Since 2013, one of the situations I’ve found myself in over and over again is assisting customers with their annual cybersecurity audits. You know, the one that your insurance company hits you with every year prior to renewing your cyber liability insurance.
If you don’t know what I’m talking about here, I’d advise you to call your local insurance broker ASAP.
Over the years I’ve seen a pattern develop, where the insurance companies tend to focus their proverbial Great Eye of Sauron onto one particular security theme each year. Some years they have focused on Firewalls; other years, they’ve focused on passwords. I’ve come to call it the “Buzzword of the Year”. Once I’ve seen the first audit questionnaire, I read it to determine the Buzzword of the Year, or, BOY, if you like acronyms. And BOY, do IT folk like acronyms. That’s a joke.
Once the BOY has been determined, I’ll examine the solutions to the BOY, and then offer a solution to the customer that, once implemented, satisfies the cyber insurance companies. The Great Eye of Sauron then rests for another year.
It took me all of 2 pages to determine that 2FA – Two Factor Authentication – is the 2022 Buzzword of the Year. For those that aren’t aware, 2-Factor authentication is the fancy term for the security code that gets texted to your cell phone when you try to login to an app or website. Sometimes, the 2FA code is within an app on your phone. If you can’t provide the 2FA code, you won’t be allowed to login.
A few pages more into the questionnaire, and I started to realize their stance on said buzzword is far more serious than in years past. More than likely because their audits during COVID-19 times were a bit, erm, lightweight. So let’s talk about what the cyber insurance companies are asking for this year, why, what it is going to take to meet their demands, and what you need to prepare yourself and your business for. This one is going to hurt a bit, but you’ll be a lot safer for it.
The What – Cyber insurance companies are asking that 2-factor authentication be added to existing in-house cloud and on-premise accounts. What does that mean? Well, you’re no doubt already used to dealing with 2FA texts and whatnot to access your personal email and financial accounts. Expand that to now include your work email, and expect that once implemented, you will occasionally be prompted for a 2FA code before Outlook on your work PC retrieves your email. Logging in remotely using a VPN? Gotta have 2FA enabled on that login as well.
Another requirement – if you have any administrator rights on your local network, you’ll need 2FA enabled for logging into your PC. This will likely apply to the owner and/or manager, and if you use an outside IT company to manage your network, they will have to implement 2FA on their accounts as well.
The Why – Google reported in February of this year that forcing 2FA on 150 million Google accounts and 2 million YouTube creators resulted in a 50% decrease in compromised accounts. You can read the Google blog post here, but the takeaway is 2FA dramatically reduces the ability of hackers to break into your online accounts. The insurance industry no doubt sees a potential for 50% less claim payouts if they require customers to implement 2FA, so they’re now making it a requirement for pretty much everything.
What You Need To Prepare For – Pushback. Business owners will want to do this, but employees will initially be frustrated. I suspect that those of us who were born with a smartphone in our hands will whine and moan over the water cooler once or twice, then life goes on. Those that carry a flip phone may decide to retire early! Again, just kidding.
Business owners and managers should communicate with employees that 2FA is is coming and will be a requirement. Don’t forget to add it to the employee manual!
Employees should settle on a 2-factor authentication app for their smartphone, install it, and get familiar with it. PRO TIP: You may also want to consider a password manager app.
What Is It Going To Take – To meet insurance company demands, you should have a meeting with your IT provider to identify where 2FA needs to be implemented, who needs it, the products the IT provider offers, and of course, pricing. If you’re in the financial or healthcare sector, make sure your IT provider is meeting the specific 2FA legal requirements of those industries.
Your IT provider is likely to recommend any one of literally dozens of products that are currently available on the market. Here at Greenmark, we have implemented 2FA solutions on our own in-house systems with great success. Important factors in choosing the right 2FA provider for your business include what type of network you have, whether or not you allow client VPN connections, who your email provider is, what industry you are in, and most importantly where you see your business in 3 to 5 years. Will you have an office or will everyone be working remotely? Will you have a server on-site, or in the cloud?
If you’d like some assistance with implementing 2FA on your network, or have a security questionnaire to fill out, I would be happy to help. Shoot me a message with the contact form below, or give me a call at 1-888-602-8990, option 3.
Would you like to see an upcoming article on the best 2FA apps Greenmark recommends for your smartphone? Let me know using the contact form below!
Eric Warren is the CEO of Greenmark IT, a business he started in 2010 after spending 14 years in the industry.
When not servicing clients, Eric enjoys spending time in his basement “Makers Shop” creating epic projects encompassing Arduino, electronics, CAD, drones, R/C airplanes, 3D printed objects, photography, and videography.
Eric resides in Mapleton with his wife Michelle and son Ben.