• Ben Dampney

MFA is now a cyber insurance requirement

Protecting sensitive data with multi-factor authentication (MFA) has become a requirement for various cyber insurance policies, signalling that identity and password-related vulnerabilities are a top security threat.


Typically, when applying for cyber insurance, businesses need to provide information about various aspects of their IT security including MFA protection in these key areas:


  • Email access: Emails usually contain quite sensitive information, turning it into one of the most used communication methods.

  • Remote Access/VPNs: Remote access to the network is how most hacks get started. A company without MFA for remote access has five times more risk of being hacked.

  • Login credentials to servers, firewalls, and other critical devices: Password-only access to a firewall or VPN server, for example, would allow an attacker to change the VPN configuration to accept password-only credentials. Servers are more than ever accessed remotely, by admins and MSPs. The solution implemented must enforce MFA in order to login, no matter where the user comes from.


Ensure that your business qualifies for coverage


Underwriters may refuse to cover businesses that don’t use multi-factor authentication or specific categories of endpoint protection products.


Cyber Security Checklist


The following questions provide a good starting point for internal conversations about your security posture.


Digit IT also provides comprehensive IT Security Audits to determine the current state of your IT security and receive recommendations on how to rectify critical vulnerabilities.

  • Are you educating your staff about cybersecurity best practices?

  • Have you identified key vulnerabilities your business is exposed to?

  • Do you have internal IT staff or service providers managing security?

  • Are you performing security tests?

  • Do all computers have antivirus software?

  • Are you scheduling system backups regularly?

  • Are you documenting known issues or risks?

  • Is MFA required to ensure secure email access?

  • Is MFA required for all remote access to your company network? Are you protecting internal and remote access to network infrastructure components (routers, firewalls)?

  • Are you protecting internal and remote access to your company’s endpoints and servers?


Get a Quote


Digit IT can tailor a Managed IT Security Plan for your business, based on your risk assessment, budget and compliance requirements.


Please contact us on 07 4637 9033 to schedule an IT Security Audit to commence this process.


10 views0 comments