The rising rate of cyberattacks and the potential financial implications have made cyber insurance coverage critical for many organisations. But cyber insurers are tightening terms.
For businesses in the financial services sector, taking out a tailored cyber insurance policy can make all the difference if something suddenly goes wrong. Financial institutions like asset managers, hedge funds, etc., face a wide variety of risks in their day-to-day operations, thus, an insurance solution that provides comprehensive protection is a necessity.
As cyberattacks continue to dominate headlines and related cyber insurance claims continues to increase, insurers are beginning to take a cautious position by tightening underwriting terms and asking pertinent questions about a business’s cyber operating environment. The adoption of risk controls has now become a minimum requirement for cyber insurance coverage.
Key questions that insurers ask are centred 3 main areas. They include email security, PC management, and encryption of data in transit and at rest. As a starting point, this article will answer key questions on email security as culled from a cyber insurance form.
1) What security controls do you have in place for incoming email?
Email is widely accepted as a choice channel of communication in today’s working environment. Businesses and individuals rely heavily on emails to communicate and do businesses with customers, collaborators, and colleagues; however, email is arguably the most prolific attack vector deployed by cybercriminals to target your staff to breach your organisation’s security.
Access to email accounts can provide cybercriminals with a wealth of information on sensitive business operations. Whether through sophisticated targeted attacks, phishing, malware attacks or even spam campaigns, attackers can take advantage of a lack of security to perpetuate criminal activities. By implementing the right controls, this risk can be largely mitigated. These include:
Screening for malicious attachment and links: Everyone knows that attachment and links should not to be opened if the sender is unknown or not trusted. But mistakes happen and without intending to, employees can click on malicious links or open malicious attachments. There is also the risk of a trusted sender being hacked themselves. You need to ensure that you have an extra layer of protection for these scenarios.
As part of our managed IT solutions, Tivarri offers Office 365 Advanced Threat Protection. This is an email filtering service that can help protect your organisation from viruses and malware by providing zero-day protection to keep you safe from malicious attachment and links. When an attachment is sent to your user, Safe Attachment automatically opens the file and test it in Microsoft’s virtual environment. If the attachment is found to be safe, it will be passed to the recipient, if it is found to be malicious, it is automatically removed. With Safe Links, emails containing one or more URLs are automatically checked. If safe, the email is passed to the user’s inbox; if it is malicious, a warning will be displayed and clicking on the links will be disabled unless the user manually overrides this behaviour.
Quarantine service: This additional layer of protection holds potentially malicious unwanted or dangerous emails, restricting them from reaching your inbox. Our IT solutions, Cranberry Cloud and Cranberry Desktop, can automatically quarantine emails that are potentially malicious and move them to the User’s junk folder. Users can ultimately choose to move these types of emails to inbox or delete once due diligence has been carried out.
Tagging external emails: External email warnings play an integral role in protecting against phishing attacks and spam. As cybercriminals continue to develop ingenuous ways to gain access to an organisation’s data or network, doing the bare minimum is not enough. A common tactic deployed by cybercriminals is to send emails using the display name of someone within the organisation whilst using an external email. While some employees may be able to immediately detect a difference, e.g., by hovering over the sender’s name to display the email address that the email was sent from, an employee on a busy Monday may not notice. Tagging external emails warns users of any emails with a cautionary message if they originate from outside the organisation.
Detonation and evaluation of attachment in a sandbox: Attachment sandboxing is a technique that proactively detects malware by extracting an attachment from a message, running suspicious code in an isolated and safe environment, and monitoring the behaviour and output of the code. By sandboxing and detonating suspicious files in a separate environment, files from untrusted source will be prevented from gaining access to trusted resource and manifesting malicious behaviour that can impact users’ devices and data. We provide attachment protection with sandboxing for customers, giving them an additional layer of protection from malicious code embedded in email attachments.
Sender Policy Framework: SPF lets you publish a list, through your Domain Name Records (DNS), of all the server IP addresses or domains your organisation uses to send email, making it harder for email senders to pretend that an email is coming from your domain. A receiving email server can check this list during mail delivery to confirm that email claiming to come from a specific domain has been sent from an authorised source. Emails from anywhere else are treated as spam by default.
DomainKeys Identified Mail (DKIM): is a protocol that allows an organisation to take responsibility for transmitting a message by signing it in a way that mailbox providers can verify the originating source.
Domain Based Message Authentication, Reporting and Conformance (DMARC): Domain Based Message Authentication, Reporting and Conformance (DMARC) is another email authentication, policy, and reporting protocol that helps domain owners and mail administrators prevent cybercriminals from spoofing their domain and organisations. It goes further and SPF by ensuring that a digital signature included in the header of each email sent so that a recipient’s email server can validate the source. This email standard works by confirming the senders email service using SPF and DKIM. Once the receiving email service confirms the sender’s identity, the email is forwarded to the receiver’s inbox, otherwise it will mark it as spam.
2) Do you conduct interactive phishing training and phishing email simulations for all employees?
Teaching your employees to spot phishing attacks by conducting interactive phishing training and phishing email simulations is essential for effective information security. Conducting phishing trainings and regular simulations equip employees with the needed education to spot phishing attacks, thereby decreasing security risk to your organisation.
Microsoft 365 E5 allows you schedule user phishing tests which provides user monitoring and education. This trains your employees to increase their awareness and decrease their susceptibility to cyberattacks whilst ultimately testing your security practices and policies. Tivarri collaborates with organisations looking to conduct phishing email simulations to improve user experience and make it more realistic, thereby educating users to spot the signs of a phishing attack.
3) Have you disabled legacy email protocols that use basic authentication?
Attackers target email accounts using legacy IMAP/POP/SMTP protocols in order to capture users’ credentials. This route is often used as it allows hackers to try a password to an email account up to 5 times an hour without being locked out.
Microsoft research has revealed that more than 99 percent of password spray attacks use legacy authentication protocols; more than 97 percent of credential stuffing attacks use legacy authentication; and Office 365 accounts in organisations that have enabled legacy authentication experience 67 percent more compromises than organisations where legacy authentication is disabled.
Legacy authentication methods should be blocked at the Office 365 level for MFA and Practice Protect polices to be effective. This is because legacy authentication protocols like SMTP, IMAP, POP, MATI, etc., is unable to enforce multi-factor authentication, making them preferred entry points for adversaries attacking your organisation.
4) Do you permit remote access to web-based email?
This is recommended on all mailboxes that don’t need it (e.g., Shared Mailboxes and mailboxes normally accessed through the Microsoft Outlook client application)Most hackers gain access to email via Outlook Web Access (where email is accessed via web browser as opposed to a smartphone app or Microsoft Outlook), if you don’t use it, we can disable it for you. This does not prevent you from using your smartphone or Outlook for email access.
5) What other cybersecurity controls and preventative measures do you have in place?
Risky User Report: Alongside the security controls listed above, there exist other cybersecurity controls and preventative measures. Microsoft can provide a ‘Risky User’ report which is generated automatically when Microsoft see non-typical behaviour on an email account – based upon a host of things that are monitored. This is a proactive and preventative measure and is often asked for by auditors.
Mobile Device Management: It is important that every organisation knows what personal devices are authorised to receive company email. Mobile device management (MDM) is a service that allows IT administrators to secure, control and enforce policies on smartphones, tablets, and other endpoints. The goal is to optimise the security and functionality of mobile devices whilst protecting the corporate network. While it is common practice for employees to have their company emails on their tablets and mobile phones, not having any controls in place can spell problems. Tivarri offer Mobile Device Management to its customers by automatically quarantining all new devices in a coordinated manner and working with the client’s authorised contact to authorise devices to access company email. This produces a list of authorised devices which can be tracked as users join or leave the company.
Why Choose Tivarri?
Meeting cyber insurers regulations when buying a cyber insurance policy can be a herculean task. If you cannot check the boxes on the checklist, do not panic. Tivarri is a one-stop solution provider to meet insurance and regulatory requirements. We provide top-notch, secure, and compliant cloud IT solutions at a price lower than internal IT, freeing up your time to be dedicated solely to meeting the expectations of your high-return customers. Our services are specially designed to ensure your organisation meet insurers requirements. We also provide Chief Technical and cyber security audit and review services, taking that burden off your shoulders.
Our cloud hosted solution provides:
Compliance: The Financial Conduct Authority regulates around 50,000 financial services firms and financial markets in the UK. Our solutions are designed for FCA compliance.
Expert Support: Some of our clients have complained that their previous service providers were unable to respond promptly when they needed their help. At Tivarri, we believe in having accessible trained engineers when you need them.
Enhanced Security and Data Loss Prevention: Hedge funds hold such sensitive information that when leaked or breached hold catastrophic impact. We have included a host of features including multi-factor authentication, Microsoft Defender antivirus, email archiving (with litigation on-hold), spam protection, etc. We offer HTTPS encryption to ensure data is encrypted in transport and data encryption using Microsoft BitLocker to ensure data encrypted at rest on PCs and within Microsoft data centres.
Unsure of how to meet your cyber insurance requirements? Contact us to get started.