While MFA has long been a recommendation by agencies for cyber insurance, many organizations are finding out – either by trying to purchase new policies or renewing existing ones – MFA is now required for coverage. Many contact centers and their customers are finding this out the hard way.
BPOs are constantly required to navigate an ever-changing landscape of compliance requirements. We often talk about the complexities of meeting and maintaining PCI DSS compliance, but BPOs are being held to far more than just PCI standards now.
When large organizations that hire BPOs have new security requirements mandated by their insurers, the BPOs are now expected to match them. An inability to meet those insurance requirements can seriously hurt their bottom line.
MFA On Every Endpoint
Cyber liability insurance, also commonly referred to as just cyber insurance, covers an organization's liability in the event of a data breach or other cyber incident. Cybersecurity insurance is intended to cover the fallout from a data breach, hack, or cyber-attack. Most policies include coverage for costs associated with forensic investigations, cybersecurity consultants, losses due to theft of funds, ransomware payments, costs associated with reputational damages, and the subsequent legal fees which follow a breach.
Because BPOs have access to their customers’ networks, they are being held to the same standards as their customers: they are required to have multi-factor authentication on every endpoint for cybersecurity insurance. This can present significant hurdles for BPO contact centers that do not have a pre-existing MFA solution in place, which can result in loss of business and damage to their reputation.
An unfortunate consequence of these new requirements is BPOs losing prospective clients because they are unable to afford the level of liability insurance required to close larger deals. These policies often exceed tens of millions of dollars. To sign that kind of deal, organizations need to be confident in their security posture.
Meeting Insurance Standards
What requirements need to be met to qualify for cybersecurity insurance? Besides the critical requirement to implement MFA across the organization, below is a checklist of additional measures organizations should take to ensure requirements for cyber security coverage are met. Meeting these standards may also allow organizations to see a reduction in premium costs. According to most cyber insurance requirements, organizations should:
- Raise cybersecurity awareness through continuing re-education and regular training
- Effectively manage third parties and suppliers through regular security audits
- Encrypt your data everywhere
- Keep all your software and firmware updated
- Develop, test, and document your incident response plan
- Undergo regular penetration testing
Optimizing Contact Centers
Twosense Passive MFA checks the box for multi-factor authentication on every endpoint and automates the agent out of the process, drastically increasing agents efficiency. If your organization may be on the hook for liability insurance, it's better to go above and beyond something that checks that MFA box.
Twosense Continuous MFA provides all the same benefits provided by Passive MFA, but continuous monitoring provides extra security and enables BPOs to stop breaches within a minute!
Both Twosense products are designed specifically for BPOs. Phishing-resistant behavioral biometric MFA helps organizations not only achieve PCI DSS compliance but qualifies for cybersecurity insurance coverage and may even make your organization eligible for a policy discount. Deployment is as simple as installing the Windows agent and optional Browser Extension. There is no enrollment or additional training necessary, enabling IT teams to easily deploy always-on phishing-resistant MFA on every endpoint for every user.
To learn more about these products or to schedule your custom demo, click here.