Cyber Security and Ransom insurance for non-profit

djinnovationzmills · 2023-03-03T18:55:52.000Z

Hi all,

I am seeking suggestions for cyber security and ransom insurance for a non-profit. What do you all use and would suggest? What offerings should I be looking out for?

Rod-IT · 2023-03-03T19:02:33.000Z

Size of the company?

Location of the company?

Are you looking to protect on-prem, cloud, both?

What type of devices do your users use?

djinnovationzmills · 2023-03-03T19:58:15.000Z

Will be 20 users in-house

Arkansas

Both

Will be windows pcs and personal cell phones

Rod-IT · 2023-03-03T20:06:28.000Z

Hopefully someone in the area can recommend someone.

I’m not sure the business should cover peoples personal devices, business ones, sure.

stefan-pulseway · 2023-03-06T10:32:16.000Z

Hey OP,

Stefan from Pulseway here, I think we may be able to help.

We offer both Cybersecurity and Ransomware detection via out RMM platform, we also have a really handy mobile app which is super useful for network monitoring on the go. We have also worked with several non-profits too with similar needs and users.

Check us out and if you think we might be a good fit you can always start a free trial before you commit to anything.

If you have any questions please let me know.

Thanks.

spiceuser-6x803 · 2023-03-06T12:45:57.000Z

Most insurers are no longer offering ransomware insurance. Cyberliability, yes, but in most ransomware is explicitly excluded for several reasons…1) in many cases paying the ransom is illegal as the payment would go to malicious actors in a sanctioned state; 2) many insurers now believe that the purchase of insurance is a disincentive to good cybersecurity hygiene…i.e., if you have insurance, you don’t need to invest in “defense-in-depth”; and 3) for insurers that do provide ransomware coverage, the cyber defense that they mandate before coverage can be provided would require a sky-high investment. Remember, insurers are in the business of making money. They can’t make money if there are tons of claims against them, so they do everything they can to prevent those claims from ever being filed.

My advice would be to take the funding that you would have spent on ransomware insurance and procure a small cyberliability policy (say $5 mil for business interruption coverage, etc.) and then spend the remainder on good endpoint detection, network intrusion detection and prevention, good firewalls, and possibly Bullwall’s RansomCare product for file servers ( https://bullwall.com ).

james-knowbe4 · 2023-03-06T16:11:21.000Z

Considering that >80% of data breaches are a result of human behavior, make sure training and security awareness is part of your cybersecurity program as well. I’d be remiss to say that you should check out KnowBe4, but make sure you are growing the security behaviors and mindset of your organization so folks are thinking beyond just checking links.

With email, they want to ask themselves if the email unexpected? is the person a stranger and are they asking you do something strange, unusual or very quickly? Answering YES should trigger a “Trust AND Verify” process.