They can strike anyone, anytime, anywhere. Whether they use aphish, a virus or even a Trojan horse malware, cybercriminals aretargeting Fortune 500 companies on Wall Street — but increasinglyeven smaller stores on Main Street.

In fact, the U.S. Small Business Administration claims that smallemployers are becoming an attractive target for cybercriminalsbecause they have valuable customer data, provide access to largernetworks such as supply chains, and often lack the resources orpersonnel to focus on cybersecurity.

Cyberattack response plan a good idea

Despite this trend, new research from Nationwide released during National Cyber Security Awareness Month revealsthat most small-business owners (78 percent) still don't have acyberattack response plan — even though the majority (68 percent)are at least somewhat concerned about a potential cyberattackaffecting their business.

Our survey also found that more than half (54 percent) ofsmall-business owners were victim to at least one type of attack.The top three attacks were a computer virus (37 percent), phishing(20 percent) and a Trojan horse malware (15 percent). Other attacksincluded hacking (11 percent), unauthorized access to customerinformation (7 percent) or company information (7 percent), issuesdue to unpatched software (6 percent), data breach (6 percent) andransomware (4 percent).

Those findings came from our second annual Small Business Indicator. This national surveywas conducted online in June by Harris Poll on behalf of Nationwideamong 502 U.S. small-business owners with fewer than 300employees.

Agents can assess risk, advise on policies

Although cybersecurity poses a serious threat to America'ssmall-business owners, they can get help from their local insuranceagent. These trusted partners may not be cybersecurity experts, butthey can support owners in assessing their risk and advising onpolicies. As a matter of fact, agents are so crucial to helpingsmall businesses fight cybercriminals that we created a list of 10tips they can share with their clients:

Related: 10 insights into how small-business owners perceivecyber risk

(Photo: iStock)

1. Protect the perimeter

Guard your physical perimeter to prevent hackers from accessingsensitive data and your company's computer network.

Consider whether your Wi-Fi signal and computer network areaccessible from outside your facility and what protections you needto keep out unauthorized users.

Also look at how easy it is to get inside secure areas of yourlocation and whether access cards are stored securely.

Related: What business owners need to know about cyber riskfrom wearable devices

(Photo: iStock)

2. Train employees

Educate your team because employees are your company's firstline of defense against cybercriminals.

Provide training in the workplace for all levels from the CEO ondown. Remember that almost everyone carries a smartphone or tabletthese days, and most phones don't have the same security softwarethat computers do.

Related: Gone phishing: CEO fraud costs companiesmillions

(Photo: iStock)

3. Build a firewall

Activate your firewall to block connections that are used tohack into your system and deliver viruses.

You may need to evaluate what kind of firewall to use at differentpoints on your system and whether you also need better hostsecurity.

(Photo: iStock)

4. Update software regularly

Install and regularly update spyware, anti-virus and malwaresoftware to help prevent and detect any of those from affectingyour computers.

You also need to be sure that all company-owned devices alsohave the most up-to-date security software. If your company allowsemployees to access company information on their personalelectronic devices, have a policy that requires security softwarewith regular updates on those devices as well.

Related: Transition to chip cards exposes merchants to newliabilities

(Photo: iStock)

5. Change passwords often

Use stronger passwords of 8-10 characters that include letters,numbers and special characters; change those passwords regularly onyour network, and require all employees to change their passwordsregularly as well.

If you have a guest wireless network, you should change thatpassword often, for example, weekly, and only allow the connectionto remain open for a limited amount of time. If you've ever used awireless network at some large retailers you'll note that thesystem logs you out after a short time, usually about two hours,and you have to log back in again.

Related: Biggest cybersecurity weakness: stolenlogins

(Photo: iStock)

6. Secure your networks

Secure your Wi-Fi networks to prevent hackers from accessingyour servers or using your internet connection without yourknowledge.

An even more basic protection is to consider whether you need awireless network at all. One financial services company has nowireless network accessibility in its offices for visitors oremployees. Only a limited number of employees have access to emailon electronic devices, and those who are authorized to work at homemust use a VPN on a wired network.

Related: 5 tips to avoid the dangers of publicWi-Fi

(Photo: iStock)

7. Monitor social networks

Set social network profiles to private and check securitysettings; also, be mindful of what information you post online.

If you have a social media site, for example a Facebook businesspage, control who has can post on that page, and whether anadministrator has to review and authorize posts.

Related: 7 ways ransomware could invade yourcompany

(Photo: iStock)

8. Encrypt data

Encrypt your most sensitive data, make a backup and store it ina fireproof safe or off-site; use a dedicated computer for allsensitive information.

Be sure you understand what data you control that is sensitive.It's more than customer credit card information; it's also anyemployee data or it may be proprietary, for example, engineeringdesigns.

Related: Keep employee data safe

(Photo: iStock)

9. Confirm your vendor's security

Carefully select online computing services, because anyinformation you share with them can be compromised by theirsystem.

Require system security and regular updates as part of yourcontract with any vendor for computer services as well as anysuppliers that might have access to your system. If you allowvendors to upload information to your computer network, requiretheir systems to be secure as well.

Related: 6 things agents need to know about basic securityfor Cyber coverage

(Photo: iStock)

10. Buy the right insurance

Acquire cyber insurance to cover losses in case of a breach orfraud.

Agents should review the client's business insurance package andensure that the appropriate coverage is in place. Remember that onecyber incident can shut down a small business, so the coverageshould include business interruption. Consider what kind ofprotection the business needs if a supplier or vendor has a cyberincident.

Cybercriminals can strike anyone, anytime, anywhere, butagentsare there to help any client, anytime and anywhere. So let'sstart the conversation today.

Related: 6 categories of questions you'll be asked whenapplying for cyber coverage

Mark Berven is president and chiefoperating officer of Columbus, Ohio-based Nationwide Property& Casualty.