Your Cyber Insurance Carrier Wants You to Hire An MSP. And you should.
IT Security Starts with the Basics
The experts inside your insurance company and experienced IT professionals agree that many of the most important things protecting your data from cyberattack are maintenance practices that are followed with discipline. As professionals, we often see cases where basic IT practices are not applied and customers are subject to great risk not only from a cyberattack, but from a variety of other threats such as human error or hardware failure.
Working with an MSP, you have a team that has spent years perfecting the tools and processes needed to reliably perform maintenance activities, so when a problem occurs, your network is protected.
Some basic things your MSP will help you accomplish:
· Physical security. Your servers and network equipment should be housed in a locked area where temperature and humidity are controlled and monitored.
· Access restrictions. Users should only have the system access they need. No user should be doing daily tasks with an account that has administrative privileges. Any access you give a user is also given to a hacker that gains access to their account.
· Security training for users. People are the weak point in any computer system. Security awareness training helps users spot phishing attacks and helps them avoid risky websites. This training will reduce the number of threats your other defenses must protect against.
· Password policies. Complex passwords take longer to break with brute force attacks. Your applications and directory service should lock user accounts after multiple failed login attempts to defend against this type of attack.
· Security audits. Vulnerability testing and penetration testing will help your firm identify weaknesses in your security defenses. Periodic testing is highly recommended to find weaknesses before they are exploited.
· Software patching. Software patching is critical as many software patches are developed to close security loopholes. If software patches are not applied, your environment will have vulnerabilities that are documented by the very vendors who are issuing the patch to resolve the problem. Threat actors are aware of these vulnerabilities and will exploit them if you leave them open. Cyber insurance carriers are beginning to require software patching be completed in order for coverage to be valid.
· Backup and recovery. Your firm should have multiple copies of your data with at least one of these off-site. It is critical that access to this data be separate from network access and that the recovery function is periodically tested. Your organization’s data is critical to your survival, so it is imperative to know you can restore your data in case of a disaster (natural or manmade).
A Secure Perimeter
The next layer of security is perimeter access. There are a variety of tools to provide perimeter security. A strong MSP will recommend the tools appropriate for your business.
Some perimeter security tools:
· Firewall. A firewall controls access on a very granular level. Expert configuration is essential to provide effective protection. It is also important to be sure that subscriptions for software and support are current.
· Email Filtering. These tools receive and scan emails before your users see them. This helps prevent phishing and malware.
· VPN Access. Remote users often require access to resources on your network from public or home networks. VPNs encrypt traffic between the user and your site to keep their connection private over the Internet.
· DNS Security. These tools act as a broker when your users attempt to connect to services on the Internet. DNS security products like Cisco Umbrella can block requests to risky website and alert administrators. DNS security can protect your team from recently hacked websites as well as sites set up to host malware and phishing scams.
By far the biggest vulnerability in your network is the endpoint. Even with user training and email filtering in place, phishing is so prevalent that eventually one of your users will click on a malicious link that was missed by other tools. Endpoint protection tools are designed to catch these threats and generate alerts to notify you of problems. Some of these tools can take action, including disabling the endpoint until it is cleaned and determined to be safe.
· Endpoint Detection and Response (EDR). EDR is an update to anti-virus software that was seen as a requirement on corporate systems for decades. EDR products extend beyond typical signature-based scanning to include analysis of the behavior of suspicious code. By focusing on the behavior, new attacks that would be missed by anti-virus tools are blocked by EDR.
· Managed Detection and Response (MDR). MDR tools look for persistence mechanisms used to take over your environment with Ransomware. By identifying the threat before the attackers have control of your data, these mechanisms can be removed and entry points to your network closed.
· Multi-Factor Authentication (MFA). MFA is used to ensure that users authenticating to your applications are who they claim to be. MFA is an excellent tool for preventing unauthorized access and has been heralded by insurance carriers. In most cases, companies are required to use MFA before cyber liability insurance coverage will be issued.
The Right Team with The Right Tools
The key benefit of hiring a Managed Service Provider (MSP) to support and protect your team is that an MSP’s core business is managing computer networks. They invest heavily in management tools and training. They are versed in a wide variety of technologies and can recommend the right solution for your firm.
Give MTSi a call and discover the difference we can make for your team.