Multi-Factor Authentication Attestation

General Information

What is the name of the company making this attestation? **

What is the name of the company making this attestation? *

What is your first name? **

What is your first name? *

What is your last name? **

What is your last name? *

What is your phone number? **

What is your phone number? *

What is your email? **

What is your email? *

What is the company's registered address? **

What is the company's registered address? *

Street Address Address Line 2 City State ZIP Code

What is the company's website address? (Enter all applicable website addresses.)

Multi-Factor Authentication Attestation

Are the company's employees able to access their work email through the internet? **

Are the company's employees able to access their work email through the internet? *

Yes
No

Are all employees required to use multi-factor authentication when accessing their email through a website or cloud based service? **

Are all employees required to use multi-factor authentication when accessing their email through a website or cloud based service? *

Yes
No

Are all employees, contractors, and third party service providers required to use multi-factor authentication when remotely accessing the company's network? **

Are all employees, contractors, and 3rd party service providers required to use multi-factor authentication when remotely accessing the company's network? *

Yes
No

In addition to remote access controls, are employees and 3rd party service providers required to use multi-factor authentication for all internal & remote admin access to directory services (active directory, LDAP, etc.). **

In addition to remote access controls, are employees and 3rd party service providers required to use multi-factor authentication for all internal & remote admin access to directory services (active directory, LDAP, etc.). *

Yes
No

In addition to remote access controls, are employees and 3rd party service providers required to use multi-factor authentication for all internal & remote admin access to network backup environments. **

In addition to remote access controls, are employees and 3rd party service providers required to use multi-factor authentication for all internal & remote admin access to network backup environments. *

Yes
No

In addition to remote access controls, are employees and 3rd party service providers required to use multi-factor authentication for all internal & remote admin access to network infrastructure (firewalls, routers, switches, etc.) **

In addition to remote access controls, are employees and 3rd party service providers required to use multi-factor authentication for all internal & remote admin access to network infrastructure (firewalls, routers, switches, etc.) *

Yes
No

In addition to remote access controls, are employees and 3rd party service providers required to use multi-factor authentication for all internal & remote admin access to the organization's endpoints/servers **

In addition to remote access controls, are employees and 3rd party service providers required to use multi-factor authentication for all internal & remote admin access to the organization's endpoints/servers *

Yes
No

Has the person signing this form done so with the assistance of the person in charge of IT security? **

Has the person signing this form done so with the assistance of the person in charge of IT security? *

Yes
No

Signatures

The undersigned executive officer represents that to the best of his or her knowledge and belief, and after reasonable inquiry, the statements provided in response to this application are true and complete, and, except in North Carolina may be relied upon as the basis for providing insurance. The applicant will notify the insurance company of any material changes to the information provided.

What is the name of the Executive Officer signing this form? **

What is the name of the Executive Officer signing this form? *

Electronic Signature and Acceptance - Executive Officer*

Electronically sign this form by checking the Electronic Signature and Acceptance box. By doing so, the Applicant agrees that use of a key, mouse, or other device to check the Electronic Signature and Acceptance box constitutes acceptance and agreement as if signed in writing and has the same force and effect as a signature affixed by hand.

Executive Officer is defined as the applicants's chief executive officer, chief financial officer, chief information security officer, risk manager, in-house general counsel, or the functional equivalent.

Electronic Signature and Acceptance - Executive Officer

What is the Executive Officer's title? **

What is the Executive Officer's title? *

The Executive Officer can sign in the box below. **

The Executive Officer can sign in the box below. *

Please enter the date this form was signed. **

Please enter the date this form was signed. *

Producer Information

What is the name of the producer?

What is the name of the agency where the producer is employed?

What is the producer's state license number?

What is the producer's phone number?

What is the producer's email address?

Multi-Factor Authentication

Multi-factor authentication refers to the use of two or more means of identification and access control-sometimes referred to as "something you know, something you have, or something you are." A username and password, for example, is something you know. Requiring a code sent via text message (SMS) establishes "something you have," i.e., a mobile phone belonging to you. Biometric authentication, through a fingerprint or retina scan, establishes "something you are." Multi-factor authentication is successfully enabled when at least two of these categories of identification are required in order to successfully verify a user's identity when accessing systems.

Multi-Factor Authentication for Remote Network Access

Requiring multi-factor authentication for remote network access is an important security control that can help reduce the potential for a network compromise caused by lost or stolen passwords. Without this control an intruder can gain access to an insured's network in a similar manner to an authorized user.

Multi-Factor Authentication for Administrative Access

Requiring multi-factor authentication for both remote and internal access to administrative accounts helps to prevent intruders that have compromised an internal system from elevating privileges and obtaining broader access to a compromised network. The existence of this control can prevent an intruder from gaining the level of access necessary to successfully deploy ransomware across the network.

Multi-Factor Authentication for Remote Access to Email

Requiring multi-factor authentication for remote access to email can help reduce the potential for a compromise to corporate email accounts caused by lost or stolen passwords. Without this control an intruder can easily gain access to a user's corporate email account. Threat actors often use this access to perpetrate various cyber crime schemes against the impacted organization and its clients and customers.

The controls described above and listed below are the minimum controls that must be in place in order to be eligible for a Cyber policy. Because of the importance of the controls in preventing ransomware attacks the following attestation should be completed with the assistance of the person(s) in charge of IT security. If IT security is outsourced to a managed security provider or other 3rd party please complete the attestation below with their assistance.

Multi-Factor Authentication Attestation

General Information

Multi-Factor Authentication Attestation

Signatures

Producer Information

Agent Name

RiskRevu^TM Newsletter

Contact

Multi-Factor Authentication Attestation

General Information

Multi-Factor Authentication Attestation

Signatures

Producer Information

Agent Name

Share This

RiskRevuTM Newsletter

Contact

RiskRevu^TM Newsletter