Did you know that 54% of networks analyzed lacked Multi-Factor Authentication (MFA) configuration for Microsoft 365?
That’s an obvious security risk, right? But did you know that there's another lurking danger? The potential inability to secure a claim from cyber insurance.
For your MSP, a security breach could mean not only financial loss but also a significant blow to reputation and client trust. M365, being a widely used platform, is a frequent target, making MFA configuration non-negotiable.
Your clients see cyber insurance as a solution to their security needs. But they don’t realize the catch. Failing to implement recommended security measures like MFA can result in denied claims, and even the potential for lawsuits labeling your client as a fraud!
Yes, that’s right. This has already happened. Travelers Property Casualty Company of America’s not only denied a claim by International Control Services Inc. (ICS), but they took them to court. They sued stating that ICS claimed to have MFA in place but didn’t. This was not an intentional error by ICS, but an oversight on some of their machines. The point, however, was clear: the insurance company saw the lack of MFA as a major problem.
Cyber insurance companies assess the security posture of a company when underwriting a policy and dealing with claims. A lack of MFA, given its significance, can be perceived as negligence, jeopardizing your ability to secure a payout in the event of a security incident.
But how can you get through to them the importance of MFA and make sure they are complying with this insurance requirement?
You could Educate and Train Staff. Ensure that all users understand the importance of MFA and are trained in how to use it effectively.
You could also Apply MFA Across All Users. Avoid selective implementation. Apply MFA to all user accounts, including administrators, to ensure comprehensive protection.
But in order to show the insurance provider that your client is adhering to their MFA requirement, you really need to provide them with evidence. Conduct Periodic Security Audits: Regularly audit the security posture of the network to identify and address vulnerabilities promptly.
MFA in M365 is not just a matter of enhancing security; it’s about safeguarding the future of MSPs. With 54% of networks lacking MFA for M365, there’s a pressing need for immediate action, action that goes beyond protecting sensitive data and maintaining client trust. MFA is pivotal in ensuring that MSPs can rely on their cyber insurance when needed. The digital landscape is fraught with challenges, but with vigilance, foresight, and robust security measures like MFA, MSPs can navigate it successfully and secure their networks and reputation.
The ICS lawsuit has set a precedent, and your client relies on you to make sure they are secure.
