By Chris Griesemer, Partner and Information Technology Security Specialist for Community Banks
A client of mine at The Whitlock Co. recently brought to my attention that insurance companies are changing Cybersecurity Policy requirements, especially in the baking sector. After researching this and talking to my network of experts, I understand that insurance companies are concerned that multiple breaches of privileged accounts in the past year, such as admin accounts, gave hackers access to local networks. Because of this, some insurance providers are requiring companies to implement additional security measures to keep their Cybersecurity Policy. Because these requirements have expanded, if a cybersecurity breach happens and the company has not implemented these security measures, the insurance company can deny the claim.
Insurance companies have different requirements though most are requiring clients to implement Multi-Factor Authentication (MFA) on privileged accounts within the company’s internal network. One MFA technique most insurance companies are requiring is a texted code to allow admin login. Example: When a network administrator is logging into the network, a code is texted to the administrator’s cell phone. The administrator must enter this code to access the admin account. This takes place if the administrator is logging in to a cloud product or the company’s Microsoft local network.
I will post additional information regarding Cybersecurity Policy requirements as they are implemented. In the meantime, I encourage everyone to review their Cybersecurity Policy and find out what is required to make sure the policy is not denied in the event of a cybersecurity event. If you have any questions or are interested in a network cybersecurity audit, please contact Chris Griesemer at The Whitlock Co.