• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
cropped BoostIT Invoice Logo scaled 1 e1642102882713

Boost IT

IT Management, Cybersecurity, & Cloud

  • SERVICES
    • IT MANAGEMENT >
      • Take an IT Self-Assessment
      • IT Assessment
      • 24/7 Help Desk Support
      • Remote Workforce
      • Software Updates
      • Remote Server Monitoring
      • Reporting & Documentation
      • Wi-Fi
    • CYBERSECURITY >
      • Take a Cybersecurity Self-Assessment
      • Cybersecurity Assessment
      • Endpoint Detection & Response
      • Multi-Factor Authentication (MFA / 2FA)
      • Security Operations Center (SOC) Support
      • HeatShield Perimeter Firewall
    • IT CONSULTING >
      • vCIO – Virtual CIO
    • CLOUD >
      • Data Backup & Disaster Recovery
      • Microsoft Office 365 & E-mail
      • Cloud File-Sharing Platform
      • Business Phone System
    • Frequently Asked Questions
  • OUR CLIENTS
    • Engineering
    • Financial Services
    • Healthcare
    • Real Estate Development
    • Testimonials
    • Transition to Boost IT
  • OUR TEAM
    • One IT Question
    • Our Proven Process
    • Our Partners
  • BLOG
  • CONTACT
    • Book a Meeting
    • Client Portal
    • Remote Support
You are here: Home / Cyber Security / 17 New Cyber Liability Insurance Questions Your Provider Will Ask

17 New Cyber Liability Insurance Questions Your Provider Will Ask

August 6, 2021 by Boost IT

cyber insurance 768x292 1

Are you ready for this?

What steps will you have to take to acquire cyber liability insurance today?

We’ve received lots of requests from clients or prospects asking us to help populate their cyber liability insurance questionnaires. A few of the more important questions being asked are below.

E-MAIL SECURITY

  1. Do you filter/scan incoming e-mails for malicious attachments and/or links?
  2. Do you strictly enforce SPF on incoming e-mails?
    • Guideline: Sender Policy Framework (SPF) allows you to publish IP addresses which should be trusted for your domain.
  3. Are external emails tagged to alert your organization’s employees that the email originated from outside the organization?
  4. Does your cyber security awareness program include phishing training and testing?
    • If “Yes” to the above, howoften are phishing exercises conducted (e.g. monthly, quarterly, annually)?
  5. Do you use Office 365 in your organization?
    • If “Yes” to the above:
      Do you use the o365 Advanced Threat Protection add-on?
      Do you enforce multi-factor authentication for all users of Office 365?

INTERNAL SECURITY

  1. Do you use malware protection or endpoint detection and response (EDR) tools
    • Guideline: Common EDR tools include Carbon Black Cloud, Cisco AMP, Crowdstrike Falcon, Cylance, Endgame Endpoint Protection, Symantec EDR, Windows Defender.If “Yes” to the above, do you use an external service provider to monitor EDR tools?
  2. Do you use multi factor authentication:
    • To protect privileged user accounts?
    • For remote access to your organization’s network?
  3. Do you have a secure/hardened baseline configuration which is regularly reviewed and updated by someone with security expertise and/or in line with industry standards?
    • If “Yes” to the above, is this baseline configuration materially rolled out across servers, laptops, desktops and managed mobile devices?
  4. Do you have established processes for rapidly applying critical security patches across servers, laptops, desktops and managed mobile devices?
  5. Do you route all outbound web requests through a web proxy which monitors for and blocks potentially malicious content?
    • If “Yes” to the above, which Web Proxy Service do you use (e.g. Websense, Bluecoat)?

BACKUP AND RECOVERY POLICIES

  1. Do you take regular (at least monthly) backups of key server configurations and data?
  2. Are your backups encrypted?
  3. Are your backups disconnected from and inaccessible through the organization’s network?
  4. Do you test the successful restoration and recovery of key server configurations and data from backups?
  5. Do you use credentials unique to backups that are stored separately from other user credentials?
  6. Do you use a protective DNS service (e.g. Quad9, OpenDNS or the public sector PDNS)?

OTHER RANSOMWARE PREVENTION MEASURES

Please describe any additional steps your organization takes to detect and prevent ransomware attacks (e.g. segmentation of your network, additional software tools, external security services, etc.).

And then sign and print your name, title, company and date.

Don’t assume that you’re meeting these guidelines.  As a professional IT services provider we speak to countless well-meaning organizations that assume they are secure based on very flimsy to no evidence. 

For example:

  • turning on Windows Update on all computers does NOT guarantee that updates are being applied. 
  • Installing an anti-virus agent does not ensure that the agent continues to receive updates and function as designed.

DO NOT casually answer these questions with a yes, or you may find you have NO COVERAGE at all when you need to file a claim.

Questions? We can help!

Send Us A Message

Filed Under: Cyber Security Tagged With: Insurance, Risk

Connect With Us

  • Facebook
  • Instagram
  • LinkedIn
  • YouTube

Primary Sidebar

Have questions about cybersecurity?

We've successfully protected Healthcare, Legal, Financial Services, Engineering, Manufacturing, Non-Profit & Real Estate Development organizations for over 20 years.

Click below to see the questions on your next cyberinsurance application!

See the cyberinsurance application

Footer

Next Steps

Start with the SERVICES menu above.

Take an IT Self-Assessment.

Take a Cybersecurity Self-Assessment.

Read Case Studies about how we’ve helped our clients transform their organizations.

View Testimonials from current clients.

Featured Posts

How To Choose a New Laptop

How To Create a Shared Calendar in Outlook & Microsoft 365?

17 New Cyber Liability Insurance Questions Your Provider Will Ask

Atlanta Real Estate Firm Gets Ransomware

Why Hackers Target Small Businesses

Cloud File Sync and Share Provides Speed and Efficiency

Office Location

© 2000–2023 · Boost IT, LLC · Coverage Area

  • SERVICES
  • OUR CLIENTS
  • OUR TEAM
  • BLOG
  • CONTACT