Questions Cyber Insurance Companies Will Ask You

by | Aug/11/2022

If you have existing or are applying for new Cyber Insurance coverage, be prepared for the questionnaire. Knowing what they’ll ask can give you time to put systems in place to answer “yes” to the questions that can affect your premium rates and even whether you’re still considered insurable.

Common questions on insurance applications include:

Do you use MFA? Multi-Factor Authentication means your users must go through a second step when logging in. A prevalent mode of the second factor is when you receive a text message with a code as part of the login process. The second factor could be a number from an app on the users’ phones. If your insurance will accept it, using hardware keys that plug into USB ports can be the second factor. Some insurance companies will approve biometrics, including fingerprints or facial recognition. In the interest of security, you should enforce MFA everywhere possible, including VPN, Remote Desktop, and SaaS offerings.

Do you provide ongoing cybersecurity training and periodic phishing simulation emails to measure worker proficiency? One often overlooked aspect of training, and simulated phishing is that it might take time for your already overworked staff to configure, send, monitor, and produce reports about the results every month. You’re welcome to contact us to provide that service, and we do 100% of the work, so there is no additional burden on your workers. Training for new employees is available.

Do you provide password management tools to users? Tools that remember and automatically enter users’ passwords can help encourage users to use different passwords for every login. Users with the habit of reusing passwords pose a risk to your organization. Once attackers compromise a password, they will attempt to use that same password at popular sites. This practice is sometimes called credential stuffing, and attackers can be very successful at breaking into sites if users reuse passwords. An added benefit is user productivity and user happiness. SSO Single Sign On is becoming more popular, so users can log in once and gain access to more than one site or resource.

Do you utilize geo-blocking or geo-filtering? These technologies identify computers, users, and email messages based on geographical locations. You will be more secure if you block email and login attempts from geographical areas where you never do business and block user logins from countries where you have no users.

Are users local administrators? When you set up a new Windows or Apple computer, the user has local administrator access and can perform many activities, including installing programs. And if an attacker manages to compromise that user’s account, now the attacker has tremendous power to compromise that computer and potentially your entire organization. This topic is complex, but the goal of every organization must be to ensure all workers are “standard users” on their computers. Being a standard user limits what an attacker can damage and makes the user account more difficult to compromise in the first place.

Do you segment your network? Network segmentation splits your network into smaller parts based on the purpose or type of device. For example, suppose you isolate your security cameras on a network away from your servers on a different network. If an attacker breaks into a security camera, segmentation can block their ability to hack your servers through the camera. Common segments include:

-Servers
-Desktops and Laptops
-Wireless Network
-VPN users
-Security cameras
-VoIP systems
-Different floors in your building or different buildings on your campus

It is possible to over-segment and create too much work for your IT Team, but that rarely happens. Your team will set up rules called Access Control Lists (ACLs) that limit communications between the segments to block unauthorized activities.

Have you established a security baseline for your systems? Have a documented standard configuration for security controls you enforce on your servers, workstations, and mobile devices.

How long from when critical security updates are released until you apply them to your devices? Microsoft, Apple, your firewall manufacturer, and other providers release security updates to programs to block attackers from using previously undetected security holes. You must apply the patches quickly to prevent attackers from exploiting the vulnerabilities. Zero-day patches and updates fix problems that attackers are already using to compromise systems.

Do you allow workers to use family computers to access email and work from home? Family computers are significantly less secure than company-issued devices that your IT Team monitors and protects 24×7. It is relatively common for organizations to permit users to use their BYOD phones to access company email. Your insurance company could see that as a red flag against providing or renewing a policy. You’ll want to demonstrate other safeguards you use to minimize the risk.

Do you enforce EPP on all devices? End Point Protection is a tool your IT Team can use to protect each device on your network. Ask your IT Team. Chances are they’ve implemented this solution.

Do you utilize EDR tools? Endpoint Detection and Response products are more than anti-virus. They monitor your network to identify behavior or data that could be malicious and can block an attack in progress.

Do you perform periodic vulnerability scans and penetration testing? These tests identify previously undiscovered weaknesses in your security. Please contact us if you need these services as part of a comprehensive security advisory service for executives to help them secure their organizations. We guide and become a resource for your existing IT team rather than replacing them.

Does your spam filter scan messages and attachments for malicious links? If the answer is no, you need to add these features immediately.

Do you use DNS filtering? Domain Name Service maps URL website names to addresses of servers on the web. DNS filtering services strive to identify malicious web servers and automatically block communications from your network to them. As a bonus, some services permit you to hinder users from accessing sites you might deem inappropriate.

Do you use SPF for email messages? The Sender Policy Framework is a protective solution that your IT Team can enable to permit your email servers to confirm that inbound email messages came from an approved server rather than a fraudster impersonating, or spoofing, a legitimate source. While they are at it, your IT Team can enable DKIM to help other organizations’ mail servers confirm that messages they receive from you are legitimate and unaltered. They can configure DMARC to tell remote email servers to throw away messages from fraudsters attempting to impersonate your organization.

Do you identify and isolate PII? It is essential to determine where you store Personally Identifiable Information, Protected Health Information, Cardholder Data, and other sensitive information. A fundamental step in protecting sensitive information is to know where it is stored.

Do you store backups offsite? It is essential to have backups that you disconnect from your network. If an attacker gains access with the intent of encrypting or deleting data to demand ransom, they might attempt to destroy your ability to restore. They know you’re more likely to pay the ransom if you cannot restore sensitive data. So you must isolate some backup data so the attacker cannot damage it. For example, you might use backup tapes or hard drives disconnected from the network stored in a safe location.

Do you encrypt your backups? If an unauthorized person accesses your backup data, it is useless if they cannot read the contents. Encryption is a setting in your backup software. There was a time people wouldn’t encrypt backups because the backups would take much longer. With today’s technology, there should be little added time.

What steps do you take to prevent ransomware attacks? This open box is an opportunity for you to list the items above in statement form. Almost all security measures you use can arguably protect against ransomware attacks or limit the impact.

How long will it take to restore your data from backups? If you have never practiced your complete restore process, do it now. You’ll measure the time. If you find out the duration is too long, you can take steps to speed up the process. Many organizations find out they cannot restore from their backups. Often, their failed attempt was the first time they’d ever tried to restore. It can be complicated to perform a test restore, so be prepared to give your IT Team additional time. If you outsource your IT, it is understandable that they’ll charge you for practicing the restore. In case the restore fails, never practice restoring your data into your production environment.