If you own a business, you might have already received a cybersecurity checklist from your insurance provider. Many providers require businesses to state what kind of cybersecurity measures are in place in order to determine if they will cover loss due to a cyber-attack. This checklist can be full of terms that the average person is unfamiliar with.
The way you fill out the checklist can make the difference between coverage and full loss in the case of a cyber-attack. Learning the terms and making sure your company has these specific cybersecurity measures in place will help ensure you’re covered in the event of a disaster. Let’s go over some of the terms you might come across in a cybersecurity insurance checklist.
Sandbox
A sandbox is an environment used to test suspicious software. Isolating the software from the host device, network, and other devices protects them from potential threats. This means if the software is malicious, it will not be able to infiltrate any company systems and will be safely detonated away from your digital assets.
SPF – Sender Policy Framework
Sender Policy Framework can identify whether an email is coming from a malicious source. It does so by authenticating and identifying the emails that can be sent from a specific domain. This prevents spoofers, phishers, and scammers from ever hitting your inbox.
MFA – Multi-Factor Authentication (Also known as 2-factor authentication)
Most people are familiar with multi-factor authentication or 2-factor authentication. This is a process that will send a code either to a secure email address or phone number that you will then enter before you are allowed to access your account. This adds an extra layer of protection to your accounts and ensures hackers won’t gain access by just guessing your password.
ATP – Advanced Threat Protection
ATP is referring to cybersecurity that defends your systems against cyber-attacks such as malware or hacking. It can detect malicious malware code, phishing links, and suspicious sites. This type of protection is designed to target threats that may slip past standard security measures.
EPP – Endpoint Protection Platform
An EPP is a protection platform that is usually cloud-based and utilizes such data to determine an attack. This includes 24/7 monitoring and alerts as well as the remote ability to identify and prevent attacks quickly. This type of security targets file-based attacks and threats such as malware.
EDR – Endpoint Detection and Response
EDR tools are used to detect threats from malware and ransomware and respond to threats on an endpoint. This response happens in real time which enables a security team to prevent threats upon notification. This type of security offers several layers of protection through detection and response.
Protective DNS
A Protective DNS prevents attacks by malicious websites through security policies and protocols. It provides a secure internet connection for your business. In addition, a protective DNS provides confidentiality as well as protection from malicious threats such as cache poisoning.
Macro-Enabled Documents
A macro-enabled document is a type of document that can store files from Word, Excel, Publisher, and more but with a specific set of tasks that trigger automatically. This file appears as a DOCM file. This type of file can be used to download malicious software.
Data Encryption
Data encryption ensures that data is protected from one user to the other by limiting access only to those with a specific code or encryption key. This way, even if data falls into the wrong hands, they will not be able to access it.
BCP-Business Continuity Plan/ BDR Business Disaster Response
BCP or BDR is a policy or document showing how your company will maintain operations during a disaster or disruption. This document will line out each risk and the steps to be taken to prevent said risks as well as the plan for how the business will keep running during the event of a disaster.
The Bottom Line
The bottom line is knowing these terms can help you better understand whether you have these specific protections in place. If you don’t, some insurance providers won’t offer coverage in the event of a cyber-attack. To schedule an assessment to evaluate your cybersecurity posture, book an appointment with Computek here!