5 High-Impact Cybersecurity Practices for Tech Companies

While the threat of ransomware persists for all industries, rich data and downstream customers makes the tech sector a particularly attractive target for cybercriminals. The never-ending stream of alarming headlines, innovative threat actors, and tales of third-party risk can be overwhelming enough to stump even the savviest business leaders. When it comes time to make the call — where to really invest on security measures — how do you know what will best protect not only your IT systems, but also your customers’?

At Corvus, our Risk + Response experts work with policyholders and cybersecurity partners to implement measures that mitigate risk for their organizations, including Smart Tech E&O policyholders. 

Based on their experience working with technology and professional services firms, we’ve highlighted some go-to solutions for covering your security bases: 

What Are the Five Go-to Solutions for Covering Your Security Bases?

#1: Endpoint Detection and Response 

While antivirus software can battle the low-hanging fruit, Endpoint Detection and Response (EDR) functions as higher-level protection against advanced and emerging threats. EDR combines real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities. When it catches suspicious activity, it can isolate the impacted system from the rest of the network until security personnel can investigate. 

But what truly sets EDR apart from the basic antivirus technology already installed on your computer? Its “flight recorder” capabilities, which track activity on the system before and after an alert to clearly identify what malicious activity occurred. For a post-incident forensics investigation, this is like finding the murder weapon at the scene of the crime. 

When it comes to protecting your organization as a whole with one security control, EDR is (almost) as holistic as it gets.  

Level up: Extended detection and response (XDR) takes it even a step further. XDR integrates security across the environments endpoints, cloud resources, email, and other solutions and is designed to provide integrated visibility and threat management within a single solution.

#2 Third-party Risk Management 

Working with third-parties is in the nature of doing business in the digital age. Because of this, cyberattacks often have far-reaching consequences. Take for example the recent vendor breach at AT&T. While it was their marketing partner that was hacked, it was AT&T’s data — and therefore AT&T’s brand name — that hit the headlines. 

Your organization will fare best if you prioritize working with vendors that take security seriously. The challenge is determining who you can entrust with your customers’ data. Before ever signing a contract, you need to understand the risk a vendor poses to your organization. By requesting access to their policies and procedures, business continuity planning reports, and SOC reports, you’ll get a clearer picture of their risk profile.

Level up: The work isn’t over once you’ve grouped vendors by risk-profile and officially signed contracts. It’s an ongoing process. As time passes, you should revisit contracts and add amendments when privacy laws change — and they will — so you aren’t caught by surprise if a data breach occurs. 

#3 Multi-factor Authentication 

A high impact and relatively low effort security control? Count us in. Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more credentials in order to gain access to an account. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a threat actor taking over an account.

We recommend that organizations implement MFA for email access, remote access, and administrative access, as these are the most common routes cybercriminals take to infiltrate your systems and steal your data. If threat actors obtain user credentials, MFA serves as your baseline protection. Without MFA, the odds aren’t in your favor: Microsoft reports more than 1,000 password attacks per second, and of the successful compromises, 99.9% didn’t have multi-factor authentication enabled. 

Level up: As more organizations take recommendations from security experts in stride, MFA becomes even more commonplace. In response, threat actors accelerated their efforts to bypass this first line of defense. To go above and beyond, we recommend phishing-resistant MFA (like FIDO2 solutions) and up-to-date user education on social engineering attacks. 

#4 Backup and Recovery 

During a ransomware event, recovery can be complex, expensive, and time-consuming. Malicious actors will actively seek out your backups in an attempt to delete them, increasing their leverage for a fruitful ransom payout. Without a robust backup solution — which includes protective controls, offsite backups, and ongoing testing — that hefty ransom payment may feel like the only option to resume business operations as normal.

You’re only as good as your backups! To avoid that worst-case scenario, confirm the following: Does your organization’s backup strategy include all of your critical systems? Are your local backups secured? Do you have offsite backups? How quickly can you restore all of those systems? Preparation here can mean a world of difference if the worst-case scenario happens at your organization. 

Level up: Follow the 3-2-1-1-0 backup strategy: 3 copies of data (your original production data, on-site backups, and offsite backups), 2 different media types (store your data in the cloud and on physical disks), 2 offsite backups, 1 immutable copy, and 0 errors after running through a recovery procedure. 

#5 Insurance Coverage! 

Insurance is a crucial ingredient for protecting your organization and transferring risk. We admit that we may be a little bit biased here, but our opinion is informed, promise! Beyond the obvious financial safety offered by insurance, you’ll find yourself with a partner mutually interested in your organization’s security. Through digital tools, expert guidance, and up-to-date threat intelligence, your insurer works as an ongoing source for risk mitigation. 

Tech companies continue to face data breaches and significant downstream risk. A Tech E&O policy that includes fully-fledged cyber liability (first and third-party) coverage offers access to a wealth of cybersecurity resources and risk transfer to help forward-thinking organizations combat even the most innovative threat actors.