Risks are present in everything we do in life. This is true in our personal lives and it is even more true in the business world. All businesses face common risks like hiring and firing employees, a customer slipping on the wet floor, generating enough revenue, and even being sued for negligent work. One risk that is more present then ever is the risk of a business becoming the victim of a cyber-attack. This is because data breaches are becoming a problem for all businesses. In the past, data breaches were a nuisance for only the biggest of businesses. As years have passed, most enterprise level businesses have caught on to the risks they face in the realm of cyber security. Because of this risk, most big businesses have invested heavily in protecting their computer systems from hackers. This has forced cyber criminals to look elsewhere for access to people sensitive information. The main place they have looked is to mid and small businesses. Here are five ways to protect a small business and three types of insurance most small businesses should consider.
Two of the largest data breaches in history Target and Home Depot started by hackers first gaining access to a small business who was a vendor partner of the much bigger business. In the case of Target, the small business was an HVAC Company that serviced a few locations throughout the Pittsburgh area. In the case of Home Depot, the small business provider credit and debit card services for their self-checkout lanes at most locations.
How can Businesses Protect their Small Business from a Data Breach?
In 2019, Cyber Security is the responsibility of every employee within an organization. Training for cyber security should start the day a person is hired and it should include all employees no matter their seniority. Asking open ended questions about cyber security is a great way to start dialogue among new hires and it is a great way to learn about the attitudes of employees when it comes to cyber security. Some employees may be able to bring aspects from their previous employer’s cyber security plan and it may make the new organization stronger.
Help employees protect their work space
Most people think cyber security happens on the deep dark web. This is one area a cyber-attack can occur, but there are other simpler ways computer systems can be accessed by cyber criminals. Some businesses have been hacked simply by leaving a username and password out on a desk in plain view. In one case, a major league baseball team had a coach who was interviewed on ESPN for SportsCenter and on the dry erase board behind his desk was his username and password. Protecting each and every employee’s workstation is the first step in any effective cyber security plan.
Require long passwords
When it comes to passwords, it is important to give your employees concrete examples of what you would like them to use. Never assume an employee knows what a secure password looks like.
Here are some examples of password you can use to demonstrate strong and weak passwords.
This would be an example of a password that is extremely secure.
This would be an example of a password that is a little less secure, but much easier to remember.
JackSmall or password
These are examples of terrible passwords that should never be used.
It is equally important to require passwords to be changed periodically. When this is required, it might be a good idea to give guidance to all employees on ways to change a password in a way that is easy to remember. One way is to have a password set up and in the middle of the password include a special character like !, when it is time to reset the password you only change the special character. In most cases you can start with ! because it is found using shift and the number one on a keyboard. When it is time to reset the password the special character can be changed to @, which is accessed by pushing shift and the number two. This method can get the employee ten passwords which should get them through a few years depending upon how frequently the business requires employees to change their passwords.
It is always best to do whatever you can digitally, but in some instances there is no way around using a printed copy of some documents. Some industries will have more of these documents then others. No matter how much a business has to print of the customer’s sensitive information, it is important to shred everything when it is no longer needed. This can be done by the business or an outside company.
Purchase adequate Data Breach Insurance
No matter what industry you operate in, if you are in business long enough some type of accident is going to occur. It is not really a matter of if, but when an accident will occur. This is no different when it comes to a cyber security. Most small businesses can have data breach insurance policy bundled with their other insurance for a relatively small amount. Depending on the size of your business this can cost as little as a few hundred dollars. This amount is much smaller than the damage of a data breach when only a few hundred customer’s information is compromised.
What types of Cyber Insurance Are offered?
The three main types of Cyber Insurance are Cyber Security, Cyber Liability and Technology Errors and Omissions Insurance. The first two deal with risks relating to a Data Breach and the third deals with companies that provide technology services and products. The first two are almost always sold in tandem because the first deals with first party liability (the damage to you and your business) and the second deals with third party liability (the liability a business faces to outside third parties damaged by a data breach caused by the business).
Cyber Security Insurance
Cyber Security Insurance is also known as Data Breach Insurance or Privacy Notification and Crisis Management Expense Insurance deals with First Party Liability. This type of insurance policy is for protection of the data a business owns, such as information that pertains to the businesses customers or employees. The types things this insurance policy will cover include:
- Notifying customers their information was compromised or exposed.
- Providing credit monitoring services for anyone impacted by the breach.
- Launching a PR Campaign to restore the reputation of the company.
- Compensating the business for income that is not earned while dealing with the breach.
- Paying a cyber extortionist who holds data hostage or threatens an attack.
Cyber Liability Insurance
Cyber Liability Insurance, also termed Information Security and Privacy Insurance, covers the insured’s liability for damages resulting from a data breach. This policy deals with Third Party Liability. It provides protection for liability associated with customers’ data. There are a number of things which might trigger a claim covered by this policy that include:
- Failure to anticipate or prevent the transmission of a virus to a third party.
- The misuse, disclosure, or theft of confidential information stored on a network.
- Infringement of the right to privacy. This could involve an event in which a system you built failed to keep confidential information properly secure.
Technology Errors and Omissions
Technology Errors and Omissions (Tech E&O) Insurance is a form of Professional Liability designed specifically for businesses who offer professional advice, service, or sell technology products and services. The policy is designed to cover a business for financial loss to a customer as a result of an error or omission in the service or product supplied to the customer. For many contracts, this coverage is a requirement to enter into the contract. Losses covered by this type of policy usually include technology services, technology products, media content, and network security breaches.