Somerville has partnered with PSC Insurance.
“Staying ahead of constantly evolving cyber threats is one of the major challenges facing Australian businesses today. To mitigate this risk, it’s crucial that businesses consistently develop, evolve, and improve their cybersecurity posture in today’s fast-paced environment,” says Tom Salter, Account Executive, PSC Insurance.
“Effectively managing cyber risks enhances an organisation’s ability to avoid, respond to, and recover from cyber-attacks. However, it is also imperative to demonstrate to insurers that your business has a robust risk management system in place to secure the most appropriate coverage that meets the needs of your business. With cyber-attacks becoming increasingly sophisticated, Insurers now demand increasing levels of risk management from businesses seeking coverage.
“PSC is thrilled to have partnered with Somerville to provide a checklist, not only to further protect organisations, but also open them up to the added support of an insurance policy.”
While purchasing cyber insurance may be challenging, Somerville has worked with PSC Insurance to develop an IT cybersecurity checklist which advises companies to consider the following security factors in support of their cyber insurance policies.
- Encryption: It is important to ensure that all sensitive and personal data is encrypted both at rest and in transit. This will reduce the chances of it being misused following an attack.
- MFA: The deployment of Multi-factor Authentication (MFA) is likely to be a requirement of many insurers. MFA can significantly reduce the chances of unauthorised parties gaining access to corporate IT resources.
- Endpoint protection: All endpoints on an organisation’s network should be protected by the use of firewalls and antivirus software. It is also important that these tools are regularly updated.
- Data backups: All critical data needs to be regularly backed up to ensure recovery is possible should an attack take place. Backups should also be stored off-site and segregated from the main corporate environment.
- Backup testing: Data backups should also be regularly tested to ensure their integrity and confirm that they are capable of restoring all core systems within the organisation.
- Email scanning: All incoming email should be automatically scanned for malicious links and attachments. This will reduce the chances of a cybercriminal gaining access to centralised systems.
- User training: Regular security awareness training should be conducted for all staff. This should include clear explanations of the risks being faced and the steps staff can take to ward off attacks.
- Admin checks: Organisations should also have in place established procedures to verify requests for changes in customer and partner details. This will ensure only legitimate requests are actioned.
- Financial checks: Rigorous checks should also be in place when it comes to authorising any financial transactions. This could include the need to at least two parties to authorise all transactions over a set amount.
- Patch management: A patch management policy needs to be in place that ensures all critical patches are installed as quickly as possible after their release.
Craig Somerville, CEO, Somerville, explains, “Today, organisations are unlikely to get any insurance cover unless their existing cybersecurity is deemed to be sufficient by the insurer. This checklist helps to ensure that companies have appropriate tools in place that are constantly managed and regularly updated. They can demonstrate evidence of staff education as well as the implementation of policies that reduce the chance of attacks occurring in the first place. At the end of the day, cyber insurance only works as a top-up to existing effective security measures. It is not a replacement and should not be regarded as an easy alternative.”