APCIA Offers Cybersecurity and Data Security Best Practices for Businesses

Source: APCIA | Published on June 21, 2022

Cyberattacks pose risk to creditworthiness

With ransomware attacks increasing in both frequency and severity, APCIA and its Cyber Insurance Subcommittee have developed a paper that outlines cybersecurity and data security best practices for businesses.

“Prevention is a business’ best defense against a ransomware attack and this paper provides a range of data security hygiene steps that businesses and individuals can take to improve their cyber defenses,” said Gary Sullivan, APCIA’s senior director, emerging risks. “It is important for businesses to think through preventative measures and security safeguards that make it difficult for cyber criminals to gain network access.” To aid in that process, APCIA’s paper provides a series of best practices businesses may consider implementing and links to several authoritative resources such as the National Institute of Standards and Technology (“NIST”), the Cybersecurity Infrastructure Security Agency (“CISA”), and the Federal Bureau of Investigation (“FBI”) which offer detailed recommendations to help shore up cyber protections.”

Among the cybersecurity best practices referenced in the paper include key steps such as using multi-factor authentication (MFA) which requires at least two authentication events to protect against unauthorized access to non-public information or information systems.

  • Maintaining back-ups of all essential information off-site or on the cloud to isolate and store vital information separate from the from the network.
  • Password protection policies that include mandating the use of strong passwords and prohibiting the reuse of a password across multiple accounts.
  • Having a patch management program in place that at a minimum includes testing, validation processes, and deployment practices.
  • Periodic testing of the information security program and protocols as appropriate.
  • Training employees on the importance of MFA and on spotting suspicious links
  • Detection tools that allow a business to detect system changes and deletions.
  • Network segmentation which encourages businesses to review their infrastructure layout to ensure there is segmentation and segregation of data to make it more difficult for an intruder to gain access to sensitive data.

Download CyberDataSecurityBestPractices (002).pdf