APCIA: 8 cybersecurity best practices for 2022

8. Segment, segregate data

Network segmentation, which encourages businesses to review their infrastructure layout to ensure there is segmentation and segregation of data, makes it more difficult for an intruder to access sensitive data.

(Credit: the_lightwriter/Adobe Stock)

7. Detection tools

Detection tools that allow a business to detect system changes and deletions. (Credit: William Potter/Shutterstock.com)

6. Training workers

Training employees on the importance of MFA and on spotting suspicious links

(Credit: GOLDMAN99/Shutterstock)

5. Testing, testing

Periodic testing of the information security program and protocols as appropriate.

(Credit: Jakub Jirsak)

4. Patch management

Having a patch management program in place that at a minimum includes testing, validation processes and deployment practices.

(Credit: NicoElNino/Shutterstock)

3. Password policy

Establish password policies that require the use of strong passwords and don’t allow the reusing of a password across multiple accounts.

(Credit: Wei/ Adobe Stock)

2. Back systems up

Back up essential information off-site or on the cloud to isolate and store it separately from the network.

(Credit: ABCreative/Adobe Stock)

1. MFA

Using multifactor authentication (MFA), which requires at least two authentication events to protect against unauthorized access to non-public information or information systems, is one of the key defenses against cyber intrusions, APCIA reported.

(Credit: Thapana_Studio/Adobe Stock)

Pressure from digital threats continues to mount for businesses across the globe and cyber premiums continue to grow beside those stressors. Gallagher reported the median rate for cyber coverage was 37%, while some companies saw rate growth in excess of 83%.

Although costs associated with cyber insurance are increasing, coverage for these events is a vital piece of a company’s cyber risk management arsenal, according to the American Property Casualty Insurance Association (APCIA). In addition to reimbursement for losses such as ransomware payments, cyber insurance can also offer pre- and post-incident services, including employee training and testing, vulnerability assessments, detection capabilities, and forensic and legal expertise.

Insurance coverage for cyber events can also give companies access to ransomware specialists, who have knowledge and experience on the likelihood of receiving decryption keys, the variety of ransomware strain and whether the hacker is potentially on the sanctions nexus, APCIA reported.

“Prevention is a business’ best defense against a ransomware attack and this paper provides a range of data security hygiene steps that businesses and individuals can take to improve their cyber defenses,” Gary Sullivan, APCIA’s senior director, emerging risks, said in a release. “It is important for businesses to think through preventative measures and security safeguards that make it difficult for cybercriminals to gain network access.”

In an effort to help commercial insureds better prepare for digital threats, APCIA released an updated set of cybersecurity best practices, which are highlighted in the above slideshow.

Related:

Comments are closed.