Tag: cyber insurance

28 Dec 2021
Cybersecurity Insurance and Multi-Factor Authentication

Cybersecurity Insurance and Multi-Factor Authentication

Cybersecurity Insurance and Multi-Factor Authentication

Financial institutions are increasingly embracing cybersecurity insurance as an important aspect of their information security program. Cyber insurance can offer vital coverage to protect businesses from various technology-related risks. Data breach insurance, for example, helps companies respond if personally identifiable information gets lost or stolen from their computers—whether intentionally by a hacker or accidentally by an employee. Cyber liability insurance offers expanded protection to help businesses prepare for, respond to, and recover from cyberattacks.

As cybercrimes continue to intensify, more cybersecurity insurance companies are calling for organizations to employ multi-factor authentication (MFA). Some carriers are even refusing to provide insurance quotes to companies that are not using this authentication method. From their perspective, MFA adoption makes perfect sense; it keeps unauthorized individuals from accessing sensitive information, reducing ransomware, data breaches, and other cyberattacks. This, in turn, minimizes insurance claims and saves carriers money.

For insurance providers, MFA is appealing because it lowers cyber risk by requiring users to verify who they are. The individual must furnish valid identification data followed by at least one other credential: a password, one-time passcode, or physical characteristics like their fingerprint or face. This strict authentication system allows organizations to certify people’s identity—before granting them access to sensitive information, an account, or other assets—and this can significantly strengthen their security.

While MFA is heavily promoted by many cyber insurance companies, an institution’s regulators may not require financial institutions to use multi-factor authentication. However, implementing MFA for a whole internal network may not be a simple task. Depending on the solution, it may require installing agent software to all the endpoints requiring MFA and configuring appropriate “break-glass” accounts for emergency use, which creates more infrastructure to be monitored and managed.

MFA Implementation Tips

To simplify MFA implementation, Banks and credit unions can apply a sequenced strategy instead of jumping straight to the internal network. As a first step, institutions can ensure MFA is turned on for all remote-access users, including creating endpoint control policies for their devices. The next logical step would be to lock down MFA for cloud applications. This includes Microsoft Online services like M365 (formerly Office 365) and Azure Active Directory (Azure AD). These solutions come with a variety of free security features that organizations can customize to their business requirements. Even at low licensing levels, these products allow MFA to be turned on for all users—which can be highly effective for averting business email compromise and ransomware attacks. But institutions will need higher-level licensing if they want to make conditional access policies based on the specific location, identity, or device of users. Azure AD Premium P1 and M365 Enterprise E3, for example, have a variety of advanced features that allow conditional access policies to be established to enhance security.

MFA is just one layer of security for banks and credit unions to consider. We hope this post provided some insight into applying MFA for both security and insurance purposes. To learn more about this topic and other security layers, listen to our recent “Ransomware, Cybersecurity, and MFA” webinar, hosted by our Chief Technology Officer, Brendan McGowan.

18 Aug 2021
How Banks and Credit Unions Are Responding to Emerging Cybersecurity Threats

How Banks and Credit Unions Are Responding to Emerging Cybersecurity Threats

How Banks and Credit Unions Are Responding to Emerging Cybersecurity Threats

Cybercriminals are always looking for new ways to bypass defense measures and exploit emerging weaknesses. Today, financial institutions are fending off security threats that are more ubiquitous, complex, and costly.

As more employees than ever before engage in remote work and online collaboration, this presents a host of potential security gaps. Unsecured home Wi-Fi networks, remote servers, mobile devices, a lack of encryption, and inadequate intrusion detection software are just a few of the factors that contribute to a spike in cyber attacks.

From an internal operations standpoint, it’s equally as important for financial institutions to secure data from basic human error, as 85 percent of data breaches involve a human element, according to the Verizon 2021 Data Breach Investigations Report. Employee awareness training can be the first (and best) defense against emerging cybersecurity threats like business email compromise which is designed to trick people into processing a payment or sharing valuable information.

Leveraging the Latest Technology

Next-generation firewalls (NGFWs) and cloud platforms can also support organizations’ efforts to combat cybersecurity threats. NGFWs offer advanced features that make risk easier to detect, manage and eliminate. SSL/TLS inspection can ensure that encrypted traffic is safe to transmit over the firewall. In addition, threat feeds can help firewalls effectively analyze traffic and route potentially dangerous traffic to a virtual “sandbox,” where it can be processed securely. Automated log analysis is then used to enhance the difficult job of managing voluminous logs and resolving security issues. To learn more about how these advanced features work, listen to our recorded webinar, “Firewall Chat: A Panel Discussion on the Technical Advances in Firewalls”.

Cloud computing is also providing benefits to financial institutions to enhance their security resources. While cloud technology is nothing new, innovations from major platforms like Microsoft, Amazon and Google offer enticing advantages to moving data and business processes into the cloud. But it’s important to keep in mind that employing cloud services requires institutions to use different security practices in order to minimize data breaches and other cyber threats.

Growing Need for Insurance and Expertise

As another developing trend, more companies are adding cyber insurance to their security toolbox. A cyber insurance policy can be an effective way to mitigate risk related to financial losses from cyber attacks. But with more cybercrime happening, organizations can expect to see higher premiums, decreased limits, and changes in exclusions for certain losses.

As cybersecurity threats become more frequent, sophisticated and expensive, financial institutions need to apply more vigilance and expertise to keep hackers at bay. Safe Systems can help ensure that community banks and credit unions have the technical resources they need to effectively address the latest security issues. Managed Perimeter Defense (MPD) offers a combination of professional IT solutions, including device monitoring and management, sandbox analysis, dynamic threat feed analysis, and SSL/TLS inspection.