#trusted
partner
Who's In Your Cloud?
Who's In Your Cloud?
Episode 21: Cyber Risk Insurance
/

Episode 21: Cyber Risk Insurance

Jul 19, 2022 | CYBERSECURITY, Who's In Your Cloud?

Who's In Your Cloud Blog Header Image

Welcome back to “Who’s In Your Cloud?” – 21 steps to secure, reliable, trusted technology. Brought to you by TechOnPurpose, this is Episode 21: Cyber Risk Insurance.

Last week, we discussed TOPcyber21 best practice number 20, Compliance Management and Reporting. Catch up on episode 20 to learn how this cyber element will help simplify the task of tracking and reporting variances or shortcomings in internal or third-party vendor compliance requirements so that you can focus on doing what you do best!

In today’s episode, join us for our final TOPcyber21 best security practice, Cyber Risk Insurance. We’ll be rounding out our 21 best practices by sharing how cyber risk insurance minimizes the cost of breach recovery and helps defend your organization from damages/legal liability associated with a data breach, giving your organization added peace of mind. Stick around to learn from our cast of cyber experts about the “do’s, don’ts, and gotchas” of cyber risk insurance and the available solutions these organizations recommend to make sure your cybersecurity is secure, reliable, trusted, and INSURED. We’re very thankful to our cyber expert cast joining us today from ConnectWise, RCS Secure, and RT Specialty as they help us educate our clients and prospects on the road to #secure, reliable, trusted technology.

Join us next time on “Who’s In Your Cloud?” for our finale episode, where we will be joined by fan-favorite expert cast members, to recap the entire WIYC journey and even share some behind-the-scenes bloopers you won’t want to miss. To our clients and audience, we hope you have found this an immersive, hopefully simple, educational, and enjoyable experience!

To catch up on our “Who’s In Your Cloud?” series, we’ve diversified your access options to all (23) episodes. You can revisit any episode here on our blog or connect with us by any of the following methods:

  • Email Newsletter: sign up at techonpurpose.net/blog and have each episode delivered directly to your inbox when released.
  • LinkedIn:  follow here
  • YouTube:  follow here
  • Facebook:  follow here
  • Podcast:  follow here

Buckle up – it’s time to hit the road to #secure, reliable, trusted technology!

 

Lauren Lev  
What’s up you guys, I’m Lauren Lev, Marketing Manager for TechOnPurpose and the very entertaining, very witty and very humble host of this vlog series, “Who’s In Your Cloud?” 21 Steps to Secure, Reliable, Trusted Technology. As a reminder, visit WhosInYour.Cloud to sign up for our free cybersecurity risk assessment, because you can’t know where you’re going on your cybersecurity journey unless you know where you’re at. As we round out this 22 episode vlog series, make sure to binge watch all of our episodes on LinkedIn, Facebook, YouTube, and Spotify, and make sure to subscribe and hit that like button down below. Alright, we’ve made it to the final step on the road to secure, reliable, trusted technology and while things like complex passwords, dark web monitoring and backups significantly fortify your business against cyber attacks, cyber risk insurance picks up the slack. Today we’re discussing TOP’s cyber best security practice number 21, cyber risk insurance, for added peace of mind to minimize the cost of breach recovery and help defend your organization from damages and even legal liability associated with a data breach. In today’s episode, our cast will break down the “do’s, don’ts and gotchas” of cyber risk insurance and will share solutions these organizations recommend to make sure your cybersecurity is secure, reliable, trusted and insured. First up, we have Whitney Tabash, Assistant VP at RT Specialty. Whitney, introduce yourself and tell us a little bit more about your background. 

Whitney Tabash  
As Lauren said, I’m Whitney Tabash with RT Specialty, which is the largest wholesale insurance brokerage in the United States. I’ve spent the last 10 years focused on cyber liability insurance, the ins and outs, and I couldn’t be more enthusiastic about the product and how it can help better protect businesses like yours. 

Lauren Lev  
We are always happy to have another girl on the blog, so glad you could help us round out our last episode. We have another new face on the vlog today from ConnectWise, we have director of strategic partnerships, Jeff Zaba. Jeff, tell the audience about you and what you do at ConnectWise.

Jeff Zaba  
Yeah, thank you. Alright, thanks for having me on Matt, and Lauren. So ConnectWise has been around for quite some time, we make a lot of tools and provide a lot of services that ultimately folks like yourself utilize to help deliver cybersecurity, remote monitoring and management. Really everything that a small business would need to function because most of them don’t have IT staff in house. So we empower our partners to deliver that service, then I’ve been the ConnectWise for about eight years and served in multiple roles and recently have taken on sort of the in-house expert I guess. 10 years compared to like six months for me Whitney but cyber insurance. But you know, it’s kind of one of those things that once you get into it, you realize it’s a lot more complex than then you would imagine. And so really, that’s what I’ve been working on for the last few months. 

Lauren Lev  
Well, we’re happy to have you, we’ve had several ConnectWise folks on so it’s always good to have y’all back. 

Matt Tankersley  
Yeah, we’re always plugging this network assessment that we’re asking for, this risk assessment. And it’s important to point out the ConnectWise team is the ones that empower us to have that tool for you guys. So sign up and get your free assessment.

Lauren Lev  
All right, you’ve seen him before. You’ve seen him recently and you’ll love to see him back again, it’s Ivan Paynter, CTO at RCS Secure. Ivan, take it away. You know the drill. 

Ivan Paynter  
Hey, guys. Wonderful to be back. I’m in the red room today. This has been such a wonderful video series. It’s ridiculous. Thanks for having me back again, guys. Yeah, somehow somebody gave me the title of CTO. Can you imagine that? But I still push the broom around. Looking forward to speaking my thoughts as always about cybersecurity, and especially cybersecurity insurance should be a lot of fun.  

Lauren Lev  
Always.

Matt Tankersley  
Were you in the green room before we started recording?

Ivan Paynter  
I can make it green now.

Lauren Lev  
We can change it with Ivan’s level of ridiculousness.

Ivan Paynter  
So right now it’s warning, warning!

Lauren Lev  
Warning, he’s coming! All right, and last but certainly never least, we have Matt Tankersley the TechOnPurpose Founder and CEO. 

Matt Tankersley  
Welcome back, everyone. So glad to see you. It’s been a long journey since episode zero. I always get confused when we talk about our top cyber 21 practices. And we talked about 22 episodes. And that’s why right. So thanks, Lauren, it’s so great to have all of you and then welcome to our audience, can you believe we’ve made it this far along. You know, our team, you know, our company, you know, our brand and our mission, you know, we generally care for those we serve. In fact, the whole origin of this series was our desire and the obvious need to educate our current and prospective clients on how best to protect themselves and their livelihoods through the adoption of highly vetted and recommended best security practices. So it’s highly ironic to me, Lauren, that despite our best efforts, there are still those who shall we say, defer the choice of adopting industry practices, in large part due to the additional cost, but it blows my mind because all the data shows us clearly that the choice to not adapt is exceedingly more costly, and even devastating. And now, more of a question of when that not yet, which we say quite often, right? And it’s not because we want it that way. It’s because that’s the reality of who the bad guys are. So I’m so grateful that many of our clients have at least adopted change now that the insurance industry has tightened. I think rightfully the requirements for insurance coverage of these types of risks. And no doubt you guys can tell the story better than any of our team. But I want to extend this sincere thank you for your wisdom and direction, in guiding our mutual clients to be smarter and more proactive about cybersecurity adoption. So thank you. So we’ve got a diverse group with us today, Lauren, and each of you brings a unique perspective to the discussion as a whole. Let’s set our final episode sights today on the insurance factors of cyber risk. Ivan, so glad to have you back. Why don’t you start us off? Why is the cyber risk insurance topic so important to everyone? And what curious facts can you share to help our audience understand and prioritize this critical cybersecurity best practice? 

Ivan Paynter  
Matt, why’re you picking on me? So I’m the cybersecurity nerd, I have nothing to do with cyber insurance. So let me tell you something. Let me ask you a very simple question. Do you have a car?

Matt Tankersley  
Yes.

Ivan Paynter  
 Do you drive without insurance? 

Matt Tankersley  
No!

Ivan Paynter  
Case closed. At the end of the day, if you’re doing business on the internet, and I’ve said this so many times, right? It’s just a matter of time, it’s no longer if, it’s going to happen, it’s going to be when. Right? So prepare for the inevitable, you guys have always heard me talk about oh, walking in the woods, and with your best friend, all you got is a BB gun, you’re gonna shoot them. I love that insurance rep that you have is that BB gun, right, because you want to be the fastest one on the trail, you don’t want to have to rely upon your own resources. Because when you do get hit, right, there is a massive amount of penalties that can be imposed upon you. There are legislations that are out there, there is GDPR. We can go on, but the compliances at the end of the day, one of the things that I really want to discuss is that not only should you have cybersecurity insurance, but you should be prepared for them too. Don’t just come to an insurance company and say, Hey, I’m here. No, come to them with a good driving record, come to them with the establishment of the fact that I’ve got constant monitoring going on through a security operation center like RCS secure, or the myriad of them that we’ve talked about a year before, or utilizing some quality tools that we’ve seen before that Jeff is going to be speaking about, but come to them prepared, not just willy nilly. And at the end of the day, I’m hoping that Whitney is going to tell us that’s going to bring your rates down too, because that’s that’s part of it. So I was given a choice, when we first started, this was really kind of reasonable. And then they figured it out. And now it’s really kind of expensive. I think I’m not really sure. But at the end of the day, if you come prepared, if you drive a Volvo versus a Maserati, you’re going to get a better rate, right? So you want to have the best protections to make sure that you are looking forward with cybersecurity insurance companies. I think the key there is you’re gonna have another day. And because the alternative is you may not have another day, your livelihood, your business may be gone, and you’re not- and Matt, I was gonna give up the mic, but you just run it up. There’s a lot of companies that have gone out of business that don’t have cybersecurity insurance. So the things that you’re not thinking about the exposures of, of if you have if you have business in California GDPR or, or anything out there at all, you have to pay each individual user that was exposed. Right? Show me the money. At the end of the day cybersecurity insurance companies have figured that out and they’re not necessarily going to write that contract right away. They want to make sure that you are prepared for what you’re doing.

Matt Tankersley  
Well, I know we want to pass the ball here, Lauren, but I like getting Ivan riled up. And I do want to say, you know, it’s hard to have one conversation, right? When you started out with the woods that you kept real simple. You said, if you’re a business owner, I like one of your lines from prior episodes. It’s like if your kids got an Xbox, it’s got a PlayStation, you got a smart crock pot, you got a smart TV. You can’t afford not to be having these conversations. Now mix that in with the fact that you’re working from home. And that’s a game changer. 

Ivan Paynter  
Yeah, everything is an access point. And we have to start thinking differently. So you know, we have cybersecurity insurance is just a matter of fact, it is just like everything else. It wasn’t there before. But guess what? You better have it, otherwise, you may not be in business tomorrow. You’re absolutely right. 

Lauren Lev  
Let’s take it over to our expert here. Whitney, what’s your take? 

Whitney Tabash  
Yeah, bringing up good points, because in addition to what happens with that 250,000, there’s computer forensics. How did that person even get access? Because if they already have access to your system, and can cause another breach that costs money, you could be in the same place in two weeks or six? I think Ivan brought up a lot of good points. Absolutely. You know, up until this point on this blog series, you guys have gone over a ton of best practices. But having best practices all the time doesn’t mean that you’re immune to having a data breach. Carriers are wise to that. And so you are absolutely going to get a better rate like Ivan said. There are a lot of insurance companies that will not quote you if you don’t have all of the best practices that Matt, Ivan and the other contributors have gone over this far in this blog series. But kind of to go back to the basics on cyber liability insurance. It’s both insurance that would respond if you have a claim that’s made against you because of a data breach. And it can be triggered by the breach itself. So you find out you have a data breach, what do you do next? It’s important because there are many ways a data breach can manifest. And there are both organizations and people that are out there targeting your business, and not just your business, but any business that they can get access to. They know that the number one reason that there is a data breach is the human factor. That’s just one person making one mistake, they’re looking for one of your employees, or maybe you accidentally clicked a link, opened a PDF, let someone into the building that you do business at that’s carrying a package or leave your email up when you go to the bathroom. There’s so many ways that they can get in, it’s impossible to cover all of them. In recent years, the top claim drivers are crime related. So there’s a lot of organized crime in the cyber world. And they cause both social engineering claims and ransomware or extortion claims. Those are the top two drivers in financial loss right now. Cyber extortion or ransomware is just when someone takes over your system and demands an amount of money to take it back. And then social engineering is when someone tricked you into sending money somewhere you shouldn’t. You know, think about the Nigerian prince emails we all got in the 90s, that’s kind of the very first social engineering claim that was out there. Unfortunately, they’re ever evolving, they’ve gotten a lot more targeted, a lot more savvy, smarter than I am about how they run these scams. You know, one claim that I worked on recently was for one company that was acquiring another company. During the negotiations, the CFO goes to Turks and Caicos, his wife is really active on Facebook, she posts pictures every day of what they’re doing. During that time, an accounting contact, who regularly makes transfers for the CFO gets an email from the CFO saying, I spoke with our legal team, I spoke with the seller of the company we’re acquiring as part of the next phase of due diligence we need to send $250,000 on. And also to show that in good faith, we want to move forward with this transaction. It referenced the weather that day and even talked about the surf lessons that they had taken as a family that morning, everything was normal, and they sent the money, and it’s gone forever. This is a very typical kind of social engineering claim. And, you know, anyone can fall prey to it, you know, it looks legitimate, even all the preparation that you can do. One person can be tricked. I’m trusting I get it. Another thing to think about is again, you know, back to how we started this conversation. Just what would you do if you had a data breach? Carriers have 24/7 teams there to help you respond. If you got a ransom, do you know what to do next? Should you pay for it? How do you get to a cryptocurrency broker to even get the money into a wallet and pay the criminals as they want to be paid? There are so many things that go into it. Ivan brought up notification costs. Every state has different laws on what you have to do if you have a data breach and that’s determined by where the person that was affected is located. So if you have clients in multiple states, one data breach could involve 50 different state rules as well as federal, you could have days in some cases to respond to this. How would you even know where to start? So that is really a big value that cyber liability insurance has. 

Matt Tankersley  
Yeah, it’s awesome. I mean, look, you guys assume so much of the risk, right, at least on the financial side, and it only makes sense that you would be on the forefront of helping to mitigate that risk. And so I think a lot of us don’t even think about that stuff. We’re just like, hey, if I’m gonna get hit with a $250,000, dumb click, you know, how do I get my $250,000? Or some portion of it back? Reality is, there’s more to it than just the 250. And there’s this reporting to the fact that you guys have that subject matter expertise and knowledge of what needs to be done next besides that, man, I mean, those are things I hadn’t even thought of. Right. So, so glad to have this conversation. Yeah. And you know, we were having compliance conversations over the past couple of weeks as well. And it’s the same thing where, you know, not getting to the insurance point, yeah. But on the front end, we’ve had a compromise, we have regulatory requirements, and solve the gaps in our security stack. So it happens again. And we’ve had evidence that we haven’t solved the gaps in our security stack. And so that was penalties and things are just going up and up and up. And to the degree that you guys in the insurance industry could even be liable for that. Again, I’m, I just have just a big lightbulb for me right now about how invaluable a resource you guys can be and making sure that the response is right, not just what we might think it is. So good stuff.

Lauren Lev  
All right, Jeff, over to you. What’s your take? 

Jeff Zaba  
Yeah, I think I think I’van and Whitney did a great job of simplifying where cyber insurance comes in, and what the role of it is, and why it’s important. There’s, you know, it’s not meant to be a pool of money that you go and you take from in the event that something bad happens. That’s really the worst time to start thinking about cyber insurance. Like Ivan mentioned, being able to walk in and say, Look, I’m healthy, right? I’ve been doing my due diligence, I’ve partnered with TechOnPurpose, and they’ve got me up to snuff, that is tremendously helpful. That is absolutely the backbone of any good incident response plan is making sure that prior to there being an incident, that you understand what the language is that you’re going to use in the event that something happens, right, understanding what tools you have in place. Once you’ve got all that completed, and all of that has been documented and then you go to a cyber insurance company, you can present to them, what looks like your cyber hygiene, right? We talk a lot about cyber hygiene. And that’s a great way to communicate using the same language in low stress times when there’s no data breach, or in high stress times when there is because you’re preparing. So the whole, you know, the whole idea of an ounce of prevention, I guess, is really where it starts. And you know, I’ve done several, several talks to groups like yourselves, and I’ll ask the question, hey, how many of you have a customer say that my cyber insurance renewal is up in three days and if I don’t get this tool in place, I can’t get cyber insurance. Right? It happens frequently. And it’s, you know, what we hear from a lot of our partners is, well, you know, we were talking to them for three years about multifactor authentication. It wasn’t until their cyber insurance policy forced them to do it, that they wanted to do it. And that puts a, you know, stress on the relationship. Right? So I think your webinar series, how you guys have laid that out. All those approaches, it seems like a lot, it feels like a lot. You know, you can do it in chunks. But the important thing is to share a taxonomy, share a language, share a plan, right, all of that has to go through a process. And you know, again, it’s inevitable probably and it’s not meant to scare folks, but I think we would all agree all of us have been around long enough to know that it’s gonna happen to you. And, you know, the regulatory agencies, they typically don’t come in to tell you how good of a job you’re doing. Right? They’re looking for what’s wrong. So, you know, again just, couldn’t agree more with what’s already been said. And I think there’s still a lot of uncertainty that, you know, again, Matt and Lauren, you all are doing a great job of bringing that to the surface and helping show them the way right, show them the path.

Matt Tankersley  
Thanks, man, so many light bulbs. Guys, when we have these conversations, I’ve been I love when you start a guy like, Hey, do you have a car? Do you drive without car insurance? And it’s funny, because if you think about that context, the risks of auto damage or auto accident, health accident, and then the coverage that you have to protect yourself. It’s not like there are bad guys sitting on every corner going, I’m gonna run into your car. Right? Because I mean, it’s really not out there. Unless you play in that game. I don’t know that game. But the other kids play those, drive really fast to rob stuff. But you know, cyber risk is completely the opposite, guys. There are literally people all over the world that are out there waiting to find everything they can about you and extort and take it away from you. And so the fact that we go so easily in auto insurance and we go slowly into the cybersecurity best practices. The more we talk about it, the more we think about it. Okay, so Lauren, I know we’ve talked in general about the topic, right? So you’re gonna pass it around the room, and we want to talk specifically about what each of you guys is doing or recommending, from an adoption perspective. And I think that Whitney and Jeff, you guys are gonna have some I’m continuing to learn here. So make us smarter, make our audience smarter. And you know, I’d be interested, Ivan, when we come back around, I think we’ll close with you, right? You know, when people talk to you about cyber risk insurance today, you clearly know what it is and why it is. What’s the advice that you give them? Be thinking about that when we come back around, where do you tell them to go deal with this. Yeah, so Lauren, who’s next? 

Lauren Lev  
We always do ladies first around here. So Whitney?

Whitney Tabash  
Unfortunately, not all cyber liability policies are created equal. There’s no regulation when it comes to cyber liability insurance. So coverage can be vastly different from one carrier to another. That’s why it’s important that you work with someone who is an expert specialist in cyber liability, so that they can really tailor coverage and make sure that you have all the necessary coverage to best protect your business. Comprehensive cyber liability involves a lot, I’m going to name them off. Bear with me, there are a lot of things that it should include, unfortunately, it doesn’t always. Attorneys fees, if you’re sued because of a breach of computer forensics, how did the breach happen? What data was affected? That’s really important, because, you know, if only a small amount of your data was affected, you don’t need to notify every single person you’ve ever talked to on your computer. There’s only a small amount of people that you have to actually contact. And then how do we prevent future breaches, regulatory fines and penalties, which we’ve gone over extensively credit monitoring for those individuals that have been affected by the breach data restoration, it’s not always possible to restore your system, you know, immediately what can be done, though, to recreate that data if you can’t get it back easily? Business interruption, we all know that if your business goes down because of a data breach, you’re going to lose money, you know, you’re not going to have income coming in. And it doesn’t just have to be a data breach of your system. It could be a system that you’re dependent on. Let’s say you use Outlook or your phone service goes down. What would happen if you couldn’t send an email for three, five days, you’re definitely going to lose income during that period. It will also cover ransomware or extortion threats, financial imbursement if you suffer a monetary loss like those social engineering claims, we talked about. The expense to restore your reputation, you know, think about the Target breach. Everyone has heard of it. We all know what happened. Probably most of us were affected, so we got notification. If you had a breach like that, what would your clients think? If they had crisis management expenses, help you restore trust in your brand for your clients? Notification costs, Ivan went over that really well. You know, each state has different rules and regulations on how you have to notify people. The carrier will give you a vendor that will help you do that and do that pretty quickly. Also, many carriers have taken a risk management first approach so they’re encouraging you to partner with companies like TechOnPurpose, ConnectWise, RC Secure, they want you to have the best practices in place and have those risk assessments beforehand. What can we do to prevent a breach because not all breaches are preventable, but if we can do something to prevent it, we want to go ahead and do that and mitigate any type of losses associated with it.

Matt Tankersley  
Yeah, you know, Whitney, I love all the – you know, it’s insurance premiums- I’m using the wrong word because I’m not an insurance guy, but they’re not created equal. And you just mentioned a few of them, what are the ones that, you know, most people are not, you know, most of your competitors might not be including. So for those who are listening and they’re in the middle of this or about to do this, one of the things that they ought to do, three or four key things that they need to look out for.

Whitney Tabash  
Yeah, the big things that are an add on and have been an add on for a while is cybercrime and what we consider cybercrime, our funds transfer incidents, so like that social engineering, there’s even invoice manipulation. You know, say you use your, like Outlook, and you get an invoice from Outlook that says, you need to pay this amount of money and you pay it, you know, if that would be a breach that occurred on Outlook side, if they had invoicing and manipulation, Outlook could be reimbursed for that cost that you paid. It could also be a social engineering claim. Until communications fraud, someone uses your system to spoof. They’re also like Ivan mentioned, the hardening of the cyber market is incredible right now. And because of that there are limitations on coverage. Something that is really scary to me is that cyber extortion has been limited on a lot of policies. So you might have a $3 million policy limit, but then there’s coinsurance and then there’s also $100,000 sublimate on cyber extortion. So if you get a ransom threat, if you have coinsurance of 20%, you’re gonna have to pay 20% of whatever that loss is, and the carrier is only going to pay a total of $100,000. Those are the kinds of things that I see that are red flags to me right now. But anything goes, you know, if a carrier can limit their coverage and still get a big premium, you know, there are ones out there that do that.

Matt Tankersley  
Little less ethical maybe. I don’t know who all was on the episode, or if you guys heard the episode, but we talked about this recently where we had a client, we treasure them, a great client that does a lot of business with us and they had a great cyber insurance coverage. And at some point, we got a renewal questionnaire started, asking questions about the security best practices that they had adopted. And one of those was remote access security.  Well, we have a fairly significant solution that does a fabulous job of remote access security. On the other hand, you know, we’re seeing more and more people move away from VPN. In this case, these guys had chosen for a few of their users to have a remote VPN access rather than just cloud connectivity, right and security that way. And it turns out, we had multi-factor authentication on all of their stuff, but their VPN didn’t have multi-factor authentication. And the provider literally- so if you guys are listening out in the audience this is important, right? The provider came back and said, Look until such time that you can get MFA in place for your VPN, we’re going to limit your coverage in this particular area. And after you get it restored, by the way, it’s going to be 30 days from demonstrated working multi-factor authentication on your VPN. And so I say that for a lot of different reasons. I just love what you guys are doing well, that we’ve been unsuccessful at doing and getting our clients to adopt these best practices. So I love the partnership that’s forming for those ethical and trusted providers in the marketplace that are really caring for their clients like we do.

Whitney Tabash  
Carriers have done a really good job on their renewal questionnaire saying you have to have this, this and this place because it starts the discussion with people like you, who really know how to get those best practices in place. And it only results in less claims and better use of relief for the insured and clients.

Matt Tankersley  
And more peace of mind, longevity and sleeping at night for business owners. So yeah, that’s what it’s all about, guys. That’s what we’re here for.

Lauren Lev  
Yeah. How does ConnectWise approach it?

Jeff Zaba  
Yeah, sure. So that’s, you know, again, it’s a 24/7 thing. Right? So cybersecurity is 24/7. The one difference again, Matt, I think you called it out, right? When you’ve got car insurance, there’s not somebody on the corner. Although in Florida, we’ve had our issues to be quite honest with folks, manipulating the insurance companies, but there really isn’t someone, you don’t assume that someone’s on the street corner, you know, waiting to damage your car. And that’s just not how it works. At the same time, you know, your car insurance doesn’t just protect you when you’re driving your car, right? Your car insurance protects you. If you’re asleep at night and somebody comes by and they break in and they steal something, it’s the same thing for cyber insurance. You know, so one of the things that we like to do is, again, kind of benchmark or say, here’s the minimum amount of stuff that you guys need to provide, or have provided for yourselves, right? Because most of your customers are not providing the services themselves, they go to you TechOnPurpose, right? So what we’ll kind of coach our partners to do, and folks like TechOnPurpose is, again, establish a common language, look for a few key things that you can start to implement that just raise that wall a little bit higher, make that fence a little bit higher for someone to come in and create a disruption to your business. More specifically, it’s things like EDR, or MDR, right? Those are really simple ones. MFA, making sure you have good backups and that they’re tested. Security awareness training, because again, we know that the user, right, is still typically the weakest link. I mean, that’s just statistics. I’m not calling anybody out here. But you know, those are just a few of the things and then a good incident response plan. So ConnectWise, you know, we provide that for our partners, we try to coach, you know, again, folks like TechOnPurpose, and how to go through a logical progression, because you can’t do it all at once. You can’t just jump right in, it’s got to be a journey, right. It’s not a destination. I know it’s a bit of an overused cliche, but next month there’s gonna be a different threat. And, you know, partnering with good companies that have good experience in those areas, or ConnectWise, for example, we’ve got 160, security operations center analysts that have eyes on all of the TechOnPurpose equipment and their customers equipment, right? To really monitor and make sure that nothing nefarious is going on while I don’t know, right before a major holiday, right? We’re coming up to a 12 month anniversary of a pretty significant supply chain attack. And, you know, so all those things matter. It’s the people who back it up. It’s the process to implement and know what to do. And there is a technology component, and arguably, it’s the technology component that as a customer, I would care about the least. But I want to know what happens if I get breached, who do I call, what’s the process? And I would lean on, you know, again, TechOnPurpose to kind of walk me through that. And, you know, I’ll throw in something else too that I think is important to note for your customers, Matt and Mark. You guys are insured, right? We talked a little bit about that. In our pre call last week, Matt. And it’s the same thing, if you’re bringing a contractor into your house, and they’re not licensed and insured, that’s a red flag, right? So if you’re not sure that you’ve got the right folks in place, ask the businesses that you work with, Hey, are you insured? Doesn’t matter if it’s a contractor that’s working on your house or working in your office or, you know, really a technology service provider. Anybody that has seen sort of the fallout of these things knows that it’s not just one single source, right? It’s not one user, it could be a supply chain, which, again, supply chain is just kind of another way to say a waterfall type of attack. Right. So I think there’s a lot there. You know, we can certainly talk about this for hours and hours, but I think you guys did that in the other 21 episodes. So as long as they paid attention, this should just be wrapping a bow on this.

Matt Tankersley  
Yeah, you’d sure like to think so. We’ve come a long way. I love how validating it is, Lauren, every session we get in when we hear folks talk about the best practices. You know, really again, and let’s turn this over to Ivan, but that’s what we created this thing for. It’s so that the SMBs that are out there that are trying to run their barbecue business and their accounting firm, you know, they don’t need to know IT and don’t want to know IT, but they need to trust their IT. Well, where did they get started in this conversation, besides just constantly hearing that they’re gonna get attacked or they need to do something? Right. Well, and everybody thinks that they have the silver bullet, right? We said that over and over. We all know it’s just not one thing. It’s so many different things. Business owners, talk to us. Let’s get you covered. And we’ll keep you simple. We’ll walk you through it step by step and then we’ll be bringing in folks like Jeff and Whitney and Ivan to help us do it. And so that you’re not having these work stories. So, Ivan, let’s turn it over to you for some final thoughts on the topic of insurance and things that you do. I mentioned earlier, maybe what do you recommend for your partners when it comes to cyber risk insurance, then we’ll give everyone, guys, a final say before we wrap.

Ivan Paynter  
No, there’s so much to touch on here. But there is a silver bullet. It’s just called a power plug, pull it in your car. That’s the only silver bolt you’ll ever see if you unplug it. Look, you know, there were so many great points Whitney and Jeff made. We talked about car insurance, and relation to cyber, I kind of wonder where it would land with the new theft of Tesla’s, where I can steal your key site via cyber and then steal your car. Well, who’s paying for that one? Whitney, I want to talk to you about that one. But beyond, you know, Jeff hit so many valid points. Yeah so, RCS Secure believes in assessments, we believe in constant monitoring. We provide those security operation centers 24/7 365. We have eyes on. I’m 100% with you there, Jeff. But we also use a lot of technology behind it too, right? And you guys have heard me say this so many times, it’s a matter of when it occurs, it’s not if that occurs. There are so many people that believe Oh, nobody’s gonna pay attention to me. Yeah, they don’t care who you are. They want the money at the end of the day, right? So at the end of the day, it’s all a matter of truly being prepared for what the inevitable is, and it’s just a matter of time. And it might be something small. Let me say one thing. So every night I do research just to see what’s going on within the environment, who’s been hacked, and things of that nature. You know, there are so many hacks out there that we don’t even know about them. One of the ones that I’m about to put out a video on are QR codes and clicking on links. Somebody said, Well, don’t- my favorite expression is don’t click on links, or don’t click on that bad word. Just imagine there were 20 million people that clicked on that QR code during the Superbowl. What happens if that was a nefarious code, right? You’d have to have some type of insurance to protect your butt over that. At the end of the day, be prepared, be a boy scout, be ready, go find a good solid cybersecurity organization. Go talk to TechOnPurpose and understand what the procedures are. Have your plan in place. What do I tell my clients? Yeah, let’s talk about it from the start to the finish, what your exposure is where your individuals are. Look, I’m working from home, I’m running three firewalls in my house, and God knows I know, somebody sooner or later, is trying to hack me, they just hack me in the cloud. I see it all the time. At the end of the day, it’s a matter of being prepared, right? Have that assessment, have that continuous monitoring done, have great endpoint protection. The problem is that we all know where it is. It’s between the keyboard and the chair. There’s no question about that. If you all stopped clicking on shit, we wouldn’t have half of the problems that are now. Plain and simple, right? Stop clicking on that damn QR code unless you know where it’s going. If you don’t, don’t do it, utilize a solid good insurance organization. Know what you’re getting into. Whitney’s impressed me so much because she was just like, right over my head. It’s like, okay wow, I believe you. Get your rates lowered by being prepared first, come to them ready to go. You’re not going to get insurance, when you still have your learner’s permit, right, you just don’t do it that way. Get your driver’s license, make sure you know what the hell you’re doing before you hit the road. The same exact thing holds true with cyber, be very careful, very aware of what’s going on. And Jeff said something to me that’s very, very important. And I don’t care how many systems you have, education is massive. Everybody should be a part of this. Understand the person at the front desk, all the way through to the guys pushing them up, and I push them up a lot. All should be involved in cybersecurity, we all should take a part of this, because we all have an extension of the bad things going on. Insurance is not something we can rely upon. It’s there when we need to have it. It’s our responsibility to make sure that we try not to use it when I’m trying to help you out here. But at the end of the day, there’s a high probability that we might. Just be careful, but pick good organizations and be prepared.

Matt Tankersley  
Yeah, love it. Good stuff, Ivan. And let’s get some final words from everybody. I will tell you that, you know, just a million things pop in my head every time we have these conversations. You know, it’s no accident that security awareness training is number one on our best cybersecurity practices. I think the point that I was about to make is that, you know, we question every single one of these best practices that we snapshotted and created and the order that we created them and it’s no irony that cybersecurity risk insurance is number 21 of 21. It can be argued that it should be number one, right? Our approach was let’s get you proactively, let’s do what everybody on this call has just said, let’s make sure you’re ready for that conversation. And that’s why we brought this to the end. So I think it’s a perfect ribbon on top of the secure, reliable, trusted methodology that we’ve developed here. So what a great session guys, I know I’ve enjoyed learning a lot of new things and getting to meet each of you guys. Let’s give Whitney final words, Jeff, any last thoughts for you before you head out?

Jeff Zaba  
I think again, everybody’s really touched on the high points. And, you know, it’s a journey. Again, I’ll say it. I know I said it a minute ago, it is a journey, doing the risk assessments, doing the continuous monitoring. You know, a lot of people want to try to beat the system and show, hey, look, look at all these things that we’ve done, right? We’ve implemented all these things. And then they don’t like multi-factor authentication, because it makes them use your cell phone to log in, and a week later, and you get hit by a ransomware attack or some sort of a breach. Guess what, it doesn’t matter what your security posture is, when you fill out that application, it matters, the 30 days leading up to that breach, sometimes longer. And if you’re in a regulated industry, like healthcare, banking, you know, those are those sets some additional standards on top of it, but at a baseline, you know, you’ve got to be thinking 30 days from now we’re gonna get attacked, that should be your mentality. What can I do to prevent something from happening 30 days from now? And I think that’s a good way to develop a sort of just security culture. Like Ivan said, everybody from the front door person to Ivan back there pushing mops. Right. So it’s actually Ivan and I back there, pushing mops. But, yeah, so just get a head start and it’ll just make the relationship between TechOnPurpose and you guys go so much smoother. And, you know, and just know that you can trust.

Matt Tankersley  
Jeff, thanks so much. We’re grateful for your partnership and glad you joined us today, man. 

Jeff Zaba  
Thanks for having me. 

Matt Tankersley  
Absolutely.

Lauren Lev  
Whitney any final thoughts?

Whitney Tabash  
Well, as my fellow contributors TechOnPurpose and “Who’s In Your Cloud?” has really illustrated, there’s always something new when it comes to cyber liability, cybercrime, and data breach trends, It’s difficult, if not impossible to stay up, what’s going to happen next when it comes to data breaches, what’s going to cause it. That’s why even if you have the best practices, a data breach can still occur. And that’s where cyber liability insurance comes into play. You can for a relatively low cost, get a million dollar limit that can help you manage the risk and mitigate it if there is a data breach.

Matt Tankersley  
Whitney, thank you for your partnership. If I’m not mistaken, you’re the one that’s equipping us with our coverage for going out to our clients and being secure. So thank you for that as well.

Whitney Tabash  
TechOnPurpose has excellent tech I know and cyber in place.

Lauren Lev  
Ivan, any closing thoughts?

Ivan Paynter  
I think the entire video series just hit it, I think the entire panel really hit it, really just have to be careful. Be prepared. Understand that the bad guys are out there. And as they said before, they don’t really care who you are, and they don’t care if you’re a big organization or they don’t care who we are. Because one other thing I do want to touch on that Matt touched on as a final thought, know the other entities too. Know your HVAC contractors, okay? Don’t just ask them, ask them to show you a document that they are secure that they have protections as well. You know, if you look at all the compromises, a lot of them didn’t occur with you. So at the end of the day, I think the bottom line is just be ready, be prepared. You’ve got a lot of great resources here. TechOnPurpose has given you an entire video series of how the hell to do this stuff, pay attention. That’s what it’s about guys. Get it right here, pay attention.

Matt Tankersley  
I love it. I love it. If you were following along from episode zero, you’ll remember we said when we get to the end, guys, and we’re at the end, we’re gonna get Jeff’s boss Jay Ryerse, we’re gonna get Ivan, we’re gonna get Patrick, and we’re gonna do the what was it tequila or whiskey episode where we recap the whole thing. This  was good. Wait for that, that’s gonna be crazy.This was a great episode, guys. I’m so grateful. It gave me new things to think about with our clients, Lauren, and helped them understand the significance. Understand that this isn’t something there alone. You’re not the only business owner out there. Talk to your peers, ask them what they’re doing about cyber preparedness and cyber risk and cyber Insurance and, you know, ask them about TechOnPurpose. Ask them who they’re using, like TechOnPurpose, just do something. Don’t sit back and wait for all of your hard work to disappear in a moment because the bad guys are out there on the corners looking for you and your staff. So Lauren, thanks for all you’ve done to bring a great series together and let’s close this episode out, tell our listeners one more time how do they get a free risk assessment and how do they learn to watch these videos?

Lauren Lev  
All right, so sign up for our free cybersecurity risk assessment at WhosInYour.Cloud. I feel like at this point I should get it tattooed on me somewhere, I’ve said it so many times. And to start a free trial from any of our solution partners throughout the entire series, send an email to . Next week we are doing our finale episode like we talked about, our little fireside happy hour recap. You’ll see Ivan’s beautiful face there, so join us for that. That’s definitely going to be an episode you’re not gonna want to miss. Thanks for hanging out with us today. We will see you next time! 

 

 

Ready for your free cybersecurity survey?

Discover potential vulnerabilities for your business and get a copy of our #TOPcyber21 Best Security Practices to help get you started on the road to #secure, reliable, trusted technology! Subscribe to our blog to get episodes of “Who’s In Your Cloud?” delivered direct to your inbox weekly.

Claim Your Free Cybersecurity Sruvey