Most small businesses think their company is too small to be a target for hackers - that their data just won't be valuable. In reality, data thieves are simply looking for the path of least resistance. As more and more large companies get serious about data security, small businesses are becoming increasingly attractive targets—and the results are often devastating for small business owners.
In fact, according to the Internet Security Threat Report by Symantec Corporation, small businesses are often a leading target of spear-phishing attacks.
The truth is that any business, large or small, is vulnerable to a cyber attack. Almost every business collects and stores private information, including addresses, credit card numbers, bank account information and payment history. It is your organization’s responsibility to protect this sensitive information or you could be found negligent and subject to a costly lawsuit.
The statistics are grim; the vast majority of U.S. small businesses lack a formal Internet security policy for employees, and only about half have even rudimentary cyber-security measures in place. Furthermore, only about a quarter of small business owners have had an outside party test their computer systems to ensure they are hacker-resistant, and nearly 40 percent do not have their data backed up in more than one location.
Even the smallest cyber attacks can be costly to your organization. The average cost of a breach is about $158 per stolen record and, for small and medium-sized enter-prises, a cyber security event can cost $36,000 or more. In some cases, cyber attacks have cost organizations millions.
Regardless of whether or not you outsource your IT services, the company that initially collects data and records from clients can be held responsible if a data breach occurs. This means that, even if you use third-party vendors, the legal burden of a breach will fall on you. What’s more, depending on the type of contract you have with your vendors, your legal recourse may be limited.
What are you doing to protect your data?
IT can be confusing and hard to discuss. You will need to find common ground with your IT specialists in order to have a fruitful discussion about your organization’s cyber exposures. While it is likely that your IT systems are complex, your IT professional should be able to explain your company’s risks to you in a simple, jargon-free manner. As your insurance broker, we are here to help foster discussions with your IT professionals.
Even if you don’t currently have the resources to bring in an outside expert to test your computer systems and make security recommendations, there are simple, economical steps you can take to reduce your risk of falling victim to a costly cyber attack. The following list of easily implementable security procedures was developed during a Federal Communications Commission roundtable on effective cyber-security strategies for small business owners and is a great place to start:
- Train employees in cyber-security principles.
- Install, use and regularly update antivirus and antispyware software on every computer used in your business.
- Use a firewall for your Internet connection.
- Download and install software updates for your operating systems and applications as they become available
- Make backup copies of important business data and information.
- Control physical access to your computers and network components.
- Secure your Wi-Fi networks. If you have a Wi-Fi network for your workplace make sure it is secure and hidden.
- Require individual user accounts for each employee.
- Limit employee access to data and information, and limit authority to install software.
- Regularly change passwords.
When it comes to ever-evolving cyber security threats, there is no perfect solution. Even government bodies that have the latest and greatest protections are not immune to devastating cyber attacks. When these attacks occur, you will want to have a cyber liability policy in place. This will ensure that your finances remain intact following a breach, giving you some much-needed peace of mind.
Make sure you're covered!
Unless you have a policy that explicitly references your organization’s cyber exposures, chances are you aren’t covered. While you may think your general liability policy is sufficient enough to recoup the losses caused by a cyber attack, it generally isn’t flexible enough to address new and emerging cyber perils. And with costs averaging in the hundreds of thousands of dollars per cyber security event, you’ll want a policy that can protect against anything that cyber criminals throw your way.
Armed with only information regarding your organization’s revenue and website, seasoned insurers will be able to provide an on-the-spot estimate of terms and costs. And as the market continues to stabilize, premiums will go down considerably. Regardless, the benefits of a cyber liability policy far outweigh any initial expenditures. For example, cyber liability insurance often goes above and beyond protecting your organization from a costly breach. In fact, a standard cyber liability policy often covers website media, cyber extortion, digital property, cyber crime, business interruption, privacy liability and networks. No business could ever adequately prepare for or protect themselves from a cyber threat.
Call us today to speak with a Marshall & Sterling representative about your cyber concerns.
- Cyber Crime vs. Social Engineering - Are You Covered?
- Preventing Social Engineering Attacks
- How to Spot a Phishing Email
- Employees Lack Knowledge to Prevent Cyber Incidents
- Search Engine Risks
This is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or their insurance professional for appropriate advice. © Zywave, Inc. All rights reserved.