Take the first step towards a Modern Workplace.
Close
LET'S CHAT

Your Security Risk Assessment Checklist: 6 Questions to Ask

Plan for a risk assessment and review your capability with a simple checklist 

Reduced risk can mean lower insurance premiums. Ensure your business is fully prepared for your Cyber Security Insurance assessment with our six-point checklist.

Cyber security is similar to home security, and insurance assessors are looking for deadlocks on doors as well as good cyber defences in a company. 

Residents and business leaders who take their security seriously will be able to access lower premiums as a result.

Wondering how to ace those questions from your insurer? In this blog, we’ll cover six of the most common aspects Tecala’s clients are asked about by their insurers. 

The good news is that these questions themselves provide a highly accurate template on how to manage your cyber security risks in general, and gain top marks for any network security risk assessment.

  1. Security awareness training
    Insurers will want you to have formal security awareness training in place for all your staff, and for the training to be maintained yearly. This is a key area of risk: the OAIC reported that 35 per cent of notifiable data breaches between January and March 2019 were related to human error, compared to just 4 per cent related to system faults.

    There is an incredible amount of value in ensuring your staff are continually aware, vigilant and reminded of cyber security risks. The fact is, having this type of training is a must regardless of the insurance question, because the risks you face will evolve over time.

    The cost of a breach relating to human error is likely to far outweigh the relatively low costs of training and breach prevention.
  1. Data classification
    Insurers are likely to check that your data has been properly classified in terms of its sensitivity, its audience and the subsequent risks. Unclassified data is more easily breached, so data classification should be part of any ICT network security policy.

    Knowing, sorting, classifying and locking away your sensitive data is one of the most cost-effective ways to reduce the risk of unauthorised people accessing sensitive data. Some 40 per cent of cyber incident breaches are reported to be the result of stolen or compromised credentials.
  1. Multi-factor authentication
    An insurer will pay attention to whether you’re using Multi-Factor Authentication (MFA) to protect your systems and sensitive data. Passwords can be quite easily compromised, either by wholesale data breaches in other commonly used systems such as LinkedIn; brute force; phishing; or social engineering.

    You have almost certainly had one of your passwords stolen already, through no fault of your own. This may be a shock to discover, but a quick visit to Have I Been Pwned will show you where known public breaches have already occurred. There are likely many more which have never been found or surfaced.

    Multi-Factor Authentication assumes that your user’s passwords may already be known; however, the attackers will not be able to reach into your system as there has been a preestablished second ‘factor’ of trust put in place, such as a smartphone-based token.

    MFA is a great starting point in improving your systemised security.
  1. Monitoring
    An insurer will be interested in whether you have tools in place to monitor network and system activity, and how this can be used to identify unusual behaviour. The use of monitoring and alerts is a simple and effective way to make sure that normal behaviour on systems can be ignored, and unusual behaviour can be flagged.

    Monitoring is also one of the best ways to make sure your systems are in good health overall and should be an integral part of your ICT network solution.
  1. Antivirus
    Everyone has antivirus tools running in 2020, right? Surprisingly, this is not always the case. An insurer will not only be keen to confirm that you have adequate antivirus protection, but you may also be questioned on how often it’s updated. The ability to respond to threats as they are detected as close to real time as possible is crucial.

    Having an out-of-date antivirus tool is equivalent to leaving the same combination on a safe which has been cracked. Once a weakness has been found, it can be used until the hole has been plugged.
  1. Patching
    Patching is the unsung hero of cyber security. While other flashy tools and security products fit almost every conceivable risk, one of the best ways to protect yourself and prove to an insurer you have your house in order is to regularly patch your systems.

    Systemic regular patching will keep you highly secure due to the fact that billions of dollars and millions of hours are spent looking for ways to breach vulnerabilities in systems.

    One of the best examples was the Meltdown vulnerability in Intel processors, which was disclosed to hardware and software vendors in July 2017 ahead of coordinated release in January 2018. If you are patching your systems consistently and regularly, vulnerabilities can be closed well before they can be exploited.

    By addressing these six core components of cyber security, you can demonstrate a ‘deadlock’ of high-quality protection to your insurer, minimise your risks and exposure, and ideally gain access to far lower premiums as a result.

    The MSP model, delivered by network security service providers, works well to mitigate potential threats and ensure network and security solutions are property managed.

    When it comes to cyber security, a managed network security services approach is the way to go.

    To speak with the team at Tecala about developing your own cyber security strategy and the support to put that strategy in place, get in touch today.

LET’S CREATE A PLAN THAT GIVEs YOU THE OUTCOME YOU NEED.

Register for an initial online discussion over Zoom, phone, or in person. And let’s find out where your business most needs our award-winning services and support.

By analysing your specific needs and priorities, we’ll give you a realistic and practical recommendation on what’s required to accelerate your modern architecture.

Our Senior Consultants will help you evaluate and understand your options, so you can make decisions that benefit both your business and your employees, while mitigating unnecessary risk.​

Combining Strategy, Transformation, Management and Optimisation, we identify and remove the obstacles to a successful outcome, before you even know they’re there.​

The session will cover:

Step 1: Recap and review

Together we’ll examine the steps you’ve already taken in adapting to COVID-19, and review the parameters for the architecture planning you’ll need in place going forward.

Step 2: Shape the
plan

Future-Planning for optimal performance, focusing on effective communication and collaboration, device lifecycle and configuration management and security.

Step 3: Identify your requirements

This is where we clearly identify the steps you need to have in place to develop your Strategic Technology Roadmap to create a Modern Dynamic Workplace. 

Step 4: Get the
report

You’ll receive a high-level report with our recommendations to accelerate your modern architecture, and the next steps for delivering your Strategic Technology Roadmap.

We’ll get you there. Faster.

With a high-level plan in place, you’ll have a clear understanding on the business case, benefits, and high-level budget considerations for your technology platform to accelerate your modern architecture. And you’ll be ready to leverage the Cloud to deliver the services and applications your teams need.

CASE STUDY

Find out what a great MSP relationship should be delivering.

How successful was your business transition to a remote workforce during the COVID crisis? Read how the National Breast Cancer Foundation was able to transition to a remote workforce environment almost overnight, and with 93% employee satisfaction.

blog

Is Your MSP Giving You Solutions or Problems During COVID-19? 5 Key Signs of Insufficient Management

There’s nothing like a one in 100-year pandemic to test how your IT operations are performing and how prepared you are for change.