Episode 7 “… and you have user training?” asks our visitor.
“We do indeed,” responds the PFY.
“Although I see you’ve had a fairly high turnover of staff in recent years.”
“Yes, but that’s usually a byproduct of user education,” notes the PFY.
“No, I mean you have a high churn, so education must be a burden. Tensions must be high at times.”
“It’s a challenge, but in many cases we think it’s best to bury the hatchet. Get there early before it gets out of hand.”
“An admirable position to take.”
“That’s true,” I answer. “And often we find that the users who leave us become an integral part of other companies.”
“Foundation users, you might say,” says the PFY, no doubt thinking about some of our late-night cement deposits.
“Other times,” I add, “we seem to be the only ones who can see a user’s potential and the impact they can make. Sometimes they don’t even know themselves. It’s amazing what a difference you see in their life with a nudge in the right direction.”
“Some companies would just show them the door,” the PFY says. “But that’s not our way.”
“Not with a perfectly maintained window,” I add.
Meeting with the corporate insurer is one of those tasks that pop up every few years, but with the “new” perceived threat of encryption ransomware, visits have increased somewhat and questions are much more extensive.
That said, the cyber insurance game appears to be a huge blunder – with caveats and clauses to shift blame back to the insured in the event of a claim. You’ll probably only get a payout during a solar eclipse, when Mercury goes retrograde, your users can’t access the internet AND it’s February 30th.
But even if the payout is less reliable than a VW emissions test, everyone still wants cyber insurance.
“Just answer the questions!” asks the boss.
“What’s next?” I ask cheerfully.
“Can you outline your backup regimen?”
“Cloud mirroring, daily snapshots, incremental versions.”
“Do you have a popular site?”
“Not since they installed sprinklers,” the PFY chimed in.
“No remote backups or cold sites?” he continues.
“What about hardware? Do you do inventory inventories?” he asks.
“I’ve been doing this for years,” I answer, “usually at night. Sometimes I have to bring a van.”
“I… er… mean, do you keep inventory? Do you delete computers as soon as they are no longer useful?’
“Computers, telephones, people.”
“Uhhhm. What about portable hard drives and PCs? Do you allow users to take them with them?”
“Oddly enough, they stopped bringing them in around the same time we brought hammers in. It’s probably just a coincidence.”
“Remote access. Can people access work data at home?”
“You… have been there for a year?”
“Yes, yes, I understand the whole lockdown thing, but I have to ask all the questions on the list – and since I’m new to the company, I have to follow the guidelines to the letter.”
“Well, you know what they say,” I chirp, “you only sell IT insurance twice in your career: once on the way up and once on the way down. So I guess I should say WELCOME BACK! “
“What is your password policy?” he continues, ignoring me.
“Don’t ask, don’t tell.”
“Don’t ask us to relax the password policy and we won’t tell you to fuck off.”
“Have you had notifiable burglaries in the past?”
“The boss came in to my house last week while I was on the toilet,” says the PFY, “but it was a faulty loft lock. At least he said it was a faulty loft lock…”
The boss has the decency to look a little embarrassed as our insurance guy goes on – no doubt making a mental note to bump up the premium for any personal complaint coverage we may have.
“Have you or your staff suffered damage from social engineering?”
“No, but we’ve had a lot of it because of the construction technique. Apparently our stairs are quite slippery.”
“Is there any harassment at work, negative complaints about the work environment, or any reason why staff might hold a grudge against you or your computer systems?”
“Well, there are a few complaints about staff lapses.”
“Staff feel run down?”
“No, no, staff creature run down. I couldn’t find the ax,” says the PFY.
“Look,” I say, “we all have a job to do. Part of us is making sure all our users make the most of our limited resources, and part of yours is going down those slippery stairs.” So why don’t we just agree that we’re an OK risk, that you’ll waive the premium this year and that your impact on the world will be limited to IT insurance planning and not the footpath outside that window?”
And so we have an agreement that is worth every penny we paid for it.