As a business owner, you’ve probably heard a lot about cyber attacks when a large company makes headlines for a massive data breach. It’s no wonder business owners have a touch of cyber anxiety in today’s times, when so many aspects of your day-to-day work – from banking and payment processing to email and customer databases – rely on the internet. And the truth is, there’s good reason to feel that way because businesses of all sizes are at risk.
According to Forbes, 43% of cyber attacks are targeted at small businesses. And 61% of all small businesses reported at least one attempted cyber attack in the previous year!
“These days, everyone is a target for cyberattacks — including individuals and small businesses,” said Jamie Neumaier, corporate information security officer at Erie Insurance. “One reason why SMEs are often targeted is that they do not have the same technological resources as a large enterprise. Not only does this make them an easier target, but attacks on small businesses often go unnoticed by the public because they are not very published.”
But it’s not all doom and gloom. A little prevention can go a long way in protecting your business from cyber attacks. Are you ready to protect your business data? Here are six things you can do right now to prevent cyberattacks.
1. Implement a strong password policy
When it comes to cybersecurity, passwords are the first line of defense. Almost every online service requires users to log in with an ID and password. And all too often, these user-generated passwords can be laughably easy to crack.
Example: The password management company, NordPassreports that “123456” continues to rank as the top password used worldwide (with favorites like “password” and “qwerty” rounding out the top five).
“People typically choose passwords that are easy to guess and then reuse them across multiple accounts,” Neumaier said. “To reduce the risk of cyber attacks, you should choose a complex password – and be sure to use a unique password for each account.”
Here are some guidelines to keep in mind when creating a strong password, courtesy of Google:
- Make it long: Longer passwords are harder to guess, so experts recommend using a password of at least 12 characters that contains a combination of letters, numbers and symbols.
- Do not use personal information: Avoid using personal information such as your street name, birthday or children’s names. This information can be easily found through public databases or your social media profiles.
- Avoid common words: Words or patterns like “password” or “1234” should never be used in your password.
- Don’t write it down: Generating multiple strong passwords can make them difficult to remember. But avoid the temptation to write down your passwords. Instead, use an online password manager tool to securely store your information.
After creating a unique strong password for each of your company accounts, make it a company policy that all your employees do the same. This can be difficult for your employees to keep track of and one way to help is to use a password vault: a program that stores a number of passwords in a secure digital location.
2. Enable multi-factor authentication
Once you’ve chosen a strong password, the next step to improving your cyber security is to enable multi-factor authentication. And while this phrase may sound complex, the concept is quite simple.
When it comes to using technology, “authentication” is simply a way to prove that you are who you say you are. So your password, for example, is a form of authentication. When you enable multi-factor authentication (sometimes called “two-step verification”), you request that a service use more than one authentication method to verify your identity.
According to Microsoftthe most common authentication factors fall into these categories:
- Something you know. This can include passwords, security questions or a memorized PIN code.
- Something you have. An online service can send a verification code or link to your smartphone via text message or email.
- Something you are. Think fingerprint or facial recognition.
“The combination of a strong password and multi-factor authentication is one of the best ways to prevent cyber risk,” says Neumaier. “For that reason, you should enable multi-factor authentication where possible – especially when a service is linked to your financial accounts.”
3. Buy Cyber insurance
Regardless of the size of your business, protecting your financial, employee and customer data from cyber attacks should be a top priority. But while 83% of SMEs say they are not financially prepared to recover from a cyber attack, Forbes reports that 91% have not purchased cyber liability insurance.
“Every small business should consider cyber insurance as part of its plan to manage the risk of attacks,” says Neumaier. “At ERIE, our coverage not only provides the financial resources to help in the event of a data breach; we also educate companies on best practices to prevent attacks in the first place.”
With Cyber Suite from ERIE1you will be prepared to respond to a wide range of cyber incidents – including breaches of personally identifiable or sensitive information and threats that could compromise the security of that information.
This includes coverage for covered events such as data breaches, computer fraud and attacks, cyber extortion, misdirected payment fraud and telecommunications fraud. And as an added bonus, you get access to a team of cyber professionals who are experienced in handling these types of claims.
Your agent will have more information about the benefits of this important coverage, which is just one reason why having a local Erie Insurance agent is beneficial.
4. Backup your data
When you run your business, you generate a lot of information that would be difficult – or impossible – to replace. From customer files to accounting information, it is critical for businesses of all sizes to have backup data readily available.
“Whether you choose a cloud solution or a physical backup solution, the goal is to have easy access to your data so you can continue operations if your system is ever compromised,” explained Neumaier. “It’s also important to regularly test your backups to ensure you can actually restore files if needed.”
Backing up your data helps protect you from one of the biggest costs of a cyber attack – downtime. According to a study by CISCO40% of small businesses that experienced a cyberattack experienced eight hours of downtime or more.
5. Update your devices
We’re all familiar with how it can feel when your computer, smartphone, apps and programs remind you that it’s time for another update. But did you know that clicking “remind me later” makes you vulnerable to cyber attacks?
The truth is that many of these updates are actually fixes for security flaws that have been discovered within a given system and are sometimes used right then and there to attack people and their devices. For this reason, it is important to keep all your equipment up to date.
“Updating the software on all your devices is essential to protecting your business data,” says Neumaier. “So turn on automatic device updates when you have the opportunity.”
Whether it’s cyber extortion, phishing, ransomware, malware or account hacking, cybercriminals are constantly finding new ways to make money. Updating your devices means you’re protected as soon as technology companies identify and fix new vulnerabilities.
6. Use a Virtual Private Network (VPN)
When connecting to the Internet, a virtual private network (VPN) offers an extra layer of protection and security. And it’s especially important if you, or any of your employees, will be doing business remotely from a public Wi-Fi network.
Some benefits of using a VPN are that it masks your device’s IP address (this is a series of numbers that identifies your computer or smartphone) and helps keep your data “unseen” when you’re using an untrusted internet connection – like the public Wi-Fi – Fi at your favorite local coffee shop. To accomplish this, VPN software encrypts your data and routes it through secure servers located in remote locations. The result: Anonymous internet browsing that protects your device from hackers.
“Business VPN software is an excellent solution for remote workers, especially if they need to connect to sensitive information on your business network,” said Neumaier.
There are a variety of VPN services available for small businesses, many of which start at less than $20 a month.
Protect your business from cyber attacks today
You have invested a lot in building your business. At ERIE, it’s our job to help you protect it if something goes wrong.
With Cyber Suite from ERIEdo you have the coverage your business needs if it is the target of a cyber attack. 1 Talk to an ERIE agent today about the Cyber Suite and get a free quote to add it to yours economic policy.
1Cyber Suite is only available to customers with an ErieSecure Business® policy. Cyber Suite coverage and related services reinsured under a contract with Hartford Steam Boiler (Home Office: Hartford, Connecticut). © 2021 The Hartford Steam Boiler Inspection and Insurance Company (“HSB”). All rights reserved. This document is for informational purposes only and does not change or invalidate any of the terms of the policy and recommendations. For specific conditions, see the coverage form. Coverage not available in New York.