With a large database of employees and sensitive information such as bank details, social security numbers, addresses, and dates of birth, staffing firms have become prime targets for hackers. As a result, insurance pricing has increased drastically, limits have decreased, and deductibles have gone up. Furthermore, more subjectivities have been added to bind coverages.
Carriers are no longer allowing staffing firms have relaxed cyber securities. With most businesses allowing more remote workers, carriers are requiring these eight cyber risk management tools mandatory in order to bind coverage:
- Multi-Factor Authentication (MFA)
- A method that requires the user to provide two or more verification factors to gain access to a resource, application, on-line account, or VPN.
- Managed Detection and Response (MDR)
- This is designed to cover the total network environment to include 24/7 Security Operation Center monitoring and scanning for open reports.
- Employee Training
- Training includes fake phishing attacks, webinars for employees to watch, and email reminders for best practices.
- Secured Backups and Recovery
- Employers need to have current backups that are in a separate, secured location that requires MFA for access and a disaster recovery plan so if an attack occurs, the downtime in minimal.
- Regular Updates and Patches
- Patches are software and operation systems updates that address security vulnerabilities within a program or product.
- Tested Incident Response Plan
- You company has tested procedures to ensure you plan is successful should a cyber- attack occur.
- End of Life Software Removal
- Software applications that are no longer needed, used, or supported are some of the most common vulnerabilities for employers. You have a process in place to remove them from your network and endpoints as soon as they are no longer needed.
- End point Detection & Response (EDR)
- EDR tools are technology platforms that can alert security teams of malicious activity and enable fast investigation and containment attacks on endpoints.
Most carriers have resources and or vendors that insurers can partner with to implement some of these important items. Marsh McLennan Agency also has resources to test employer’s technology systems to know where vulnerabilities lie and how to properly address them.
To learn more about providing cyber risk management to your company, contact an MMA advisor today.