Cybersecurity – the essentials
It seems that hardly a day goes by without there being some report on cyber liability appearing in the media.
The insurance industry is responding with the increasing availability of cyber liability insurance products. Unfortunately, there is no standard wording available and so great care needs to be taken when placing cover to ensure that any insurance policy matches the risk exposure.
Whilst an insurance policy will pick up the pieces after an insured event, it is much better to prevent any event from happening in the first place.
Basic technical protection from cyberattacks can be found in HM Government Cyber Essentials Scheme. By implementing Cyber Essentials, organisations can mitigate against the following common types of cyber attack:
Phishing – malware infection through users clicking on malicious email attachments or website links
Hacking – exploitation of known vulnerabilities in Internet-connected servers and devices using widely available tools and techniques.
In summary, Cyber Essentials requires implementation of the following controls:
Boundary firewalls and Internet gateways
Information, applications and computers within the organisation’s internal networks should be protected against unauthorised access and disclosure from the Internet, using boundary firewalls, Internet gateways or equivalent network devices.
Computers and network devices should be configured to reduce the level of inherent vulnerabilities and provide only the services required to fulfil their role.
User access control
User accounts, particularly those with special access privileges (e.g. administrative accounts) should be assigned only to authorised individuals, managed effectively and provide the minimum level of access to applications, computers and networks.
Computers that are exposed to the Internet should be protected against malware infection through the use of malware protection software
Software running on computers and network devices should be kept up to date and have the latest security patches installed.
Full details of the Cyber Essentials scheme can be found here:
Cyber Essentials is mandatory for central government contracts advertised after 1st October 2014 which involve handling personal information and providing certain ICT products and services.
For those wishing to enhance their knowledge of cyber security, the Open University offers a free online course – Introduction to Cyber Security. Taking approximately three hours per week over eight weeks, this course will help you to understand online security and start to protect your digital life, whether at home or work.
Rradar Limited are also able to provide cyber liability insurance training to brokers. Starting with the threats facing the digital world, the course compares and contrasts different insurance policies currently available before looking at the Cyber Essentials scheme in more detail. Attendance will give delegates the confidence to discuss this important area of risk.
How rradar can help: