Can Businesses Learn a Cybersecurity Lesson from Tommy Boy?

Content by: David Walter from MTS

Remember that famous line from Tommy Boy about guarantees? “If you want me to put a promise in a box and mark it guaranteed, I will. I got spare time.” It’s a humorous yet poignant reminder that a guarantee is only as good as the product behind it. The same principle applies to cyber insurance. If your cybersecurity measures aren’t up to par, your cyber insurance policy might just be a “guaranteed piece of inferior quality.”

The Illusion of Security

Cyber insurance promises to cover your losses in the event of a cyberattack, but this promise is contingent on your adherence to stringent security protocols. If you’re not 100% sure that you have all the necessary security controls in place, you might find that your cyber guarantee is nothing more than crap in a box when a major incident occurs.

Essential Cybersecurity Measures

To ensure that your cyber insurance is more than just a hollow promise, you need to implement and maintain robust cybersecurity practices:

• Multi-Factor Authentication (MFA): This adds an extra layer of security, making it harder for unauthorized users to access your systems.
• Ongoing Cybersecurity Awareness Training: Regular training helps employees recognize and avoid phishing attempts and other cyber threats.
• Regular Security Audits and Assessments: These help identify vulnerabilities and ensure your security measures are up-to-date.
• Incident Response Plan: A well-documented and tested plan ensures quick and effective responses to cyber incidents.
• Data Encryption: Protects sensitive data from unauthorized access.
• Endpoint Protection: Safeguards all devices connected to your network.
• Regular Software Updates and Patch Management: Keeps systems protected against known vulnerabilities.
• Access Controls: Ensures only authorized personnel can access sensitive information.
• Backup and Recovery Solutions: Ensures quick restoration of operations after an attack.

The Role of Your IT Guru

It’s crucial to ensure that your IT director or managed services provider (MSP) is not just any IT professional but one who is certified in cybersecurity. This is especially important if your organization falls under regulatory compliance standards like the Federal Trade Commission (FTC) Safeguards Rule or the Cybersecurity Maturity Model Certification (CMMC). Both of these standards have significant penalties for non-compliance12.

MSSP vs. MSP

You should also verify that your IT provider is a Managed Security Service Provider (MSSP), not just a Managed Service Provider (MSP). An MSSP offers specialized network security services, including monitoring and managing security systems and devices, which are crucial for maintaining a strong cybersecurity posture. This distinction is vital because an MSSP provides a higher level of security expertise and services compared to a standard MSP.

The Real Value of Cyber Insurance

Cyber insurance can be a valuable safety net, but only if you’ve done your part to secure your business. By implementing these measures and ensuring your IT Services team is properly certified and equipped, you can transform your cyber insurance from a “guaranteed piece of inferior quality” into a reliable safeguard that will be there when you need it most.

So, before you rely on that cyber insurance guarantee, make sure your cybersecurity practices are solid. Otherwise, you might just end up with a box of promises when you need real protection.

Have you taken any steps to assess your current cybersecurity measures, or do you need guidance on where to start?