Kevin M. Fox, CIC, is Managing Partner at Capstone Group

The FBI’s annual crime report indicates that cyber security continues to present itself as a business’s top priority, as reports about cyber attacks, data breaches, and other virtual threats are steadily increasing. Complaints about internet crimes were up 7% from 2020 and 81% from 2019.

In 2021, people lost more than $6.9 billion from internet crimes, a whopping $2 billion increase from 2020 losses. This makes it essential for your business to enact controls and procedures that protect your assets against cyber risks.

Our team at the Capstone Group has put together a few guidelines to consider implementing:


IT terminology can be confusing, especially for those of us outside of the tech industry. Suppose your organization does not have access to in-house IT or cyber security specialists. In that case, it may be necessary to engage a knowledgeable third-party IT provider (contact us for recommendations!) that can help you and your employees implement the following controls to protect your business:

  • Requiring the use of multi-factor authentication (MFA) protection on all remote access to your network, email server, cloud services, data backup solutions, and all administrator accounts
  • Robust backup solution that is either disconnected (“air-gapped”) from your network or segregated from your network with MFA
  • Securing equipment and systems when they’re away from them (even for a moment)
  • Monitoring who accesses equipment and systems
  • Utilizing next-generation antivirus and malware software, including automated Endpoint Detection & Response functionality on all endpoints, monitored 24/7/365
  • Email filtering solution that pre-screens emails for potentially malicious attachments and links. If using Office 365, it’s recommended to enable the Microsoft Advanced Threat Protection add-on.


Even a list of comprehensive safeguards won’t protect your business if your employees don’t understand how to follow your guidelines and the importance of adhering to your controls.

Confirm that employees receive periodic training about the procedures they should follow to protect against cyber risks. They also need to know what steps to take if they encounter a cyber threat.


Despite your best efforts to protect your business, a cyber attack can succeed. It’s essential to mitigate this risk by purchasing an insurance policy that will cover the costs of a cyber attack or data breach.

This type of policy is known as a cyber liability & data breach insurance policy, and it will help you cover the costs associated with a virtual attack, including:

  • The cost of a forensic investigation
  • Income loss while you handle the breach
  • Expenses related to notifying customers about the breach
  • Equipment expenses
  • Legal expenses
  • Regulatory fines
  • Crisis management expenses
  • Cyber extortion expenses
  • Betterment costs

Without cyber liability insurance, a cyber attack can be financially devasting for your business. Having a policy with ample limits for your business’s needs will ensure that you can keep your company running.


The cyber insurance marketplace is evolving rapidly. Many of the controls mentioned above used to be considered “best practices” for business. Today, they are necessities and even prerequisites to qualify for cyber insurance. If you aren’t sure what steps your business should take to bolster its protection against cyber risks, seek outside guidance to identify areas your organization can do better.

At Capstone Group, we help organizations prepare for a cyber attack by confirming that they have the proper controls and liability insurance policies. We’ll work with your business to explore solutions that fit your company’s needs while better managing your risk levels.

Learn more about how Capstone Group can help you protect your company against cyber risks:

Kevin Fox – Managing Partner

Greg Chaples – VP, Property & Casualty

Kevin M. Fox

Sponsor Capstone

Subscribe to Our Newsletter

Enter your email below to sign up for our monthly newsletter.

  • This field is for validation purposes and should be left unchanged.

How Can We Help?


Blog Categories