Filed Under:Agent Broker, Sales & Marketing

10 ways small businesses can fight cyber crime

Insurance agents are among the most trusted advisors for small businesses and can help them assess their risk of a cyber incident as well as provide appropriate Cyber insurance coverage. (Photo: iStock)
Insurance agents are among the most trusted advisors for small businesses and can help them assess their risk of a cyber incident as well as provide appropriate Cyber insurance coverage. (Photo: iStock)

They can strike anyone, anytime, anywhere. Whether they use a phish, a virus or even a Trojan horse malware, cybercriminals are targeting Fortune 500 companies on Wall Street — but increasingly even smaller stores on Main Street.

In fact, the U.S. Small Business Administration claims that small employers are becoming an attractive target for cybercriminals because they have valuable customer data, provide access to larger networks such as supply chains, and often lack the resources or personnel to focus on cybersecurity.

Cyberattack response plan a good idea

Despite this trend, new research from Nationwide released during National Cyber Security Awareness Month reveals that most small-business owners (78 percent) still don’t have a cyberattack response plan — even though the majority (68 percent) are at least somewhat concerned about a potential cyberattack affecting their business.

Our survey also found that more than half (54 percent) of small-business owners were victim to at least one type of attack. The top three attacks were a computer virus (37 percent), phishing (20 percent) and a Trojan horse malware (15 percent). Other attacks included hacking (11 percent), unauthorized access to customer information (7 percent) or company information (7 percent), issues due to unpatched software (6 percent), data breach (6 percent) and ransomware (4 percent).

Those findings came from our second annual Small Business Indicator. This national survey was conducted online in June by Harris Poll on behalf of Nationwide among 502 U.S. small-business owners with fewer than 300 employees.

Agents can assess risk, advise on policies

Although cybersecurity poses a serious threat to America’s small-business owners, they can get help from their local insurance agent. These trusted partners may not be cybersecurity experts, but they can support owners in assessing their risk and advising on policies. As a matter of fact, agents are so crucial to helping small businesses fight cybercriminals that we created a list of 10 tips they can share with their clients:

Related: 10 insights into how small-business owners perceive cyber risk

Exterior of office building in daylight

(Photo: iStock)

1. Protect the perimeter

Guard your physical perimeter to prevent hackers from accessing sensitive data and your company's computer network.

Consider whether your Wi-Fi signal and computer network are accessible from outside your facility and what protections you need to keep out unauthorized users.

Also look at how easy it is to get inside secure areas of your location and whether access cards are stored securely.

Related: What business owners need to know about cyber risk from wearable devices

Computer keyboard with key labeled phishing and hook

(Photo: iStock)

2. Train employees

Educate your team because employees are your company's first line of defense against cybercriminals.

Provide training in the workplace for all levels from the CEO on down. Remember that almost everyone carries a smartphone or tablet these days, and most phones don’t have the same security software that computers do.

Related: Gone phishing: CEO fraud costs companies millions

Brass padlock labeled firewall

(Photo: iStock)

3. Build a firewall

Activate your firewall to block connections that are used to hack into your system and deliver viruses.

You may need to evaluate what kind of firewall to use at different points on your system and whether you also need better host security.

Computer keyboard with blue key labeled update

(Photo: iStock)

4. Update software regularly

Install and regularly update spyware, anti-virus and malware software to help prevent and detect any of those from affecting your computers.

You also need to be sure that all company-owned devices also have the most up-to-date security software. If your company allows employees to access company information on their personal electronic devices, have a policy that requires security software with regular updates on those devices as well.

Related: Transition to chip cards exposes merchants to new liabilities

Computer password on yellow sticky note on keyboard

(Photo: iStock)

5. Change passwords often

Use stronger passwords of 8-10 characters that include letters, numbers and special characters; change those passwords regularly on your network, and require all employees to change their passwords regularly as well.

If you have a guest wireless network, you should change that password often, for example, weekly, and only allow the connection to remain open for a limited amount of time. If you’ve ever used a wireless network at some large retailers you’ll note that the system logs you out after a short time, usually about two hours, and you have to log back in again.

Related: Biggest cybersecurity weakness: stolen logins

Cables plugged into the back of a computer network

(Photo: iStock)

6. Secure your networks

Secure your Wi-Fi networks to prevent hackers from accessing your servers or using your internet connection without your knowledge.

An even more basic protection is to consider whether you need a wireless network at all. One financial services company has no wireless network accessibility in its offices for visitors or employees. Only a limited number of employees have access to email on electronic devices, and those who are authorized to work at home must use a VPN on a wired network.

Related: 5 tips to avoid the dangers of public Wi-Fi

Smartphone screen with social media icons

(Photo: iStock)

7. Monitor social networks

Set social network profiles to private and check security settings; also, be mindful of what information you post online.

If you have a social media site, for example a Facebook business page, control who has can post on that page, and whether an administrator has to review and authorize posts.

Related: 7 ways ransomware could invade your company

Data encryption

(Photo: iStock)

8. Encrypt data

Encrypt your most sensitive data, make a backup and store it in a fireproof safe or off-site; use a dedicated computer for all sensitive information.

Be sure you understand what data you control that is sensitive. It’s more than customer credit card information; it’s also any employee data or it may be proprietary, for example, engineering designs.

Related: Keep employee data safe

Paper contract with red pen

(Photo: iStock)

9. Confirm your vendor’s security

Carefully select online computing services, because any information you share with them can be compromised by their system.

Require system security and regular updates as part of your contract with any vendor for computer services as well as any suppliers that might have access to your system. If you allow vendors to upload information to your computer network, require their systems to be secure as well.

Related: 6 things agents need to know about basic security for Cyber coverage

Words insurance policy in green bubble

 (Photo: iStock)

10. Buy the right insurance

Acquire cyber insurance to cover losses in case of a breach or fraud.

Agents should review the client's business insurance package and ensure that the appropriate coverage is in place. Remember that one cyber incident can shut down a small business, so the coverage should include business interruption. Consider what kind of protection the business needs if a supplier or vendor has a cyber incident.

Cybercriminals can strike anyone, anytime, anywhere, but agentsare there to help any client, anytime and anywhere. So let’s start the conversation today.

Related: 6 categories of questions you'll be asked when applying for cyber coverage

Mark Berven is president and chief operating officer of Columbus, Ohio-based Nationwide Property & Casualty.

Featured Video

Most Recent Videos

Video Library ››

Top Story

6 behaviors that could spawn a sexual harassment lawsuit

Sexual harassment scandals loom large among the events that shaped 2017.

Top Story

2017's 10 most hazardous toys

The Boston-based nonprofit World Against Toys Causing Harm, Inc. (W.A.T.C.H.) has released its annual list of the 10 worst toys of 2017.

More Resources


eNewsletter Sign Up

Agent & Broker Insider eNewsletter

Proven success tips and essential information to help agents and brokers grow their practice – FREE. Sign Up Now!

Mobile Phone

Advertisement. Closing in 15 seconds.