They can strike anyone, anytime, anywhere. Whether they use a phish, a virus or even a Trojan horse malware, cybercriminals are targeting Fortune 500 companies on Wall Street — but increasingly even smaller stores on Main Street.
In fact, the U.S. Small Business Administration claims that small employers are becoming an attractive target for cybercriminals because they have valuable customer data, provide access to larger networks such as supply chains, and often lack the resources or personnel to focus on cybersecurity.
Cyberattack response plan a good idea
Despite this trend, new research from Nationwide released during National Cyber Security Awareness Month reveals that most small-business owners (78 percent) still don’t have a cyberattack response plan — even though the majority (68 percent) are at least somewhat concerned about a potential cyberattack affecting their business.
Our survey also found that more than half (54 percent) of small-business owners were victim to at least one type of attack. The top three attacks were a computer virus (37 percent), phishing (20 percent) and a Trojan horse malware (15 percent). Other attacks included hacking (11 percent), unauthorized access to customer information (7 percent) or company information (7 percent), issues due to unpatched software (6 percent), data breach (6 percent) and ransomware (4 percent).
Those findings came from our second annual Small Business Indicator. This national survey was conducted online in June by Harris Poll on behalf of Nationwide among 502 U.S. small-business owners with fewer than 300 employees.
Agents can assess risk, advise on policies
Although cybersecurity poses a serious threat to America’s small-business owners, they can get help from their local insurance agent. These trusted partners may not be cybersecurity experts, but they can support owners in assessing their risk and advising on policies. As a matter of fact, agents are so crucial to helping small businesses fight cybercriminals that we created a list of 10 tips they can share with their clients:
1. Protect the perimeter
Guard your physical perimeter to prevent hackers from accessing sensitive data and your company's computer network.
Consider whether your Wi-Fi signal and computer network are accessible from outside your facility and what protections you need to keep out unauthorized users.
Also look at how easy it is to get inside secure areas of your location and whether access cards are stored securely.
2. Train employees
Educate your team because employees are your company's first line of defense against cybercriminals.
Provide training in the workplace for all levels from the CEO on down. Remember that almost everyone carries a smartphone or tablet these days, and most phones don’t have the same security software that computers do.
3. Build a firewall
Activate your firewall to block connections that are used to hack into your system and deliver viruses.
You may need to evaluate what kind of firewall to use at different points on your system and whether you also need better host security.
4. Update software regularly
Install and regularly update spyware, anti-virus and malware software to help prevent and detect any of those from affecting your computers.
You also need to be sure that all company-owned devices also have the most up-to-date security software. If your company allows employees to access company information on their personal electronic devices, have a policy that requires security software with regular updates on those devices as well.
5. Change passwords often
Use stronger passwords of 8-10 characters that include letters, numbers and special characters; change those passwords regularly on your network, and require all employees to change their passwords regularly as well.
If you have a guest wireless network, you should change that password often, for example, weekly, and only allow the connection to remain open for a limited amount of time. If you’ve ever used a wireless network at some large retailers you’ll note that the system logs you out after a short time, usually about two hours, and you have to log back in again.
6. Secure your networks
Secure your Wi-Fi networks to prevent hackers from accessing your servers or using your internet connection without your knowledge.
An even more basic protection is to consider whether you need a wireless network at all. One financial services company has no wireless network accessibility in its offices for visitors or employees. Only a limited number of employees have access to email on electronic devices, and those who are authorized to work at home must use a VPN on a wired network.
7. Monitor social networks
Set social network profiles to private and check security settings; also, be mindful of what information you post online.
If you have a social media site, for example a Facebook business page, control who has can post on that page, and whether an administrator has to review and authorize posts.
8. Encrypt data
Encrypt your most sensitive data, make a backup and store it in a fireproof safe or off-site; use a dedicated computer for all sensitive information.
Be sure you understand what data you control that is sensitive. It’s more than customer credit card information; it’s also any employee data or it may be proprietary, for example, engineering designs.
Related: Keep employee data safe
9. Confirm your vendor’s security
Carefully select online computing services, because any information you share with them can be compromised by their system.
Require system security and regular updates as part of your contract with any vendor for computer services as well as any suppliers that might have access to your system. If you allow vendors to upload information to your computer network, require their systems to be secure as well.
10. Buy the right insurance
Acquire cyber insurance to cover losses in case of a breach or fraud.
Agents should review the client's business insurance package and ensure that the appropriate coverage is in place. Remember that one cyber incident can shut down a small business, so the coverage should include business interruption. Consider what kind of protection the business needs if a supplier or vendor has a cyber incident.
Cybercriminals can strike anyone, anytime, anywhere, but agentsare there to help any client, anytime and anywhere. So let’s start the conversation today.