As an IT Support company, which works closely with many professions and industries, we are often party to discussions regarding our clients Cyber Insurance cover.
We are often asked the question: “you look after our security so why do we need cyber cover?”
The simple response is: “do you cancel your fire cover once you fit a fire alarm?” or, “having fitted a burglar alarm do you still have theft insurance?” – It’s a good analogy.
Whilst we shouldn’t get into the advantages of having cyber insurance, we’ll leave that to those more qualified, it is important that those who have such cover are aware of the stipulations insurers require. We would hate for a business to claim on their Cyber Insurance, only to find out that they’re not covered.
Typical criteria include:
• Ensuring you have a defined process for implementing updates to systems and applications
This should include Windows Updates, and Updates to software such of Office, Adobe and other packages. Failing to install updates when needed can leave critical security flaws in your systems.
• Having a commercial-grade anti-virus software, which is regularly update
The important part of this sentence is “Commercial Grade”. Organisations using domestic, or “home-user” anti-virus software could likely find their Cyber cover invalid. It is also worth checking the T’s & C’s for free anti-virus packages as they may well be restricted to non-commercial use.
• Ensuring you regularly backup your data (including your website)
There may be stipulations as to how frequently you backup your data, and even where you back it up. Options include in the cloud, on a physical disk, and if kept at a alternative location. If you leave your backup drive plugged in to your computer, and you are burgled, it’s unlikely they will leave your backup behind for you!
• Having a defined password policy and/or implementing two-factor authentication
It used to be the case that some Insurers required passwords to be renewed on a regulate basis, say every 30 or 60 days. With two factor authentication, this isn’t generally the case, but it’s worth checking the small-print to see what’s required.
Some Insurance companies have many more criteria whilst others stick to the basics, either way, it would be a good idea to check the small print of your cyber policy. One of our clients has a stipulation that when setting up a new payee on their bank account they MUST phone the payee and check the bank details. Something we do as a matter of course.
If you would like a discussion on the security measures that can be put in place, whether it be to backup your cyber insurance or not, please don’t hesitate to get in touch.