New APCIA Paper Outlines Cyber and Data Security Best Practices
June 23, 2022
The American Property Casualty Insurance Association (APCIA) and its Cyber Insurance Subcommittee have developed a paper outlining cyber-security and data-security best practices for businesses.
Among the cyber security best practices highlighted in the paper, "Cybersecurity and Data Security Best Practices," are steps such as multi-factor authentication (MFA), which requires at least two authentication events to protect against unauthorized access to nonpublic information or information systems.
The paper suggests several other best practices as well.
- Maintaining back-ups of all essential information off-site or on the cloud to isolate and store vital information separate from the network
- Password protection policies that include mandating the use of strong passwords and prohibiting the reuse of a password across multiple accounts
- Having a patch management program in place that, at a minimum, includes testing, validation processes, and deployment practices
- Periodic testing of the information security program and protocols as appropriate
- Training employees on the importance of MFA and on spotting suspicious links
- Detection tools that allow a business to detect system changes and deletions
- Network segmentation that encourages businesses to review their infrastructure layout to ensure there is segmentation and segregation of data to make it more difficult for an intruder to gain access to sensitive data
"Prevention is a business' best defense against a ransomware attack, and this paper provides a range of data security hygiene steps that businesses and individuals can take to improve their cyber defenses," Gary Sullivan, the APCIA's senior director, emerging risks, said in a statement. "It is important for businesses to think through preventative measures and security safeguards that make it difficult for cyber criminals to gain network access."
The APCIA paper also includes links to authoritative resources such as the National Institute of Standards and Technology (NIST), the Cybersecurity Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI), which offer detailed recommendations to help bolster cyber protections.
June 23, 2022