What is the Cyber Defense Score™?

The Cyber Defense Score™ is an A–F letter grade plus a 0–100 numerical score produced by a 100-tool external attack surface scan. It shows you exactly what cyber insurance underwriters see when they assess your business. It is mapped to NIST CSF 2.0, CIS Controls, SOC 2, NIST 800-171, FTC Safeguards Rule, and PCI-DSS readiness.

How does Cyber Defense Agent help with cyber insurance?

Cyber Defense Agent runs the same external scans that cyber insurance underwriters use to assess your risk. By scanning first, you can identify and fix gaps (missing MFA, DMARC, open ports, SSL issues) BEFORE your renewal or new application. This helps you avoid denials, reduce premiums, and pass underwriting on the first attempt.

What do cyber insurance underwriters scan for?

Underwriters typically scan for: MFA enforcement across all remote access, DMARC/SPF/DKIM email authentication, open RDP ports (3389), SSL/TLS configuration, known vulnerabilities in public-facing services, DNS security, and evidence of endpoint detection (EDR). Cyber Defense Agent checks all of these in 60 seconds.

Can Cyber Defense Agent help me lower my cyber insurance premium?

Yes. Carriers offer premium discounts of 10–25% for businesses that demonstrate strong security posture. By fixing the gaps Cyber Defense Agent identifies and presenting your Cyber Defense Score™ and trust page to your broker, you provide concrete evidence of risk reduction that carriers reward with lower premiums.

Why was my cyber insurance application denied?

The most common denial reasons are: no MFA on email and remote access (41% of denials), missing DMARC email authentication, open RDP ports, no EDR/endpoint protection, and no incident response plan. Cyber Defense Agent scans for all of these and shows you exactly what to fix before reapplying.

How long does a Cyber Defense Agent scan take?

A full 100-tool external attack surface scan completes in approximately 60 seconds. No software installation, no questionnaires, and no credit card is required to get started. You see the same view of your attack surface that underwriters see.

What frameworks does Cyber Defense Agent map to?

Cyber Defense Agent maps scan results to NIST CSF 2.0, CIS Controls, SOC 2, NIST 800-171, FTC Safeguards Rule, and PCI-DSS readiness. These are the same frameworks cyber insurance carriers reference in their underwriting guidelines.

How much does Cyber Defense Agent cost?

Essentials starts at $149/mo ($1,490/yr). Pro is $349/mo ($3,490/yr) and includes internal scanning, SOC 2 readiness, and full MCP toolset. Enterprise is $999/mo ($9,990/yr) with daily scans, custom framework mapping, and a dedicated AI agent instance. MSP partners pay $79/business/mo with a 25-business minimum. The free scan is always free.

How do I prepare for cyber insurance renewal?

Start 60–90 days before renewal. Run a Cyber Defense Agent scan to identify gaps. Fix critical items: enforce MFA everywhere, deploy DMARC, close open ports, update EDR. Re-scan to verify improvements. Present your Cyber Defense Score™ and trust page to your broker as evidence of improved posture. This positions you for renewal without premium increases or coverage reductions.

What is a trust page?

A trust page is a public cybersecurity posture page hosted at trust.cyberdefenseagent.ai/{your-slug}. It displays your Cyber Defense Score™, framework compliance status, and last scan date. Brokers, underwriters, and business partners can verify your security posture in 60 seconds instead of reviewing 30-page questionnaires.

How-To Guide

How to Secure Remote Work for Your Team

A practical checklist for securing remote work environments including VPN configuration, endpoint hardening, access controls, and secure communication policies.

Farhad Mirza Khawar

Founder of HIPAA Agent and Cyber Defense Agent. Compliance infrastructure for SMBs. Sacramento, CA.

2026-05-01

Before You Start

An inventory of all remote workers and the devices they use
A decision on whether to provide company-owned devices or support BYOD
MFA already enforced on all cloud services and email
An internet-facing network architecture diagram

Establish secure remote access to company resources

Choose a remote access strategy based on your infrastructure. If you maintain on-premise servers and applications, deploy a business-grade VPN solution such as WireGuard, OpenVPN, Cisco AnyConnect, or Palo Alto GlobalProtect. Configure the VPN with split tunneling disabled so all traffic routes through your corporate network for inspection, or use split tunneling with DNS filtering if full tunneling impacts performance too much. For cloud-first organizations, consider a zero trust network access solution like Zscaler Private Access, Cloudflare Access, or Tailscale that provides per-application access without a traditional VPN. Regardless of approach, require MFA for every remote access connection. Configure automatic connection on managed devices so users cannot bypass the secure access path. Monitor VPN and remote access logs for anomalies like connections from unusual geographic locations or connections outside business hours.

Harden remote endpoints

Every remote device is an entry point to your network. For company-owned devices, enroll them in a mobile device management solution like Microsoft Intune or Jamf. Configure the MDM to enforce automatic operating system and application updates, require full disk encryption using BitLocker on Windows and FileVault on macOS, enable the local firewall, set automatic screen lock after five minutes of inactivity, and restrict the ability to install unapproved applications. Deploy endpoint detection and response software on every managed device. For BYOD scenarios, use application-level controls rather than device-level management. Require a minimum operating system version, enforce MFA on all applications, use conditional access policies that check device compliance before granting access, and containerize business data using solutions like Microsoft Intune MAM that allow you to remotely wipe corporate data without affecting personal data on the device.

Secure home network guidance for employees

While you cannot manage employee home networks directly, provide guidance to reduce risk. Create a home network security checklist for employees that covers changing the default router admin password, enabling WPA3 or WPA2 encryption on WiFi, updating router firmware to the latest version, disabling remote router management from the internet, and using a separate network or SSID for work devices if the router supports it. Recommend that employees avoid working from public WiFi networks, and if they must, require VPN usage at all times. Provide guidance on physical security including locking the screen when stepping away, not allowing family members to use work devices, and securing printed documents. Consider providing a stipend for employees to purchase a quality router with automatic firmware updates if their current equipment is outdated or insecure.

Deploy secure collaboration and communication tools

Remote teams rely heavily on collaboration tools, and these must be configured securely. Standardize on approved tools for video conferencing, messaging, file sharing, and project management. For video conferencing, require meeting passwords or waiting rooms to prevent unauthorized access. For messaging, use enterprise platforms like Microsoft Teams or Slack with data retention policies and compliance features rather than personal messaging apps. For file sharing, use approved cloud storage like SharePoint, Google Drive, or Dropbox Business with appropriate sharing permissions, and disable public link sharing by default. Configure data loss prevention policies to prevent sensitive information from being shared outside the organization through these tools. Prohibit the use of personal email, personal cloud storage, and unauthorized third-party tools for business communications to prevent data leakage to unmanaged services.

Implement monitoring and incident response for remote workers

Adapt your security monitoring and incident response procedures for the remote work environment. Ensure your security logging covers remote access events including VPN connections, cloud application sign-ins, and file access from external networks. Configure alerts for indicators of compromise that are specific to remote work such as impossible travel where a user authenticates from two distant locations in a short time, authentication from countries where you have no employees, and large data downloads outside business hours. Update your incident response plan with procedures for remote scenarios. If a remote employee device is compromised, you need the ability to remotely isolate the device from both the corporate network and the internet, which EDR tools and MDM solutions provide. Define the procedure for a remote employee to report a lost or stolen device and the maximum acceptable time to remotely wipe it. Test these procedures regularly to ensure they work.

Create and enforce a remote work security policy

Document all remote work security requirements in a clear policy that employees acknowledge and agree to follow. The policy should cover approved devices and operating systems, required security software and configurations, VPN and secure access requirements, acceptable use of home networks and public WiFi, data handling rules for working with sensitive information remotely, physical security requirements for the remote workspace, reporting procedures for security incidents and lost or stolen devices, and consequences for non-compliance. Review and update the policy annually or whenever your remote work technology stack changes. Include the remote work security policy in your new employee onboarding process. Conduct quarterly compliance checks using your MDM and security tools to verify that remote devices meet the policy requirements, and follow up with non-compliant users promptly.

Common Mistakes to Avoid

Allowing remote access without requiring MFA, making stolen credentials sufficient for full network access

Not deploying EDR on remote devices, leaving endpoints unmonitored outside the corporate network

Permitting use of personal devices without any security controls or application-level management

Failing to provide clear guidance on home network security, leaving employees on insecure default configurations

Not adapting the incident response plan for remote scenarios, causing delays when a remote device is compromised

How to Enforce MFA in Microsoft 365 How to Set Up EDR for Your SMB How to Create a Cybersecurity Policy

Get your Cyber Defense Score™ in 60 seconds.

100 tools. No installation. No credit card.

Get My Cyber Defense Score™ →