In this episode of the “Cybersecurity for Small Business” podcast, James from Extreme Networks delves into the intricacies of completing a cyber insurance application form for small businesses. Cybersecurity is often seen as expensive and complex, but James aims to simplify it and help businesses keep their operations safe.
Check out Episode 3 here: Small Business Cyber Insurance – what do you need to know?
The episode focuses on a ransomware supplemental application questionnaire from a different insurer. James highlights that understanding the questions in these forms is crucial because insurers pay out when a security breach occurs, and they know what security measures are essential for protection.
Check out an example of a ransomware supplemental application questionnaire here: aig.com.au/content/dam/aig/apac/australia/documents-new/financial-lines/cyber/aig-au-cyberedge-ransomware-supplementary-proposal-form.pdf
Some of the key points discussed include:
User Accounts: Using admin accounts for day-to-day work is discouraged, as it can give malicious software more privileges when clicked on. Organizing data around functional groups and limiting access helps reduce the impact of cyberattacks.
Logging of Privileged Accounts: Monitoring usage of privileged accounts helps during post-incident investigations, as privilege escalation is a common part of hacking.
Privileged Access Workstations: Isolating computers used for critical system administration from the internet reduces the likelihood of compromise.
Microsoft 365: Emphasizing the importance of multi-factor authentication for cloud-based applications like Microsoft 365 due to the high frequency of business email compromises.
Learn more about how Microsoft 365 is combating email compromise here: Business email compromise: How Microsoft is combating this costly threat | Microsoft Security Blog
Patch Deployment Time: Having a clear policy for deploying critical patches, especially zero-day patches, and verifying their successful implementation is essential.
Learn more about patch management here: Patch Management Explained: Challenges, Best Practices & Steps | Splunk
Incident Triage Time: Rapidly managing security incidents within specific timeframes, such as less than 30 minutes, 30 minutes to 2 hours, 2 hours to 8 hours, or greater than 8 hours.
MFA for Cloud Resources: Ensuring cloud applications support multi-factor authentication to prevent unauthorized access.
Restore Time Objectives (RTO): Defining how long it takes to restore data in case of a cyber incident and having alternative methods for business continuity.
Email Quarantine Services: Implementing a quarantine service for suspicious emails to reduce the risk of malware and phishing attacks.
Simulated Phishing Attacks: Regularly conducting simulated phishing attacks to educate employees about spotting phishing emails.
Monitoring Device Performance: Monitoring machines for high memory or processor usage and decreasing free disk space, which can indicate malicious activity.
Vulnerability Scanning: Running regular vulnerability scans to detect potential vulnerabilities before they can be exploited.
Penetration Testing: Depending on the risk profile, using automated or manual penetration testing to identify vulnerabilities.
Remote Desktop Protocol (RDP): Assessing the security of RDP and implementing measures like VPN and multi-factor authentication to secure it.
RDP Honeypots: Some insurers may inquire about the use of honeypots to detect and log RDP attacks, although this is less common for small and medium-sized enterprises.
Learn more about RDP honeypots here: Detecting RDP Attacks With Honeypots: Lessons From Blumira Data
James emphasizes the importance of completing the cybersecurity insurance application process annually. By doing so, businesses can continually assess and improve their cybersecurity posture, aligning with the framework of identifying, protecting, detecting, responding to, and recovering from cyber threats. He encourages businesses to develop a robust recovery plan and consider how they would respond to a cybersecurity incident. James also mentions the value of war gaming to identify and address gaps in incident response.
If you have questions or need assistance with your cybersecurity efforts, the podcast hosts are available to help. The episode serves as a practical guide for small businesses looking to enhance their cybersecurity measures and navigate the world of cyber insurance.