Key Security Controls
There are three key sets of security controls that every business should aspire too. These include the essential ones that cyberinsurers look for and will help you stay more secure and acquire better coverage. Start with the core controls and work your way up with our roadmap.
CORE CONTROLS
“Deal breakers” - Without these controls in place you are placing your business at high risk for an incident and insurance will be very difficult to get
- Multifactor authentication (MFA) for all external access, all users
- Backups that are disconnected from the main network
- Next generation antivirus on all endpoints (i.e. all computers and servers)
- Patching all critical & high vulnerabilities in <30 days
- Security awareness training for all users
ENHANCED CONTROLS
Good Security & Access to Better Policies
- MFA is not using phone call or SMS based authentication, only app or token based systems
- Backups run daily, are encrypted, can fully restore service in less than a week
- Endpoint Detection and Response (EDR) on all endpoints, managed 24x7(“butts in seats” 24x7, not just someone on-call responding to alerts) - Learn More
- Monthly Vulnerability scanning of internal networks/devices
- Phishing simulation for all users with a failure rate of <20%
EXTENDED CONTROLS
Great Security & Access the Best Policies
- Spam filtering and antiphishing tech
- Device & data encryption – at rest & in transit
- DNS filtering including on all company endpoints
- Firewall / network segregation (default deny between zones)