Retrieve your login information


Small Businesses Can Harbor Big Cyber Security Risks

Ten Ways to Prevent Cyber Attacks

Cyber_LiabilityCommercial data breaches have become an all-too-common news headline. Most recently, hackers breached credit agency Experian’s database and stole the Social Security numbers, dates of birth and home addresses of 15 million T-Mobile customers.

But high-profile businesses aren’t the only ones to fall victim to data theft. Surveys by the Small Business Authority and National Cybersecurity Alliance indicate that the majority of small businesses lack a formal Internet security policy for employees and about half have rudimentary cybersecurity measures in place. So what can you do to reduce your risk?

According to Symantec, 40 percent of cyber attacks are against organizations with fewer than 500 employees. In 2010, the average cost of cyber attacks against small and medium-sized businesses was nearly $200,000.

Reduce your risk for cyber attack by contacting your insurance broker to secure cyber insurance coverage that is applicable to the types of information your company is responsible for.

The following are ten steps you can take to help prevent cyber attacks.
  1. Train employees in cyber security principles. Also put together a cyber security team composed of IT, legal, public relations, human resources and risk management personnel. Have the team develop a cyber attack prevention and response plan. The plan should include steps to assess the magnitude of the incident, a coordinated response to any attempted cyber attacks, and a communication plan centered on being open and cooperative with clients, insurance carriers and regulators.
  2. Install, use and regularly update antivirus and antispyware software on every computer in your business.
  3. Use a firewall for your Internet connection.
  4. Download and install software updates for your operating systems and applications as they become available.
  5. Make backup copies of important business data and information.
  6. Control physical access to your computers and network components.
  7. Secure your Wi-Fi networks. If you have a Wi-Fi network for your workplace, make sure it is secure and password protected.
  8. Require individual user accounts for each employee.
  9. Limit employee access to data and information, and limit authority to install software.
  10. Regularly change passwords.
What should you do if a cyber attack does occur?
  1. Take the time to fully assess the situation and notify legal counsel; once an incident is characterized as a “breach” there are legal liability connotations, so be certain to fully assess the situation before labeling it as such.
  2. If you have a cyber insurance policy in place, contact your agent as soon as an incident occurs. Your agent will assist you with the details of the policy’s requirements and determine whether the insurer needs to be notified.
  3. Customers and other external parties should be notified once your cyber team and legal counsel have an understanding of the situation. Communications should be frank about the extent of the incident and its implications.

Comments are closed.