Since the start of the COVID-19 pandemic, small businesses have quickly embraced remote working and moved to new technologies, such as contactless payments and online ordering. Unfortunately, these adjustments come with increased risks. According to a 2022 report from Barracuda, a cloud and network security company, small businesses with less than 100 employees receive 350% more social engineering attacks – such as phishing, scamming or compromising e-mail. -mails – only big companies.
Compared to large enterprises, many small businesses have fewer resources to devote to cybersecurity, making them vulnerable to the ever-changing tactics of cybercriminals. And dealing with the aftermath of a cyberattack can be seriously detrimental to a company’s bottom line, costing around $25,000 a year.
Small businesses can protect themselves against cyberattacks with these four tips.
1. EVALUATE ONLINE SYSTEMS
Before a business can effectively protect itself against cyber threats, it must have a complete understanding of its current online IT operations ecosystem. The owner may ask, “What are we doing on any Internet-connected machine?” says Andrew Lipton, vice president, cyber claims manager at AmTrust Financial Services, a small insurance company.
Business owners need to understand where their data is located and categorize the types of data they store – for example, names, addresses, social security numbers.
Lipton suggests owners contact a legal expert, particularly if they’re dealing with sensitive information like social security or credit card numbers, to better understand the consequences of a data breach and get a professional opinion on the how to protect their data. .
Then they’re in a good position to talk to their ISP to figure out the best way to secure their most important information.
2. IMPLEMENT GOOD CYBERSECURITY PRACTICES
Even without big business firepower, small businesses can create a defense that discourages cybercriminals from carrying out their attacks, Najma Sultana said by email. Sultana is Head of Security at Veem, a global payments provider for small businesses.
A business owner can implement basic safety and sanitation practices, such as:
- Installation of firewalls to prevent unauthorized access to company networks.
- Use anti-virus software and ensure it is updated regularly.
- Back up data regularly and store it offline or in another location, not just in the cloud.
- Create strong passwords and don’t use the same password on different accounts.
- Require multi-factor authentication, which requires two identification factors, such as password and passcode, to access accounts and systems.
Some of these security features may already be available. “Many apps and software your business already uses will have security features built in, but they won’t necessarily be enabled by default,” said Lauren Winchester, vice president of risk and response at Corvus Insurance, via email. mail.
A business can enable these features to quickly and easily add an extra layer of security.
3. TRAIN EMPLOYEES — AND OWNERS
Business owners and their employees are often the first line of defense in protecting the business against cyberattacks. In fact, according to the World Economic Forum’s Global Risks Report 2022, 95% of cybersecurity issues can be attributed to human error.
Receiving basic cybersecurity training can help managers and employees learn to identify common threats, such as phishing emails or suspicious downloads, as well as develop online best practices, such as safe browsing and strong passwords.
And with employees working remotely or in different offices, it’s especially important for businesses to create and review cybersecurity policies for the business, including security guidelines and what to do in the event of a breach. of data.
The Federal Communications Commission offers a free online tool to help businesses create a cybersecurity plan tailored to a company’s unique business needs. Free virtual and in-person cybersecurity training events are available from the US Small Business Administration and its partners. Internet systems and cyber insurance providers may also offer these types of training.
4. INVEST IN CYBERSECURITY INSURANCE
Cybersecurity insurance can help protect a business against financial loss caused by incidents such as data breaches, ransomware attacks, and hacking.
If, for example, a point-of-sale system is hacked and the hackers leak customers’ stored credit card information, this policy will cover the cost of notifying customers, investigating the incident, and provision of credit monitoring services. It would also cover legal fees or settlements if a customer sues the company over the incident.
However, the best cyber insurance companies on the market today are more than a bulwark against financial loss, says Lipton of AmTrust Financial Services. These insurance companies will not only provide a comprehensive policy, but will also help assess a company’s systems, offer advice on how to better protect data, and connect a company with additional security partners or vendors in their network.
Look for a carrier that volunteers to be a partner in the cybersecurity strategy, Lipton says. Insurance is “an essential element of cybersecurity strategy, but it is only one element”.
This article was provided to The The AU Times by personal finance website TAUT.
Copyright 2022 The AU Times. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
Business enterprise insurance