Cyber Insurance Blog

Cyber Security Risks–and 12 Controls to Manage Them

Cyber Security Risks–and 12 Controls to Manage Them

Today’s cyber threat landscape is treacherous. No business or organization, of any size, can safely ignore cyber security risks and controls.

We at ProWriters want to help you educate your clients about cyber threats they face and preventative controls they can use to manage their risk.

 Businesswoman uses laptop computer on her desk to read email received via secure email gateway, a key cyber security control.

One Dozen Cyber Security Controls Your Clients Can Use

Here are 12 cyber security risk controls businesses and other organizations should implement:

1. Secure Email Gateway (SEG)

An SEG scans incoming and outgoing email for spam, fraudulent content, viruses, and malware, while allowing safe, legitimate messages to reach intended recipients.

2. Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-Based Message Authentication, Reporting, and Conformance (DMARC)

SPF restricts who can send email from a domain. DKIM adds an encrypted digital signature, proving messages came from a trusted server. DMARC checks incoming messages for SPF and DKIM, and it tells servers how to handle suspect emails.

These three protocols help prevent spamming, spoofing, and phishing, leaving email less likely to be compromised.

3. Password Managers

 IT forensic engineer sits at his workstation with two large monitors, representing an MDR service, a key cyber security control.

Instead of relying on easily remembered but readily cracked passwords, use a secure password manager to generate and retrieve strong, complex, unique passwords. Passwords using long strings of numbers, letters, and special characters are harder for hackers to discover.

4. Multifactor Authentication (MFA)

MFA is one of the easiest—yet, among businesses, least-widely adoptedcyber security controls.

“Multifactor” means access requires more than a username and password. Answering a security question, entering a unique code texted to a mobile phone, or using a PIN with a chip-equipped credit card are common examples.

5. Patch Management

Responsible software manufacturers continually update their programs to “patch” actual or potential vulnerabilities. Regularly check software for updates, and install patches whenever they become available.

6. Remote Desktop Protocol (RDP) Ports

Microsoft’s proprietary RDP ports provide an encrypted channel for users to access a network. While these ports are important cyber controls, criminals scan for and exploit open ones. Frequently check RDP ports and, as needed, fix them.

7. Managed Detection and Response (MDR) Services

Cyber insurance broker sits at his desk with a laptop computer, reviewing cyber liability options for his business clients.

MDR services monitor a network’s endpoints—servers, desktop and laptop computers, smartphones, and more. They identify cyber threats in real time and investigate, mitigate, and contain them.

Sometimes called EDM (Enterprise Data Management) services, they often include security consultation and 24/7 incident response.

8. Data Backups in Cloud Services

When businesses back up data on a remote server, they can quickly access and restore it after a cyber incident. For instance, storing backups in cloud services could mean a business won’t have to pay an exorbitant ransom to get data back.

9. Dual Authorization

Instances of invoice fraud and manipulation are rising. Before paying an invoice, call the vendor—avoid sending an email or calling the number on the invoice, as you might end up communicating with cyber criminals—to confirm the invoice’s legitimacy. Then, have at least two people authorize the check, ACH transaction, or wire transfer.

10. Employee Training

Human error causes 85% of data breaches. The more your employees know how to mitigate risks and implement security protocols, the better.

Create a corporate culture in which everyone is expected to know about cyber security risks and controls. Offer cyber risk management training, such as that available from KnowBe4, on a regular or on-demand basis. Cyber insurance carriers often require such training and sometimes make it available themselves.

11. Incident Response (IR) Plan

An IR plan is a set of written instructions outlining steps all internal stakeholders should take in the wake of a cyber incident.

The plan should include information about contacting trusted cyber security professionals. “You need to be able to contact someone through a hotline number and have them pick up [even] at odd hours and quarterback the overall situation,” says Mark Greisiger, president of cyber risk management company NetDiligence, which helps organizations create IR plans. Otherwise, management will be left scrambling—and may make major, expensive missteps.

Some states require IR plans. Some cyber insurance carriers do, too.

12. Cyber Insurance Policy

Even businesses paying close attention to cyber security risks and controls aren’t 100% safe. A robust cyber insurance policy protects against costs associated with a cyber incident, such as:

  • Ransom payments to hackers.
  • Business interruption costs.
  • IT forensics to establish what happened, how it occurred, and what data was affected.
  • Repair or replacement of devices and digital assets.
  • Public relations costs.
  • Notification and credit monitoring to affected customers.
  • Third-party liability costs in lawsuits brought by customers, vendors, or others.

The average cost of a data breach continues to rise. A strong insurance policy is a cyber security control businesses can’t afford to be without.

Help Clients Guard Against Ransomware and Other Cyber Threats

While ransomware isn’t the only cyber threat your business clients face, it is one of the most prevalent.

For sound advice you can give to help them protect themselves, download our free eBook, “Ransomware: The Front Lines.” It explores what makes these attacks so dangerous, the preventative controls effective against them, and how organizations can recover after ransomware strikes.

And as you discuss cyber security risks and controls with your clients, urge them to acquire or reevaluate their cyber insurance. ProWriters can help you find and quote multiple strong, competitively priced options from top carriers.

To find out how, schedule a consultation with us online, or call us at (484) 321-2335.

Subscribe to Our Monthly Newsletter!

    Retail vs. Wholesale Brokerage

    Experts Weigh In

    Get the eBook