A Five Step Cybersecurity Program

A Five Step Cybersecurity Program

April 2, 2019 Business Insurance and Risk Management, The Beacon Blog 0 Comments

While cybersecurity is or should be everyone’s concern, the complexities can be daunting. Technical details are best left to professionals, but there are basic steps everyone can do. Zurich Insurance has posted their five step program at https://youtalk-insurance.com/news/zurich/5-steps-to-a-better-cybersecurity-programme?:

  1. Take a complete inventory of IT assets. This includes a complete and accurate network diagram and a ledger of all devices connected to your network. Needless to say, the inventory should be updated when systems or devices are added or removed.
  2. Have a vulnerability management and patching program. Know the status of each device and run automated scans of the entire network at least monthly. Apply patches as quickly as possible to lessen the chance that hackers will take advantage of a vulnerability.
  3. Conduct an awareness and training program for users. It cannot be emphasized too strongly that users are the weak link in cybersecurity. Educate them on avoiding social engineering scams and safe browsing. Teach them to use strong but easily remembered passwords. Have an acceptable use policy.
  4. Monitor information assets on a continuous basis. Most devices generate data reports which can alert administrators to suspicious activity. If in-house staff does not have the expertise use a third party security monitor.
  5. Have an incident response plan. Assume something will go wrong. The plan should address possible contingencies and who will respond internally and externally. Practice on a regular basis.

These are the basics. Contact your cyber insurer for assistance in puting them into practice.




About the Author

Harry Cylinder

Harry Cylinder, CPCU, ARM has spent nearly fifty years in the insurance industry, the majority of the time as a consultant. He has been employed by The Beacon Group of Companies since 2008, specializing in the review and analysis of property and casualty coverage forms. Mr. Cylinder has been reviewing policy forms as they have evolved over the past decades. In 2008 he published an article in the CPCU Journal which was the first description of cyber insurance coverage for a general insurance audience. Since that time he has regularly written on cyber and other topics for The Beacon Companies’ blog.