Insurance coverage

Multi-Factor Authentication: The New Standard for Cyber ​​Insurance Coverage – Security

To print this article, all you need to do is be registered or log in to Mondaq.com.

Ransomware – a demand for monetary payment to regain access to one’s data or network – continues to rock the rankings as a go-to get-rich-quick scheme from cybercriminals. As we know, the pandemic has spurred the work-from-home or hybrid work movement that will likely continue for years to come. With more and more employees working from home, more data is being shared remotely, leaving the door open for missed or inadequate IT and technology security. Phishing and fraud schemes and social engineering methods used to demand a ransom are particularly attractive because they target and exploit the number one security risk – a company’s employees.

In light of the heightened risk of ransomware, cyber insurance coverage has seen explosive growth, forcing insurance companies to make massive payouts. In turn, the prerequisites for obtaining cyber cover have also evolved, including, but not limited to, an internal security measure called multi-factor authentication (“MFA”). General one-password systems are no longer sufficient safeguards. Password theft is common because many people use the same password on every system they access and one of those systems has been compromised at one time or another.

Multi-factor authentication is not a new concept, but the topic is a hot one and a sticking point as insurers assess the solutions and policies required for cyber insurance coverage in light of the exponential rise in attacks of ransomware.

What is the MFA? Multi-factor authentication is an additional level of security over common passwords. When logging into a system, program, or device with a password, MFA requires the user to receive and enter a second form of authentication which can be sent via text, call, email, or any other code to get there. My colleague Scot Ganow wrote about this years ago in his PDS blog post (he would call it a plea), “Multi-Factor Authentication (MFA). Please. Do it. Now.” Some may find MFAs a bit boring because it’s an extra step in the login process. While this may be true, MFAs are relatively simple to use and implement, relatively inexpensive, and quite effective in preventing hackers from attempting to gain access to a system.

The cost-benefit analysis is a no-brainer as the average ransomware payout is in the millions and MFAs are said to block 99% of attempted attacks. Implementing an MFA is a simple and effective step to proactively prevent breaches when a threat actor strikes. And, in the end, let’s face it. Security isn’t meant to be convenient. Trust us, the extra few seconds it takes to log into an account are nothing compared to the days and weeks (and dollars) spent trying to recover from a security incident. And if that wasn’t enough, how about doing it just to get or just keep your cyber insurance? This is because carriers require it to get insurance and may deny coverage if you don’t have it in place. Again, consider the call:
Multi-factor authentication (MFA). Please. Do it. Now.

The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.

POPULAR ARTICLES ON: USA Technology

Property rights in NFTs are in the spotlight

Wiley Rene

Interest in non-fungible tokens (NFTs) – unique digital assets created and sold on blockchains – has exploded over the past year. Buyers have paid millions for these digital goods…

Important security updates released by Apple

Taft Stettinius & Hollister

If you haven’t yet seen notifications in the Taft Privacy and Data Security mobile app, we wanted to let you know or remind you of some important security updates released by Apple…