Subscribe
Share
Share
Embed
Billions & Billions of eyeballs, six continents, 10k+ servers, and plenty of lessons learned over 2+ decades in IT. If you're looking for quick tips on optimizing tech, managing suppliers, and growing a business, 20 Minutes Max is the space for you.
Join me as I talk about things that come up during my day and share insights on taking your business to the next level. In less than 20 minutes, you'll walk away with actionable advice and strategies for success. Take advantage of this valuable resource for CEOs, CFOs, and business leader.
Hey. I'm Max Clark. Do you have a business? Do you have business insurance? Do you have a cyber insurance policy?
Speaker 1:Are you trying to get 1, or is it coming up for renewal? Right? Do you have business insurance? Do you have a cybersecurity policy? Are you trying to get 1?
Speaker 1:Is it coming up for renewal? Right? Like, the answer to those things are, if you have a business, you should have insurance. If you don't have cyber insurance, you should absolutely get it. If you have cyber insurance, it's gonna come up for renewal.
Speaker 1:Right? So, like, the answer to all these questions are yes. I'll just make this test open book and easy for you. With those yeses, the landscape around cyber security and cyber security insurance cyber insurance is shifting. Right?
Speaker 1:Insurance carriers do not want to be paying out infinite amounts of money with cyber breaches, and they are tightening the restrictions. The way they do this is by forcing you as their customer, their insurance customer, to increase your posture. Alright? We talk about this in posture, increase your maturity, increase the stuff you got. Alright?
Speaker 1:Now let me I'll make a simple example. Right? Like, if you've got a physical location for your business, what does that insurance want? Do they do you have a sprinkler system to help your you know, keep that building from burning down? Do you have locks in the door?
Speaker 1:Do you have an alarm system? Do you have cameras? You probably like, think about that. Right? Like, you know, if you've got a protecting against theft or fire, the insurance company wants to know if you've got stuff to help protect you against theft and fire.
Speaker 1:Same thing is true with cyber. And what the insurance company is gonna start asking you for and start looking at if you're not already seeing it, you're gonna you will see this soon, so get ahead of it. Now is the time to take action and get ahead of this. They're gonna wanna understand what your identity how you manage identity and access management. Identity and you know, maybe they're gonna start seeing it as SSO as well.
Speaker 1:Right? So we talk about I'm is number 1. Number 2, it's gonna be multifactor authentication or 2 factor authentication. Number 3, you're probably gonna see in the list. It's gonna be security awareness training.
Speaker 1:Are you doing something to educate your users to have access to your system on good behaviors versus bad behaviors? You're going to have a requirement around, endpoint detection response. This is not antivirus. Some people will brand their product as advanced antivirus. Right?
Speaker 1:It's not or or next gen AV. It's not it's not antivirus. It's endpoint detection response. You're going to have a secure email gateway. These are platforms that do a couple things for you.
Speaker 1:The first one, of course, is they help prevent viruses coming in via email. Email is a huge threat vector. Everybody, you know, like, don't beat anybody up if they click an email link. Like, you're dealing with professionals saying this stuff out. But email is a huge threat factor.
Speaker 1:So, right, secure email gateway, both for stuff coming in and then, of course, the other one, which is impersonation. Right? Can you get onto an email platform and impersonate an executive, the CEO, the owner of the business, and get an employee to do something that they shouldn't do. Right? The big examples are, of course, hey.
Speaker 1:I've pretended to be the x, y, and z of the business and wire money out. This affects small businesses. It affects large enterprises. I know of of one example where they had an impersonation issue, pretended to be the CFO of the company, and have the accounting department wire $40,000,000 out. Hey.
Speaker 1:We're buying a business. It was normal behavior and activity. Wasn't unusual. We've got an acquisition target. It's super confidential because of x, y, and z.
Speaker 1:Had the phrasing correct and the language correct. Hey. I'm in I just I'm I'm in this country to go close the deal. Not weird because that's where the person actually was. Everything lined up.
Speaker 1:I need you to wire money into escrow here this much. Boom. $40,000,000 out the door. Right? Problem technology solution to help prevent that stuff and and put that in place.
Speaker 1:You can level up all of these things, but this is gonna become the bare minimum when you see your insurance application. It's gonna ask you. You're gonna have a checkbox. Right? The first one is probably gonna be there's a checkbox of, do you have this?
Speaker 1:And then you might have a a question that's gonna say, what do you have specifically? Right? Like, do you have a market leading version of this thing? And we know, you know, maybe it's not even market leading. This is just, like, actually a market version of this thing.
Speaker 1:Now you then have the ability of increasing your posture or increasing your maturity. You can go from an unmanaged EDR system into a managed detection and response. Some people wanna brand this stuff MTDR versus MDR, but you go into MDR. MDR usually brings along with it a SIEM, threat intelligence. All these things are good.
Speaker 1:Right? Like, having a door is good. Having a door with a lock is better. Having a door with a lock with a deadbolt is better. Having a door, a lock, a deadbolt, and a security gate, even better.
Speaker 1:Right? So part of what we have to do and part of what we help our clients with is understanding, you know, where they're at, what they actually need, and how do they improve that over time. Or maybe, you know, the first answer isn't, you know, we're gonna go put and retrofit everything with security doors and security gates. But do you at least have the door and the door lock on? No.
Speaker 1:You don't have a door and a door lock. Let's get you the door and a door lock and put that into place and make sure that exists first. And and as you can probably imagine, like, the incremental value from going from door lock deadbolt to then putting a security gate on top of it. Security gets way more secure, but, like, maybe you don't need to get there. Maybe that's not the thing that you need.
Speaker 1:Just having a deadbolt is gonna take care of most of what you need, and you can get a deadbolt for not that much money. Same thing is true in the cybersecurity space. The terminology is complicated. Sorry. I don't you know, this is just tech.
Speaker 1:The the terminology is complicated. There's more acronyms than the military. I think the military and tech are in a constant war to who who could have more acronyms. A lot of tech people get into a lot a lot of military people end up in in the cybersecurity space, so that doesn't help things either. You know?
Speaker 1:Yes. You need these tools. Yes. There'll be a point where you won't be able to get cyber insurance if you don't have the tools. Yes.
Speaker 1:It'll make your cyber insurance rates cheaper if you have the tools. The better the tools you are, the better your rates. The the more mature you have, the better your operations, etcetera, etcetera, etcetera. So if you have questions about this, this kind of could be short. Right?
Speaker 1:You know? If you have questions, ask them below. Comment below. Send me an email. Call me.
Speaker 1:Love to help. The day is coming. You know? If you sign a cyber insurance policy, you've got 364 days before it renews probably. So get ahead of it.
Speaker 1:Find out what you need. Find out how you lower your premiums. It it probably might actually just pay for the tooling, so go ahead and do it. Like, it's good. These are good things.
Speaker 1:It'll save your business. I guarantee it. I'm Max Clark. Hope it helps. Comment below.