A PRACTICAL CYBERSECURITY PROGRAM – ADMINISTRATIVE CONTROLS

Perhaps the least appreciated part of a cybersecurity program is the use of administrative controls. These safeguards are more “process-oriented” than the more tangible controls that we’ve discussed in previous posts like physical and technical protections. As a result, administrative controls are often put on the backburner. But they are fundamentally important and, in fact,…

A PRACTICAL CYBERSECURITY PROGRAM – TECHNICAL CONTROLS

Technical controls are what most people think of when the word “cybersecurity” comes to mind: encryption, multi-factor authentication, anti-virus software and other slick tools to protect information. While sound cybersecurity extends well beyond these kinds of safeguards, having strong technology inplay to protect data is important. What most small insurance businesses fail to realize is…

A Practical Cybersecurity Program – Physical Controls

  As an independent insurance business, you’re on the hook to implement a cybersecurity program. Unfortunately, the laws and regulations in place don’t provide much guidance on the actual, real-life controls that are required as part of said cybersecurity program.   A cybersecurity program is made up of three types of controls: physical, technical and…