Did you know that in 2016, more than 60 percent of all cyberattacks targeted small to medium-sized businesses? Or that on average, a severe security breach costs a small business between $88,000 and $155,750, according to PwC?
It’s intimidating but true: Whether it’s by stealing intellectual property (IP), accessing employee or customer data, or holding computers to ransom, cyber criminals can seriously threaten your business. And it’s not just about the funds you’ll need to resume operations — it’s also about the long-term impact of a breach on your business’s reputation, especially if customer data has been compromised.
Knowing all of this, it should be clear that if you don’t already have a cybersecurity plan in place for your company, now’s the time to implement one. To better protect your business, keep the following tips in mind:
- Make sure that your network is secure. Use a strong firewall and encrypt all data within the network. SBA.gov advises that if you use a Wi-Fi network, you need to not only secure it with a firewall, but also hide it. You can do this by setting up your router so it doesn’t broadcast your Service Set Identifier (SSID) or network name. In addition, make sure to protect your router with a password.
- Install anti-virus software on all computers and devices including desktop computers, laptops, tablets and smartphones. Make sure the anti-virus protects against spyware and malware, as well as viruses. In addition, set your anti-virus to update automatically, and regularly run scans on each device to check for breaches.
- Perform software updates as needed. Regardless of your operating system, you’ll be alerted to software updates every once in a while. Because these updates sometimes address vulnerabilities that could be exploited by cybercriminals, it’s critical to run them.
- Create and implement a strong policy for devices. If your employees access the company’s network via their devices, require them to take appropriate security measures. According to the Federal Communications Commission (FCC), devices should be password protected and their data should be encrypted. In addition, set up a policy that instructs employees to immediately report any stolen or lost devices.
- Restrict access to highly sensitive data. Add additional layers of security within the network to protect sensitive data such as IP, employees’ social security numbers or customers’ payment information. You can do this by password protecting certain files and/or adding two-step authentication.
Have a secure backup system for sensitive data. Instead of simply storing all of your data on your local network, back it up automatically to the cloud so you can access it in the event of a breach. - Educate employees about good cyber hygiene. This involves basic yet critical things like how to create strong passwords, changing passwords regularly, and not opening attachments or links in emails from unverified sources to avoid phishing.
- Have a recovery plan. To minimize downtime and damage to your business, create a comprehensive recovery plan following the guidelines from Ready.gov. For example, you can subscribe to a so-called “hot site” that provides you with the equipment and software you need to keep running in the event of a breach.
Get cyber liability insurance. Losses resulting from a cyberattack aren’t covered by your general liability insurance. That’s why you need a separate cybersecurity policy that covers you for any legal costs and expenses resulting from liability to a third party, for example a customer who sues you because his or her data has been compromised. In addition, cyber insurance should cover the costs of restoring your computer system and recovering your data. It should also provide coverage for notifying any customers of a breach and, if applicable, restoring their identities.
While it might seem daunting to have to develop a cybersecurity plan, don’t be discouraged. Because when you consider the potential consequences of not being adequately protected against a cyberattack, implementing the right cybersecurity measures before disaster strikes is well worth the effort, time and investment. At Grand Mutual Insurance, we have licensed insurance agents to help find the best package to protect your online assets with cyber liability insurance and more options to protect your business and personal life.