Podcast

Risk in Context Podcast: Better Cyber Hygiene Through Security Controls

In this episode of Marsh’s Risk in Context podcast, Marsh’s Rachel Lavender is joined by MOXFIVE’s Jeff Chan and CrowdStrike Services’ Shelly Geisbrecht for a look at the cybersecurity controls companies can adopt and implement to improve their cyber hygiene.

Man installing software in laptop in dark at night. Hacker loading illegal program or guy downloading files. Cyber security, piracy or virus concept.

With cyberattacks growing in size and complexity — and underwriters more closely scrutinizing their cyber risk exposures — it’s vital that businesses invest in robust cybersecurity controls.

In this episode of Marsh’s Risk in Context podcast, Marsh’s Rachel Lavender is joined by MOXFIVE’s Jeff Chan and CrowdStrike Services’ Shelly Giesbrecht for a look at the cybersecurity controls companies can adopt and implement to improve their cyber hygiene.

Google Podcast Apple Podcast Spotify Podcast

Key takeaways

Three cyber hygiene controls are increasingly tied to insurability and resiliency: endpoint detection and response, multifactor authentication, and backups.

Endpoint detection and response (EDR) can provide crucial visibility across all systems in a corporate technology environment.

It helps prevent bad actors from gaining a foothold in IT systems. EDR is often not difficult to implement, and can be rolled out within a matter of days.

Secured, encrypted, and tested backups are essential to recovery after an attack, and threat actors are increasingly targeting such backups for deletion.

Companies can mitigate this risk by following the 3-2-1 backup rule: three copies of data, two different media types, and one offsite copy.

Multifactor authentication (MFA) can provide an extra layer of protection when employees and other users are using critical applications or accessing networks remotely.

But MFA can be difficult to implement, depending on how many users an organization has, where they are located geographically, and how tech savvy they are.

About our speakers

Image placeholder

Rachel Lavender

Southeast Zone Cyber Practice Leader

  • United States

Rachel Lavender is Marsh’s Southeast Zone Cyber Practice Leader and a senior advisor for large US commercial clients across the country. She helps clients with risk identification and complex risk transfer for professional liability and cyber risks. Her clients include organizations across several industries, including communications and technology, financial services, manufacturing, and federal government contracting.

Image placeholder

Jeffrey Chan

Senior Director, MOXFIVE

  • United States

Jeff Chan is Senior Director, Technical Advisory Services, at MOXFIVE. He has helped build incident response teams and has led a large number of digital forensics and incident response investigations. As a technical advisor, Jeff has assisted MOXFIVE clients in managing incidents and recovering their networks from cybersecurity attacks.

Image placeholder

Shelly Giesbrecht

Incident Response, CrowdStrike

  • United States

Shelly Giesbrecht is a manager for CrowdStrike Services and its practice lead for Canada. She focuses on assisting customers in both reactive (incident response) and proactive (strategic advisory) services, combining her experience with current security tools with in-depth knowledge of security industry best practices and methodologies to assess, develop, and implement strong security programs on an enterprise level.