The costs from one of these attacks can be devastating, and many small businesses can’t recover. Even if they strengthen their IT infrastructure to prevent future attacks, companies can suffer from loss of customer trust that hurts business for years.
Many SMB owners have property insurance to protect themselves from a devastating loss due to a natural or man-made disaster. This ensures they don’t lose everything and can get back on their feet after a major crisis that destroys business property.
Another type of insurance that is becoming increasingly popular is cybersecurity liability insurance. This type of insurance covers multiple costs in the event of a cyberattack and helps ensure that one data breach won’t cause a company to have to close its doors.
Typical Expenses Covered by Cybersecurity Insurance
While coverage varies according to carrier and policy details, here are some of the general costs that cybersecurity insurance can cover:
- Notifying customers of a data breach
- Restoring the personal identities of impacted customers
- Recovering compromised data
- Repairing damaged computer systems
- Damages to your business due to a data breach
- Legal bills if you are sued as the result of a breach
- Ransomware payments (in some cases)
What Questions Do You Have to Answer When Applying for Cybersecurity Insurance?
Many business owners get confused when they see the cybersecurity insurance application. It’s filled with several technical questions about your IT and data security.
It’s best to get help from a pro, like Pro Tech Guy when filling out this type of application because if you answer a question wrong, you could end up paying hundreds of dollars more in premium costs each year than you should.
Here are some of the common questions that you’ll see on an application for cybersecurity liability insurance.
Do You Tag External Emails to Alert Employees of Origination Outside the Organization?
Phishing scams will often spoof the email address of the company they’re targeting to get employees to think it’s an internal email. An important protection against this tactic is to have an automated system in place that will alert employees when an email originates outside the organization.
Having this system in place can reduce premiums because it helps employees avoid being fooled by clever phishing emails.
Have you Implemented SPF, DKIM, or DMARC?
Another protocol that’s related to email address spoofing is email authentication. If you see a question like this on a cybersecurity insurance application, it’s asking whether or not you’ve enacted one or more of the three key authentication protocols on your mail server.
SPF, DKIM, and DMARC are three protocols that all work together to detect when the email address shown as the sender is not actually the originating domain of the message.
Do You Use Multi-Factor Authentication (MFA) to Secure Your Cloud Accounts?
Multi-factor authentication is known to be one of the best protections against having your cloud account passwords breached. If you don’t already have this put in place on all your accounts, you should do that.
It’s an easy way to lower your potential cyber insurance premiums and put significant protection on your cloud accounts.
Do You Use a Next-Generation Antivirus (NGAV)?
This question can confuse business owners because they’re unsure what the difference is between regular antivirus and next-generation antivirus. The NGAV version is more robust and uses AI to detect anomalies in behavior. It doesn’t just match code against a database of known threats.
Do You Actively Monitor Administrative Access for Unusual Behavior Patterns?
Monitoring administrative access to your systems and cloud accounts is important to prevent an insider attack. Insider attacks can happen either from a disgruntled employee or (which is more often the case) from a hacked admin account.
Putting monitoring systems in place to spot unusual behavior, can reduce your risk of a serious data breach.
Do You Keep Track of All Software & Hardware Assets Deployed Across Your Company?
Most business owners would instinctively answer, “yes” to this question, however, they might not be aware of shadow IT being used by their employees. If you don’t have a cloud use policy in place, staff could unknowingly be weakening your data security by using cloud apps that you know nothing about for their work.
Do You Use a Protective DNS Service to Block Access to Malicious Sites?
Another inexpensive strategy that can bring important phishing protection is a DNS filter. This blocks access to sites that are known to be malicious.
If an employee is fooled by a phishing email and clicks on a link to a dangerous website, the DNS filter will identify the danger and redirect the person’s browser to a warning page.
Get Help With Basic Protections That Significantly Improve Your IT Security
Need help filling out a cybersecurity insurance policy or with putting easy solutions in place to reduce your risk and premiums? Pro Tech Guy can help your Framingham or Natick business with the basic protections that improve your IT security significantly.
Contact us today to learn more. Call 508-364-8189 or reach us online.