With 2023 officially underway, it’s likely that you are amongst the top 76% of IT business leaders (according to IDC 2022 surveys) who plans to bolster up their budget with IT security and compliance initiatives this year.
If you plan to bolster up your IT budget with IT Security and Compliance initiatives this year, know that you are in good company, and are among 76% of top IT Business Leaders surveyed by IDC research who also plan to increase budget to address security initiatives.
Cyber liability insurance ranks top amongst the ways in which business leaders plan to protect their data, customers, reputation, and financial health moving into 2023.
We’ve outlined the top requirements Portola Systems engineers and technicians routinely encounter when supporting customer networks and achieving cyber liability policy readiness
1.) Ensure all PCs are managed, and applications are patched regularly, and remain free from vulnerabilities. Unpatched software is a leading cause of system breach. An effective patch management policy includes a central dashboard to inventory, monitor and mandate patches for not only the operating system of the business PC fleet, but also acts as inventory and patch database for all 3rd party applications allowed on corporate machines, such as Adobe Suite, Office Suite, web browsers (Chrome, Firefox, Edge, Safari), and countless other line of business applications. Insurance providers will want to know that PCs staff use to access sensitive business information are properly maintained by your service desk.
2.) Protect accounts with multi-factor-authentication (MFA). Passwords alone are no longer enough to protect remote access or cloud-based systems. VPNS, Office 365, Google and other line of business applications that store business information should be protected by MFA. By inventorying and planning the right MFA solution, your companies central identity store (central location where all users accounts such as email are defined) can be leveraged to restrict access to all lines of business applications using single-sign-on, a central MFA policy can be configured to enforce MFA organization wide for applications such as VPN, Zoom, DocuSign, QuickBooks Online, Adobe, and many others that your carrier will want to see restricted by MFA policies.
3.) Deploy centrally managed anti-virus, with end point detection and response that logs and reports PC activity back to a central system. Legacy anti-virus applications are no longer enough to protect your sensitive data against today’s advanced cyber-attacks. Your insurance carrier will want to know that your service desk has included a next-generation anti-virus application amongst the many tools in-place to reduce risk of breach and insurance claim.
4.) Protect users and email accounts with anti-phishing tools. Email records should be configured to meet strict DNS requirements and anti-phishing email protections should be configured to block malicious payloads, unsafe links, and other unwanted email traffic. Not only do you need these technical safeguards in-place, but your insurance carrier will want to know that your staff are routinely trained and are equipped with the skills to spot erroneous and malicious emails from unwanted senders.
5.) Backup and recovery policies should be in-place, routinely tested, and backups should be stored in secure, immutable 3rd party systems outside of your production environment. When all else fails to protect you from attack, your carrier is going to want to know that your data is going to be recoverable. If your company carefully monitors, maintains, and routinely tests backup systems integrity, along with procedures for restore, your carrier will be happy knowing that even in the event of breach, your data will remain recoverable, and risk of catastrophic loss reduced.