are in any other industry in South Florida, you may often forget this fact: Insurance companies – like the rest of us – are in it for a profit, NOT to pay out policy claims!
There has been a huge shift in how much profit vs claims insurance companies would have paid out to their clients. It used to be that carriers were keeping 70% of premiums as profit and only paying out 30% in claims. Today, it is the opposite. Carriers have had to completely change the cyber-security policies that they require from their clients. Here are a few of the things that you would need to have in place to be sure that in the instance of a breach, your insurance company would actually cover the cost.
- Two-Factor Authentication
- Password Management
- EDR- Endpoint Detection and Response
- Tested and Proven Data Backup Solutions
- Employee Cyber-Security Training
- YOUR enforcement of documented and implemented policies and procedures
This is a simple fix, but if your IT company or IT guy has not implemented 2FA or MFA on your business applications, they are being both lazy and negligent. Today, multi-factor authentication is required for tightening up security in your organization.
If your employees keep a written list of passwords at their desk – especially if they have covered their monitor with post-it notes of passwords, this is a huge security risk. A password manager will remedy this problem. It will also encourage employees not to use the same password for every account.
It used to be that anti-virus was enough to protect your small to medium-sized business, but one security tool we are now requiring all of our clients to use is EDR. EDR analyzes data through monitoring to identify threat patterns and respond to threats by removing or containing them. If your IT guy or IT company has not discussed this with you, they are putting your business at risk.
South Florida Data Backup must be tested. In the case of a hurricane, if the server room is flooded and the off-site backups are not working and tested, how would you know that you won’t lose everything that your IT company is claiming to have backed up? Unless they do random file and folder restores, you cannot be sure your backups are safe.
There are many training modules to choose from, but it is important to build in to your employee onboarding procedures time to learn about threats like phishing attacks, what not to click, work from home policies and bring your own device best practices.
Ultimately, the responsibility is YOURS. How you write your policies, how you train your employees, how you model good practices, and how you make cyber-security a part of your every-day company culture.
We would love to meet to discuss all of the things you can do to make sure that your cyber-insurance company would actually cover a claim in the case of a breach. Please reach out to us to learn how to lock down all of your practices to keep up with the ever-changing tactics of cyber criminals.