Small Businesses Can Still Face Big Threats from Cyber Attacks
Cyber attacks can encompass a wide array of tactics and threats, including: viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorized access (stealing intellectual property or confidential information) and control system attacks.
While large corporations make the news when hackers attack, small businesses are just as likely to be victims of cyber crime.
Most concerning are the malicious cyber attacks that involve phishing, loss of customer data, or that result in the business losing money.
The Threat From Within – Your Employees May be Your Biggest Security Threat!
Many security breaches are actually inadvertent and unintentional, perpetrated by your own employees! When small businesses suffer staff-related security breaches, many are caused unintentionally by human error by way of plugging in personal electronic devices, opening infected emails, using unsafe websites, and maintaining weak device passwords and out of date software.
What Can You do to Avoid Being the Victim of Cyber Crime?
#1 Stay Informed
Stay up-to-date with the latest news related to computer security threats and cyber crime. Sign up for email updates from reputable cyber security sources like NakedSecurity and SecurityWeek and follow them on Facebook and Twitter.
Setup a Google alert with keywords like “latest cyber security threat”, “latest cyber attack,” “latest malware threat,” or “latest computer virus”.
#2 Anti-virus Software
Install and use anti-virus software or an internet security suite. Anti-virus software detects and either blocks or removes malware that may have infected a machine. An internet security suite is a more robust tool that provides additional services like firewalls, identity theft protection, and parental controls. Don’t forget to keep your anti-virus software up-to-date to get the best protection!
#3 Employee Education and Compliance
Generate expectations and create an internal action plan for your employees to follow regarding the use of personal electronic devices at work, generating secure passwords, and accessing company resources from remote locations.
#4 Complex Passwords
While it’s tempting to use the same password for all your accounts, using the same password or using a generic password like “password1” is low hanging fruit for a hacker. It’s like leaving the front door to your house open for a burglar and expecting them not to walk in and help themselves.
Use complex passwords that provide a higher degree of security. A tool like Lastpass can be a very effective and convenient way to safely store and maintain complex passwords that provide that higher degree of protection.
#5 Obtain Cyber Liability Insurance
Should the worst-case scenario play out, you will be glad you have the safety net that the right cyber liability insurance policy will provide.
The cost and amount of coverage you need varies depending on your risk exposure and industry. Financial and medical institutions and any company that collects and stores a large amount of customer personal data will have a higher risk and higher costs.
Cyber liability insurance often covers the following to some degree or another:
- Data breach and system damage: While standard property insurance policies cover the machine itself, it won’t cover the data stored on the machine. That’s where this coverage applies.
- Business Interruption: If a hack causes you to be out of business either temporarily or long-term while you recover, this coverage covers that loss of revenue.
- Notification Expense: Forty-seven states, DC, Guam, Puerto Rico, and the Virgin Islands all require some degree of reporting when a secure system is breached. In most cases this means you’re on the hook to notify any parties whose personal information was compromised and may even include ongoing credit monitoring. For those keeping track at home, the only states that don’t require any reporting are Alabama, New Mexico, and South Dakota.
- PR/Crisis Management: If the worst-case scenario takes place (e.g., Sony, Target Corp.) you’ll need to do some serious damage control to regain public trust and keep your business afloat.
- Content Liability: Any piece of your online presence (blog, website, social accounts, etc.) that may be subject to slander, invasion of privacy or other intellectual property claims.
Work with an experienced independent agent when trying to understand the type of cyber liability policy that makes sense for you. Make sure you both understand what types of protection your business needs and what exclusions may apply to the policies you are comparing.