FOR RELEASE ON RECEIPT

June 21, 2022

APCIA Offers Cybersecurity and Data Security Best

Practices for Businesses

CHICAGO – With ransomware attacks increasing in both frequency and severity, APCIA and its
Cyber Insurance Subcommittee have developed a paper that outlines cybersecurity and data
security best practices for businesses.

“Prevention is a business’ best defense against a ransomware attack and this paper provides a
range of data security hygiene steps that businesses and individuals can take to improve their cyber
defenses,” said Gary Sullivan, APCIA’s senior director, emerging risks. “It is important for businesses
to think through preventative measures and security safeguards that make it difficult for cyber
criminals to gain network access.” To aid in that process, APCIA’s paper provides a series of best
practices businesses may consider implementing and links to several authoritative resources such
as the National Institute of Standards and Technology (“NIST”), the Cybersecurity Infrastructure
Security Agency (“CISA”), and the Federal Bureau of Investigation (“FBI”) which offer detailed
recommendations to help shore up cyber protections.”

Among the cybersecurity best practices referenced in the paper include key steps such as using
multi-factor authentication (MFA) which requires at least two authentication events to protect
against unauthorized access to non-public information or information systems.

Maintaining back-ups of all essential information off-site or on the cloud to isolate and store vital
information separate from the from the network.

Password protection policies that include mandating the use of strong passwords and prohibiting
the reuse of a password across multiple accounts.

Having a patch management program in place that at a minimum includes testing, validation
processes, and deployment practices.

Periodic testing of the information security program and protocols as appropriate.

05/22/2024 Page 1 of 2
Training employees on the importance of MFA and on spotting suspicious links

Detection tools that allow a business to detect system changes and deletions.

Network segmentation which encourages businesses to review their infrastructure layout to

ensure there is segmentation and segregation of data to make it more difficult for an intruder to
gain access to sensitive data.

The American Property Casualty Insurance Association (APCIA) is the primary national trade association for
home, auto, and business insurers. APCIA promotes and protects the viability of private competition for the
benefit of consumers and insurers, with a legacy dating back 150 years. APCIA members represent all sizes,
structures, and regions—protecting families, communities, and businesses in the U.S. and across the globe.
###

Related Information

CyberDataSecurityBestPractices (002).pdf

Copyright Notice | Legal Disclaimer

Contact

Jeffrey Brewer
Department Vice President, Public Affairs

847-553-3763
jeffrey.brewer@apci.org

555 12th Street, NW, Suite 550 8700 West Bryn Mawr, Suite 1200S
Washington, D.C. 20004-1200 Chicago, IL 60631-3512

202-828-7100 847-297-7800

Copyright © 2024 by American Property Casualty Insurance Association

05/22/2024 Page 2 of 2