Small Business Saturday is coming up! For many small businesses, this means increased shoppers, sales and website visits. Your to-do list is probably longer than ever as you prepare. But, does your list include securing your data and network?
Many small-business owners assume that if they don’t sell online, they don’t need to worry about cyber security. Why would hackers target a small plumbing business or sandwich shop? We’ll give you two reasons:
- Every business stores valuable personal information.
- Small businesses are easy targets since most don't think they need to worry about cyber security.
So, here are four things you can do to improve your small business's cyber security before the holidays:
1. Update Your Systems
Let's be honest, those system update reminders that pop up on your computer can be annoying and easy to ignore. But, it’s important to remember that software companies don’t ask you to update software just to annoy you. It’s often because they identified security vulnerabilities that need an immediate fix/update.
When you don’t update your software, whether it is cyber security software, malware blockers, or even a word processing program, you are leaving your business vulnerable to hackers! If you don’t have time to keep your computer systems up to date, consider hiring a contractor to maintain them for you.
2. Implement a Strong Password Policy
How often do your employees change their passwords? Annually? Never? Many data breaches start from stolen or weak passwords. One easy step your small business can take is to implement and enforce password guidelines with your staff.
Since password guidelines change, we encourage you to research password best practices or reach out to your IT support staff.
3. Educate Your Employees on Phishing Scams
Many network hacks start with some sort of phishing scam to infiltrate your network, often through your own employees.
Phishing Scams: A tactic hackers use to access your computer or network's data. Their goal is to trick you into giving them your user data or personal information using a variety of sophisticated attacks.
For example, a hacker may send you a carefully disguised email that looks like it’s from a person or company you know asking you to send them payment information. If you don’t examine the email closely enough, you will send your payment information to the hacker who can then access your account. In other situations, they may include a link within an email that directs you to a fake login screen to steal your login credentials.
These are just two examples of the many ways phishing scams can be conducted. It’s important to educate your employees on how convincing some of these hackers’ attempts can be.
To reduce the risk of your small business falling victim to phishing scams, educate your employees on how to avoid falling for one with these tips:
- Be cautious when opening or responding to communications from a name you don’t recognize. Some examples of communications may include an email, or text message. Look closely for inaccuracies in the sender’s email address or name. Talk to your IT support team about other phishing risks.
- Do not click on unrecognized links in unsolicited emails or messages. Hover your mouse over hyperlinks to closely examine the link destination before clicking. Hackers are very talented at creating URLs that look like websites you visit. Call the contact in the email from a number you have on file to verify they sent you the email.
- Think twice about responding to emails or messages that are of an urgent nature or have an immediate deadline. These emails may threaten to “Close Your Account!” or claim that “Your Account Has Been Compromised!” Legitimate businesses rarely use such an alarming tone.
- Do not share your login credentials. Legitimate companies will never ask you to send them your login or account information. They should already have your information on file in their systems.
- Alert your staff. If you receive an email with any of these suspicious elements, tell your staff. Advise them to delete any similar emails they may receive. But, don’t forward the email to them. This can spread the problem.
4. Consider Purchasing Cyber Liability Insurance
Generally, your commercial general liability policy will not cover a data breach. And, as data breaches have increased, so has their cost of businesses.
Imagine if a client's personal or financial information is stolen from your network – you may be responsible! Consider the cost of losing all the credit card numbers in your business’s database, not to mention the cost to your business’s reputation.
At Auto-Owners, we offer cyber liability insurance packages that include coverages like:
- The disclosure of private information
- Transmission of a computer virus
- Extortion payments and rewards (typically involving ransomware)
- Computer and funds-transfer fraud
The size of your business does not affect the type or amount of coverage provided by Auto-Owners. Cyber liability insurance is coverage you want to have before a data breach occurs. Your local, independent insurance agent can work with you to design a plan that fits your business’s needs and potential risks. Click below to use our Agency Locator and find an agent near you.
Disclaimer: The analysis of coverage is in general terms and is superseded in all respects by the Insuring Agreements, Endorsements, Exclusions, Terms and Conditions of the Policy. Some of the coverage mentioned in this material may not be applicable in all states or may have to be modified to conform to applicable state law. Some coverages may have been eliminated or modified since the publishing of this material. Please check with your local Independent Auto-Owners Insurance Agent for details.