Prior to considering a Cyber Insurance, for SME owners
September 12, 2017 BY iTGRC Asia, and with courtesy of IT Governance UK

When your business or operation comes to a complete halt due to cyber-attack or information security breaches, it may cost a bomb to your business, regardless of scale, size and your geographical presence. You may not be part of the national information infrastructure (we call it - vertical), but you may not know your business may be running in the horizontal supply-chain (demand and supply) that support the day to day operation, needs and etc. of the larger eco-systems on this planet.
For SMEs who wish to look at Cyber Insurance, learn about the possible events that may take a toll on your business NOT if they happen BUT when it happens.
Regardless of size, eventually the area you want to look into prior to considering a Cyber Insurance, give your business some due diligence by learning more about the potential catastrophic events. It’s not too hard to understand them in the context of your business by talking to your information security consultant or information security advisory firm, who can help you profile your business in term of cyber security risk, and determine your risk appetite. Some areas to start with;
-
Secure configuration of your computer or mobile devices
-
Boundary firewalls and Internet gateways if you run a small network within your business environment
-
Access controls and administrative privilege management of your Critical Application/ERP systems that handle or process your critical data, or interfaces (when systems exchange highly sensitive data between your in-house systems and third party/external browser-based applications)
-
Patch management of your server/desktop/laptop/BYD or mobile devices
-
Phishing and Malware protection through emails or social engineering
-
Password management for all Systems, Critical systems and interfaces (when systems talks to each other’s) Access controls on Cloud-based shared services/cloud supplier contract/agreement,
-
Third party (your outsourced partner or vendor) risk.
-
Besides the above, you can refer to the following articles (originally by IT Governance UK, dated August 2017) on the Cyber Hygiene to learn more about what you can prepare for your organization or company, in view of the upcoming Cyber Security bill about your Responsibility to Comply, different from earlier Law that aims to deter Cyber-crime.