Since the beginning of the COVID-19 pandemic, small businesses have quickly adopted remote working and transitioned to new technologies, such as contactless payments and online ordering. Unfortunately, these adjustments have come with increased risks. According to a 2022 report from Barracuda, a cloud and networks security company, small businesses with fewer than 100 employees receive 350 percent more social engineering attacks—like phishing, scamming, or email compromise—than larger businesses.
Compared with larger companies, many small businesses have fewer resources to dedicate to cybersecurity, leaving them vulnerable to the ever-evolving tactics of cybercriminals. And dealing with the consequences of a cyberattack can be seriously detrimental to a business’s bottom line, costing approximately $25,000 per year.
1. Evaluate Your Online Systems
Before you can effectively protect your business from cyberthreats, you should have a complete understanding of your current ecosystem of online computer operations. You can ask: “What do we do on any machine that’s connected to the internet whatsoever?” says Andrew Lipton, vice president, head of cyber claims at AmTrust Financial Services, a small-business insurance company.Business owners should understand where their data lives and classify what types of data they store—for example, names, addresses, Social Security numbers.
Lipton suggests reaching out to a legal expert, especially if you’re handling sensitive information like Social Security or credit card numbers, to get a better understanding of the consequences of a data breach and get a professional opinion on how to protect your data.
2. Implement Cybersecurity Best Practices
Even without the firepower of larger companies, small businesses can create a defense that discourages cybercriminals from carrying out their attacks, said Najma Sultana by email. Sultana is the chief security officer at Veem, a global payments provider for small businesses.As a business owner, you can implement basic security and hygiene practices, such as:
Installing firewalls to prevent unauthorized access to your networks.
Using antivirus software and ensuring that it’s updated regularly.
Regularly backing up data and storing it offline or in another location, not just in the cloud.
Creating strong passwords and not using the same password across different accounts.
Requiring multi-factor authentication, which asks for two identifying factors, like a password and a code, to access accounts and systems.
Some of these security features may already be at your disposal. “Many of the applications and software your company already uses will have built-in security features, but they won’t necessarily be turned on by default,” said Lauren Winchester, vice president of risk and response at Corvus Insurance, by email.
You can enable these features to quickly and easily add an extra layer of security to your business.
3. Train Your Employees—And Yourself
You and your employees are often the first line of defense in protecting your business from cyberattacks. In fact, according to the 2022 Global Risks Report by the World Economic Forum, 95 percent of cybersecurity issues can be traced to human error.Receiving basic cybersecurity training can help you and your employees learn to identify common threats, such as phishing emails or suspicious downloads, as well as develop online best practices, like safe browsing and strong passwords.
And with employees working remotely or in different office locations, it’s particularly important to create and review cybersecurity policies for your business, including safety guidelines and what to do in the event of a data breach.
4. Invest in Cybersecurity Insurance
Cybersecurity insurance can help protect your business from financial losses caused by incidents such as data breaches, ransomware attacks and hacking.If, for example, your point-of-sale system is hacked and the hackers release the stored credit card information of your customers, this policy would cover the cost of notifying your customers, investigating the incident and providing credit monitoring services. It would also cover legal fees or settlements if a customer sues your business as a result of the incident.
The best cyber insurance carriers in the market today, however, are more than a backstop to financial loss, says Lipton of AmTrust Financial Services. These insurance companies will not only provide a comprehensive policy, but will also help evaluate your systems, offer advice on how to better protect your data, and connect you with additional security partners or vendors in their network.
Look for a carrier that’s volunteering to be your partner in cybersecurity strategy, Lipton says. Insurance is “a critical component of the cybersecurity strategy, but it’s just one piece.”