Cybersecurity and Your Business
According to the CHUBB Cyber Index, the average paid incident response cost over the last three years is over $1,000,000. Small businesses are especially vulnerable because they often lack a dedicated IT Department that can help educate and help minimize the risk of a cyberattack. While the news focuses on the large companies that are targeted, smaller companies are frequent targets.
While a Cyber Policy is one way to protect your business by ensuring that you have coverage in place to pay for costs for first and third-party claims, notifications, credit monitoring, forensics, crisis management, etc., learning the best practices for preventing cyberattacks is vital for any business owner.
Taking steps to prevent cyberattacks in your first line of defense. Some of the areas where you can take preventative measures are listed below.
· Network Security – Some ways to secure your network are:
o Use a firewall
o Put a password on the router to prevent access
o Use a VPN for remote employees
o Do not broadcast your network name
· Anti-Virus – Installing antivirus software on all of your computers and ensuring that they are updated will help reduce your risk of malware and viruses.
· Strong and Unique passwords - Create a password protocol and have all employees follow it. Passwords should be over 10 characters, a mixture of upper and lower case, use symbols and numbers, and not be re-used in more than one place.
· MFA – Multi-Factor Authentication - this is a layer of security that goes beyond just needing a password and user name. By asking for two or more ways to authenticate, it reduces the risk of unauthorized access. Set up MFA on any account with vulnerable information, such as client data, finances, etc.
· Employee Training – make sure your employees know how to identify phishing emails, follow password protocols, use MFA, know how to spot suspicious downloads
· Back up Data on all computers regularly
· Secure Payment Processing – if you are taking credit card payments, make sure their programs are secure and that they have anti-fraud tools and services.
There are numerous ways that cyber-attacks happen.
· Viruses - These are programs that are used to gain access to your system. They can steal, wipe out data, or use your computers to spread the virus to others.
· Malware – Software that does damage to individual computers, networks, or servers is known as malware. It’s a blanket term that includes ransomware and viruses.
· Ransomware – This is malware that once it is in your system, will restrict access to the files, usually by encrypting everything, until a ransom demand for money is paid. Unpatched software and phishing emails are the two main ways ransomware infects computers.
· Spyware – This is malware that gathers and sends data to another party. Keyloggers, to capture keystrokes are considered spyware.
· Phishing – Phishing emails are continually evolving, which can make them hard to identify. They look legitimate at a casual glance and can trick users into logging into fake web pages to capture ID/Password combos, or to deploy malware.
Protect your Business
If you do not have a dedicated IT department, you can get an outside IT service to help you secure your systems and put best practices into play. But there are a lot of resources for business owners to use to help keep their businesses secure.
· Free Cybersecurity Services and Tools – CISA (Cybersecurity and Infrastructure Security Agency) has a list of free resources for cybersecurity. They also have small business cybersecurity guidance at this link. One of their free tools is a scan to detect any vulnerabilities in your network.
· Cybersecurity plans are important to have. Many businesses have a disaster plan in place but not a Cybersecurity plan. The FCC has a tool to help you create a strategy tailored to your business.
Cyber Liability Insurance
At Fixated Financial, we have multiple carriers for Cyber Liability. A Cyber Liability policy will provide First Party coverage for expenses incurred by your company due to a loss, and Third Party expenses such as privacy lawsuits, regulatory fines, media liability claims, and negligence or breach of contract claims. In addition to the coverage, many carriers provide free loss mitigation services to help prevent claims before they happen, such as employee training and security consultation for potential events.
If you would like to discuss your options or learn more about coverage, please call us at 855-266-2135 or email email@example.com or firstname.lastname@example.org.
Photo by cottonbro studio