• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Boost IT

Boost IT

Managed IT, Cybersecurity, Cloud - Atlanta, Dunwoody, Buckhead

  • SERVICES & SOLUTIONS
    • Take an IT Self-Assessment
    • Take a Cybersecurity Self-Assessment
    • One IT Question
    • IT SECURITY >
      • Cybersecurity Assessment
      • HeatShield Perimeter Firewall
    • IT MANAGEMENT >
      • 24/7 Help Desk Support
      • Managed IT Support
      • Mobile Workforce
      • Software Updates
      • Remote Server Monitoring
      • Wi-Fi
    • IT CONSULTING >
      • IT Insight & Ongoing Guidance
      • vCIO – Virtual CIO
    • CLOUD >
      • Backup & Restore Data Quickly
      • Microsoft Office 365 & E-mail
      • Cloud File-Sharing Platform
      • Business Phone System
    • Transition to Boost IT
    • IT Assessment Checklist
    • Frequently Asked Questions
  • OUR CLIENTS
    • Engineering
    • Financial Services
    • Healthcare
    • Real Estate Development
    • Projects
    • Testimonials
  • OUR TEAM
    • Our Proven Process
    • Our Partners
  • BLOG
  • CONTACT
    • Book a Meeting
    • Client Portal
    • Remote Support
You are here: Home / Cyber Security / 17 New Cyber Liability Insurance Questions Your Provider Will Ask

17 New Cyber Liability Insurance Questions Your Provider Will Ask

August 6, 2021 by Boost IT

cyber liability insurance

Are you ready for this?

What steps will you have to take to acquire cyber liability insurance today?

We’ve received lots of requests from clients or prospects asking us to help populate their cyber liability insurance questionnaires. A few of the more important questions being asked are below.

E-MAIL SECURITY

  1. Do you filter/scan incoming e-mails for malicious attachments and/or links?
  2. Do you strictly enforce SPF on incoming e-mails?
    • Guideline: Sender Policy Framework (SPF) allows you to publish IP addresses which should be trusted for your domain.
  3. Are external emails tagged to alert your organization’s employees that the email originated from outside the organization?
  4. Does your cyber security awareness program include phishing training and testing?
    • If “Yes” to the above, howoften are phishing exercises conducted (e.g. monthly, quarterly, annually)?
  5. Do you use Office 365 in your organization?
    • If “Yes” to the above:
      Do you use the o365 Advanced Threat Protection add-on?
      Do you enforce multi-factor authentication for all users of Office 365?

INTERNAL SECURITY

  1. Do you use malware protection or endpoint detection and response (EDR) tools
    • Guideline: Common EDR tools include Carbon Black Cloud, Cisco AMP, Crowdstrike Falcon, Cylance, Endgame Endpoint Protection, Symantec EDR, Windows Defender.If “Yes” to the above, do you use an external service provider to monitor EDR tools?
  2. Do you use multi factor authentication:
    • To protect privileged user accounts?
    • For remote access to your organization’s network?
  3. Do you have a secure/hardened baseline configuration which is regularly reviewed and updated by someone with security expertise and/or in line with industry standards?
    • If “Yes” to the above, is this baseline configuration materially rolled out across servers, laptops, desktops and managed mobile devices?
  4. Do you have established processes for rapidly applying critical security patches across servers, laptops, desktops and managed mobile devices?
  5. Do you route all outbound web requests through a web proxy which monitors for and blocks potentially malicious content?
    • If “Yes” to the above, which Web Proxy Service do you use (e.g. Websense, Bluecoat)?

BACKUP AND RECOVERY POLICIES

  1. Do you take regular (at least monthly) backups of key server configurations and data?
  2. Are your backups encrypted?
  3. Are your backups disconnected from and inaccessible through the organization’s network?
  4. Do you test the successful restoration and recovery of key server configurations and data from backups?
  5. Do you use credentials unique to backups that are stored separately from other user credentials?
  6. Do you use a protective DNS service (e.g. Quad9, OpenDNS or the public sector PDNS)?

OTHER RANSOMWARE PREVENTION MEASURES

Please describe any additional steps your organization takes to detect and prevent ransomware attacks (e.g. segmentation of your network, additional software tools, external security services, etc.).

And then sign and print your name, title, company and date.

Don’t assume that you’re meeting these guidelines.  As a professional IT services provider we speak to countless well-meaning organizations that assume they are secure based on very flimsy to no evidence. 

For example:

  • turning on Windows Update on all computers does NOT guarantee that updates are being applied. 
  • Installing an anti-virus agent does not ensure that the agent continues to receive updates and function as designed.

DO NOT casually answer these questions with a yes, or you may find you have NO COVERAGE at all when you need to file a claim.

Questions? We can help!

Send Us A Message

Filed Under: Cyber Security Tagged With: Insurance, Risk

Connect With Us

  • Facebook
  • Instagram
  • LinkedIn
  • YouTube

Footer

Next Steps

Start with the SOLUTIONS menu above.

Take an IT Self-Assessment.

Take a Cybersecurity Self-Assessment.

Read Case Studies about how we’ve helped our clients transform their companies.

View Testimonials from current clients.

Review some of our Projects.

Featured Posts

How To Choose a New Laptop

How To Create a Shared Calendar in Outlook & Microsoft 365

17 New Cyber Liability Insurance Questions Your Provider Will Ask

Atlanta Real Estate Firm Gets Ransomware

Why Hackers Target Small Businesses

Cloud File Sync and Share Provides Speed and Efficiency

Office Location

© 2000–2023 · Boost IT, LLC · Coverage Area

  • SERVICES & SOLUTIONS
  • OUR CLIENTS
  • OUR TEAM
  • BLOG
  • CONTACT