Insurers consider many factors when they assess a business’s suitability for comprehensive Cyber Liability Insurance. These Are also idea’s that a business may look to implement in order to stay safer and be able to continue to operate should a breach arise.
Do you back up all data?- This is common practice now but you should always have a hard copy and an online copy. It is easier for hackers to take the online files should they manage to fight their way through all the security, but it is much harder for them to take a copy that has no connections. I would recommend that data is backed up daily as a lot can change in a day and you only keep files that you need or are legally required to keep.
Are users restricted?- You should restrict the number of users on the network and control the levels of access that users have. Only give users access to the files that they will need. This will reduce the amount of damage that an attacker can due using an employee’s credentials.
Do you delete inactive users?- Users that no longer work for the business should be deleted. This will reduce the access points for a hacker. Thus, making it harder to get in.
Have you deleted data that is no longer relevant?- All data that a business should hold should be useful or required by law all other data beyond this should be deleted from your system. This will reduce the risk of the business as the less data they hold the easier it is to secure. This will also mean that should a breach occur you don’t have to worry that data has been stolen that you had forgotten about and as a result notification costs will fall as well as remediation costs.
Can you tell them where your data is?- You should know where your data is stored and where you keep your records. This will allow you to protect these places and improve security should it be needed.
How often do you Change passwords?- All users should be prompted to change their passwords monthly. This will reduce the opportunity that a hacker has to enter the network. Users should also keep their passwords private and not divulge their passwords to any other employee’s.
Is there a plan?- Insurers prefer it if you have a plan in place. Its uncommon that business have developed a plan often because it’s something that they have never considered. A plan will include the necessary actions and procedures that you have in place should a breach occur. This may include how you will notify the necessary parties and businesses that you may call in order to rectify the situation.
