Many of us don’t think twice about locking our house or car when we are away from them. And we don’t think much at all about locking our online assets up as securely.
Weak, easily guessed passwords and exposed credentials from past breaches have helped fuel the explosion of ransomware and business email compromise we’ve seen over the last year. In fact, with record premium payouts, cyber liability insurance carriers have taken notice.
Multiple carriers are requiring that insureds have multi-factor authentication (MFA) implemented on privileged accounts (i.e. your IT administrators), remote email, and remote connectivity into company systems. This should include Microsoft 365, as well.
Getting there with legacy systems or applications that don’t support MFA may require some time. GBQ IT Services recommends you start thinking ahead to renewal time because you might not be able to meet the MFA mark in a short time frame.
In lieu of moving to MFA, we are seeing firms paying triple the premiums they paid in the past or looking for a new policy because the carrier refuses to renew.
MFA is a good idea but it is not the only thing you should do to securely lock your online assets. We’re pleased to share additional advice from the National Cyber Security Alliance (NCSA), sponsor of the annual Cybersecurity Awareness Month observed in October:
- Make your password a sentence. A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”).
- Unique account, unique password. Having separate passwords for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passwords.
- Write it down and keep it safe. Everyone can forget a password. Keep a list that’s stored in a safe, secure place away from your computer. You can alternatively use a service like a password manager to keep track of your passwords.
- Lock down your login. Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys, or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like email, banking, and social media.
To discuss this information in more detail, contact a member of our IT Services team today.
Article written by:
Doug Davidson, CISA
Director of Information Technology Services