WIXLIB

Guide to CommonSubjectivities and SolutionsSubjectivities may be added to your CorvusSmart Cyber or Smart Tech E&O insurancequote. These are steps that the underwriterhas required be completed before the policycan be bound or issued. Each of the commonsubjectivities discussed below have beendemonstrated to significantly reduce cyber risk;in addition to helping you to obtain insurance,they will make your organization less likely toexperience an incident.The goal of this guide is to help you workthrough these common subjectivities andunderstand what resources Corvus hasavailable to help you to meet the specifications.CorvusInsurance.comTable of ContentsMulti-factorAuthentication (MFA)p.2Endpoint Detectionand Response (EDR)p.4Backup Strategyand Processp.5Email SecurityFiltering Toolsp.6Data Encryptionp.7Remote DesktopProtocol (RDP)p.81

Multi-Factor Authentication (MFA)What is MFA?Multi-factor authentication (MFA) is an authenticationmethod that requires the user to provide two ormore verification methods in order to gain access toan account. Rather than just asking for a usernameand password, MFA requires additional verificationfactors, which decreases the likelihood of a successfulcyberattack. Typically MFA involves a combination ofsomething you know (a password or PIN), something youhave (a code or token generated by a cell phone app orother hardware), and/or something you are (a fingerprintor face scan).Where are policyholders required to implement MFA?MFA is required for: Email Access: On-premise email servers or cloudhosted email servers. Remote Access: Anything that allows accessinto your internal environment or access to SaaSbased applications that store PII, PHI, or any othercritical information. Administrator Access: Accounts that give full accessto a system like local administrator accounts anddomain administrator accounts (privileged useraccount access).CorvusInsurance.com Internal usage of privileged accounts, such as localadministrators or domain administrators, shouldalso be secured with MFA where possible — or beprotected by compensating controls such as theuse of a privileged account management (PAM)solution that stores privileged account credentialsand unique local administrators’ credentials, and canrotate them after use. For services accounts where MFA will not beapplicable, we recommend using other cybersecuritybest practices, such as a Privileged AccountManagement (PAM) solution to manage those, andall, privileged accounts.Put simply, companies should look to secure any remoteaccess points to their systems or data with MFA.Why are policyholders required to implement MFA?MFA helps protect against a large number ofunauthorized access events, including data breaches andpassword-based cyberattacks. Fortunately, MFA is anaffordable option to further protect your organization.Notably, through Microsoft 365 and Google Workspace,MFA is available for free at all license levels, making themgreat solutions for smaller organizations. For largerorganizatinations, enterprise solutions such as DUO orOkta typically integrate with most systems already in useand provide additional security and monitoring features.2

Multi-Factor Authentication (MFA)What resources are available to helppolicyholders implement MFA?For email and cloud, major cloud email providers likeMicrosoft 365 and Google Gmail or Workspace have afree MFA solution, regardless of the subscription levelpurchased. Many cloud software comes with free MFAsolutions that just need to be turned on, especiallysoftware that is used to store sensitive data (such asElectronic Medical Records software and HR software). Official Microsoft documentation GSuite DocumentationFor remote access, policyholders should check whetherthe VPN or other remote access tool that they use hasMFA as a free option. If not, they will need to identify anMFA tool that integrates with their software or hardware,such as Duo or Okta.For administrator accounts, policyholders shoulddetermine if there are any free MFA solutions availablefor the admin credentials. This however is less likely,especially if they are a hybrid on-premise and cloudenvironment, and they may need to identify an MFAsolution such as Duo or Okta.For more information on MFA, visit: Corvus tips on implementing MFA (PDF) Our Knowledge Nest article on MFAFor policyholders looking to hire experts to help themimplement MFA, Corvus offers an MFA Consult thatcan be requested via our simple form with no up-frontcommitment. We will then connect policyholders tovendors to assist at reduced, cost-effective rates.Need more help? Email services@corvusinsurance.com,and be sure to copy in your Corvus Underwriter andyour broker.CorvusInsurance.com3

Endpoint Detection and Response (EDR)What is EDR?Endpoint detection and response (EDR) is an integratedendpoint security solution that combines real-timecontinuous monitoring and collection of endpoint datawith rules-based automated response and analysiscapabilities.The core functions of an acceptable EDR solution include: Monitoring and collecting activity data from endpointsthat could indicate a threat Analyzing the data to identify threat patterns Automatically responding to identified threats toremove or contain them, and notify security personnel Access to forensics and analysis tools to researchidentified threats and search for suspicious activitiesWhen evaluating an EDR solution, a keen eye is neededto cut through the marketing messaging. Antivirusproducts may appear to have many bells and whistles, butultimately lack some of the key functions listed above. Andsome of the EDR software vendors offer multiple levelsof their product, the basic version of which may not haveEDR features and is effectively just antivirus (AV) software.When in doubt, send your Corvus Underwriter the fullname of the product that you’re using or considering, andwe can let you know if it’s a true EDR solution.Why are policyholders required toimplement an EDR tool?EDR provides something that traditional antivirus or evenmore advanced “next-gen AV” cannot: “Flight Recorder”technology that tracks activity on the system beforeand after an alert to clearly identify what maliciousactivity occurred on the system. EDR can provideinsight into data from all of your systems, allowing forquicker investigations and reducing the time to get upand running following an incident. Additionally, EDRcarries unmatched capabilities to protect your network’sendpoints. If there’s a threat detected, EDR can isolate thepotentially impacted system from the rest of the networkuntil an investigator can review the system.For more on the differences between EDR, AV, and NextGen AV, please read our article covering EDR on the CorvusKnowledge Nest.What resources are available to helppolicyholders implement EDR? Contact SentinelOne through Corvus’s Partner Linkand receive a 30% discount with a 60 day free trial.SentinelOne works across Windows, Mac and Linux OSand is very easy to implement. EDR Consult — For policyholders looking to hireexperts to help them identify and implement the rightEDR tool for their environment, Corvus has an EDRConsult that they can request via our simple form withno up-front commitment. We will then connect themto vendors to assist at reduced, cost-effective rates.Need more help? Email services@corvusinsurance.com,and be sure to copy in your Corvus Underwriter andyour broker.CorvusInsurance.com4

Backup Strategy and ProcessWhat is required regarding backups?Corvus will ask if the policyholder has formal processesfor regularly backing up, archiving, restoring, andsegregating sensitive data. Policyholders may also beasked if they are storing three (3) copies of data in two(2) different media, one (1) of which is offsite (“3-2-1backups”). If a system goes down, the organization is onlyas good as their backups and the most effective securitymeasures typically involve a layered approach.Why are policyholders required to havesolid backup strategies?Most companies we work with during ransomwareincidents have some form of backup solution or process,but all too often the backups fail due to poor securitycontrols. Having a great backup strategy (like the 3-21 strategy) will help ensure that organizations don’texperience complete data loss. Not only can a greatbackup strategy mitigate against ransomware attacks(quicker recovery, less likely to pay the ransom, etc.), itcan also reduce the impact of human error, be leveragedin the event of a natural disaster, and help organizationsstay compliant.CorvusInsurance.comWhat resources are available to help policyholdersstrengthen their backups?Whether by human error or cyberattack, if your systemgoes down, you are only as good as your backup. Beloware some resources related to backup solutions andbest practices. Learn more about the ABCs of 3-2-1 Backups on ourblog and check out our detailed article here. Read helpful backup solutions reviews sorted byrevenue size. For policyholders looking to hire experts to helpthem improve their backup strategy, they can requesta backup consult through Corvus. We will thenconnect them to vendors to assist at reduced,cost-effective rates.Need more help? Email services@corvusinsurance.com,and be sure to copy in your Corvus Underwriter andyour broker.5

Email Security Filtering ToolsWhat are email security filtering tools?An email security filtering tool, known by securityprofessionals as a Secure Email Gateway (SEG), issoftware used to monitor inbound and outbound emailsto protect businesses from spam, phishing, or maliciousemails containing viruses and malware. The gatewayworks by scanning URLs and attachments in emails forany malicious content.With email compromise used as a common attack vectorfor hackers to get access to an organization network, anemail security gateway can serve as a first line of defense.Not only can a SEG block and protect businesses fromemail threats — organizations can also utilize their emailsecurity filtering tool to meet compliance needs, thanks toemail archiving and encryption features, and to potentiallyavoid business interruption (since some SEG providerscan give users access to cloud email services should theirnetwork go down).What resources are available to help policyholdersimplement email security filtering tools? ProofpointIf the policyholder is using Microsoft 365, then considerturning on Microsoft Defender for Office 365 to meetthe requirement. Microsoft Defender for Office 365 isstandard in Microsoft 365 E5 or higher but can be addedto other Exchange and Microsoft Office 365 subscriptionsfor an additional cost.Need more help? Email services@corvusinsurance.com,and be sure to copy in your Corvus Underwriter andyour broker.Corvus FindingThe Data Science team at Corvus analyzed therates of phishing incidents among policyholdersbased on the email provider/email security toolthe organizations used. Policyholders using abelow-average rated email security service were2x more likely to experience a cyber claim whencompared to the group using above-averageemail security tools. Mimecast Cisco Ironport AppRiver SonicWALLIf you are using cloud-based email platforms likeMicrosoft 365 or Gmail, you can consider services thatare in-line operation, meaning mail flows directly throughthe email monitoring service and it monitors trafficwithout having to redirect mail flow. Products like Agarioffer this service. To research and find the right solutionfor your organization, see Gartner’s peer reviews ofdifferent solutions.CorvusInsurance.com6