The only way an insurance agency survives is to minimize their risk by underwriting businesses that meet certain criteria. In the technology space, the financial risks of data corruption and loss is significant, so insurance underwriters ensure that their clients meet specific standards prior to issuing coverage.

The following questions are drawn from underwriting checklists and they provide a window into best security practices which can be used as a guide for management teams evaluating technology security practices.

  • Do you have an actively managed up-to-date firewall technology that is independent of your carrier?
  • Do you have patch management procedures in place for all operating systems, such as Windows or IOS as well as all application software such as Office, Adobe, QuickBooks etc.? (underwriters require updated patching at a minimum monthly)
  • Do you employ multi-factor authentication for remote and/or privileged access?
  • Is your remote access limited to VPN?
  • Do you have media and website content controls? You should actively monitor every browser request, monitors for malware and the security of the websites your employees are visiting.
  • Do you have intrusion detection, malware and anti-virus on 100% of the computers that attach to your network, including BYOD?
  • Are your data back-up procedures adequate to sustain your organization through a cyber-attack?
  • If you have outside consultants working on your network, do they have adequate cyber-security controls on their network? (ask your vendor to provide an audit report of their own security)
  • If applicable, are you HIPAA or PCI compliant? Or, if you are subject to other regulatory bodies that effect your technology requirements, are you compliant?
  • Do you have the right IT policies in place? Your written policies should include:
    • Acceptable Use Policy (AUP)
    • Disaster recovery plan
    • Business continuity plan
    • Written procedures for testing and auditing network security controls
    • Comprehensive response plan for data breaches as well as data compromise

Whether or not you are actively seeking cyber-liability insurance, take your team through this checklist to ensure you are following best industry practices.

If you have questions on how to execute on these items, I would be happy to share insights on where you and your company may be at risk for a cybersecurity attack or loss of data. To make scheduling easier, here is a link to my calendar, please pick a time that works best for you. | 703.879.2070