As a business owner, you’ve probably heard a lot about cyber attacks when a large corporation makes headline news for a massive data breach. It’s no wonder business owners have a touch of cyber anxiety in today’s times, when so many aspects of your day-to-day work—from banking and payment processing to email and customer databases—rely on the internet. And the truth is, there’s good reason to feel that way because businesses of all sizes are at risk.
According to Forbes, 43% of cyber attacks are aimed at small businesses. And 61% of all small businesses reported at least one attempted cyber attack during the previous year!
“These days, everyone is a target for cyber attacks—including individuals and small businesses,” said Jamie Neumaier, corporate information security officer at Whitbeck Insurance. “One reason small- and medium-sized businesses are frequently targeted is because they don’t have the same technology resources as a large corporation. Not only does this make them an easier target, but attacks on small businesses often go unnoticed by the public because they aren’t heavily publicized.”
However, it’s not all doom and gloom. A little bit of prevention can go a long way in protecting your business from cyber attacks. Ready to protect your business data? Here are six things you can do right now to help prevent cyber attacks.
1. Implement a Strong Password Policy
When it comes to cyber security, passwords are the first line of defense. Nearly every online service requires users to log in with an ID and password. And all too often, these user-generated passwords can be laughably easy to crack.
Case in point: The password management company, NordPass, reports that “123456” continues to rank as the top password used across the world (with favorites like “password” and “qwerty” rounding out the top five).
“People typically pick passwords that are easy to guess, then reuse them across multiple accounts,” said Neumaier. “To reduce the risk of cyber attacks, you should select a complex password – and be sure to use a unique password for every account.”
Here are a few guidelines to consider when generating a strong password, courtesy of Google:
- Make it long: Longer passwords are harder to guess, so experts recommend using a password with at least 12 characters that includes a combination of letters, numbers and symbols.
- Don’t use personal information: Avoid using personal information like your street name, birthday or children’s names. This information can be easily found through public databases or your social media profiles.
- Avoid common words: Words or patterns like “password” or “1234” should never be used in your password.
- Don’t write it down: Generating multiple strong passwords can make remembering them a challenge. But avoid the temptation to write down your passwords. Instead, use an online password manager tool to safely store your information.
After creating a unique strong password for each of your business accounts, make it a company policy that all your employees do the same. This can be tricky for your employees to keep track of and one way to help is by utilizing a password vault: a software program that keeps a number of passwords in a secure digital location.
2. Enable Multi-factor Authentication
After you select a strong password, the next step to improving cyber security is enabling multi-factor authentication. And while this phrase may sound complex, the concept is quite simple.
When it comes to using technology, “authentication” is simply a way to prove that you are who you say you are. So your password, for example, is a form of authentication. When you enable multi-factor authentication (sometimes called “two-step verification”), you’re requesting that a service uses more than one method of authentication to verify your identity.
According to Microsoft, the most common authentication factors fall into these categories:
- Something you know. This can include passwords, security questions or a memorized PIN number.
- Something you have. An online service may send a verification code or link to your smartphone using text message or email.
- Something you are. Think fingerprints or facial recognition.
“The combination of a strong password and multi-factor authentication is one of the best ways to prevent any cyber risk,” said Neumaier. “For that reason, you should enable multi-factor authentication wherever possible – especially when a service is connected to your financial accounts.”
3. Buy a Cyber Insurance Policy
No matter the size of your business, keeping your financial, employee and customer data safe from cyber attacks should be a top priority. But while 83% of small and medium-sized businesses say they’re not financially prepared to recover from a cyber attack, Forbes reports that 91% have not purchased cyber liability insurance.
“Every small business should consider cyber insurance as part of their plan to manage the risk of attacks,” said Neumaier. “At ERIE, our coverage not only provides the financial resources to help in the event of a data breach; We also educate businesses on best practices to prevent attacks in the first place.”
With Cyber Suite from ERIE1, you’ll be prepared to respond to a wide range of cyber incidents – including breaches of personally identifying or sensitive information and threats that could jeopardize the safety of that information.
This includes coverage for covered events such as data breaches, computer fraud and attacks, cyber extortion, misdirected payment fraud and telecommunications fraud. And as an added bonus, you’ll have access to a team of cyber professionals experienced in handling these types of claims.
Your agent will have more information about the benefits of this important coverage, which is just one reason why it’s beneficial to have a local Whitbeck Insurance agent.
4. Back Up Your Data
In the course of running your business, you generate a lot of information that would be difficult – or impossible – to replace. From customer files to accounting information, it’s critical for businesses of all sizes to have backup data readily available.
“Whether you choose a cloud or physical backup solution, the goal is to have ready access to your data so you can continue operations if your system is ever compromised,” Neumaier explained. “It’s also important to periodically test your backups to ensure you can actually recover files, if needed.”
Backing up your data will help protect you from one of the biggest costs of a cyber attack – business downtime. According to a study by CISCO, 40% of small businesses that faced a cyber attack experienced eight hours of downtime or more.
5. Update Your Devices
We’re all familiar with how it can feel when your computer, smartphone, apps and software programs are reminding you it’s time for another update. But did you know that clicking “remind me later” is leaving you vulnerable to cyber attacks?
The truth is, many of these updates are actually fixes for security vulnerabilities that have been uncovered within a given system and sometimes they are being used right then to attack people and their devices. For that reason, it’s important to keep all of your equipment up to date.
“Updating the software on all of your devices is essential to protecting your business data,” said Neumaier. “So enable automatic device updates whenever you have the option.”
Whether it’s cyber extortion, phishing, ransomware, malware or account hacking, cyber criminals are constantly finding new ways to make money. Updating your devices means that you’ll be protected as soon as tech companies identify and fix new vulnerabilities.
6. Use a Virtual Private Network (VPN)
When accessing the internet, a virtual private network (VPN) offers an added layer of protection and security. And it’s especially important if you, or any of your employees, will be doing business remotely from a public Wi-Fi network.
Some benefits of using a VPN are that it masks the IP address of your device (this is a series of numbers that identifies your computer or smartphone) and helps keep your data “unseen” when using an untrusted internet connection – like the public Wi-Fi at your favorite local coffee shop. To accomplish this, VPN software encrypts your data and routes it through secure servers located in distant places. The result: Anonymous internet browsing that protects your device from hackers.
“Business VPN software is a great solution for remote workers, especially if they need to connect to sensitive information on your business network,” said Neumaier.
There are a variety of different VPN services available to small businesses, many of which start at less than $20 a month.
Protect Your Business from Cyber Attacks Today
You’ve invested a lot into building your business. At ERIE, it’s our job to help you protect it if something does go wrong.
With Cyber Suite from ERIE, you’ll have the coverage your business needs in case it’s the target of a cyber attack. 1 Talk to an ERIE agent today about Cyber Suite and get a no-obligation quote for adding it to your business policy.
1Cyber Suite is only available to Customers with an ErieSecure Business® policy. Cyber Suite coverage and associated services reinsured under an arrangement with the Hartford Steam Boiler (Home Office: Hartford, Connecticut). © 2021 The Hartford Steam Boiler Inspection and Insurance Company (“HSB”). All rights reserved. This document is intended for informational purposes only and does not modify or invalidate any of the terms or conditions of the policy and endorsements. For specific terms and conditions, please refer to the coverage form. Coverage not available in New York.