Article Reviewed by a licensed insurance professional: Sam Meenasian (CA dept of insurance license #0F75955).
Estimated reading time: 7 minutes
Key Takeaways
- Small businesses underestimate cyber threats, believing they are safe from hackers, but they are often easy targets due to insufficient security measures.
- Common cyberattacks include phishing, ransomware, and business email compromises, each requiring proper training and safeguards to prevent.
- Cyber liability insurance becomes essential for small businesses; it helps mitigate risks associated with cyberattacks and data breaches.
- Implementing best practices such as dual verification, multifactor authentication, and employee training can significantly reduce risk.
- Staying informed about cybercrime trends and working with experienced insurance agents can enhance security and increase resilience against attacks.
Most small businesses believe that they are basically exempt from the problems of cyberattacks or data breaches. They think that no hacker will ever target their company since they “aren’t getting rich” off their business.
The truth of the matter is that hackers are smart enough to know that small businesses are easy pickings. They rarely have enough security in place to protect their company and they often use unsecured Wi-Fi for important business operations.
The statistics don’t lie, either. The FBI has found that US businesses report billions of dollars worth of cybercrime losses each year. If you don’t want to be part of this statistic, you need to have the right cyber liability insurance in place and you also need to train your staff so that they will recognize the warning signs that they are being targeted.
Cyberattacks are often very simple. A phishing email, a simple unsecured Wi-Fi network, or a staff member who shares a personal email to people at work with a virus attached can bring your company to its knees. You don’t want to become the victim of cybercrime and you can avoid this fate if you are educated about the kinds of hacking events that are most common.
Phishing Attacks
Phishing is still a very successful hacking model for criminals. A simple email can give a hacker the keys to the kingdom if it is shared around your places of business.
Phishing emails often include directives that ask the recipient to click on a link for some kind of work purpose or some kind of innocuous information update. This might be a fake vendor invoice, a fake email from the HR department or even a simple email that says that you need to update your personal contact information.
The moment that someone clicks on this kind of link, the threat has begun. If the employee who interacted with the link inputs their personal information, passwords, or other work-sensitive details into the fake email thread, your business has been entirely compromised. Containing the threat is critical, which is where cyber liability coverage comes into play.
Small businesses are incredibly vulnerable to these kinds of attacks because they don’t spend enough money on protections from cyber threats and also because they tend to skip over the necessary training that keeps employees from making critical errors. Things like vendor payments and emails are common points of entry into the networks of small businesses, and if you don’t have the right cyber protections in place, you can easily suffer a significant breach.
A common misunderstanding among business owners is that antivirus software will protect a company from these kinds of attacks. Phishing can’t be captured by antivirus software in every case, and you need to be certain that you are not being too casual about this potential threat.
From an insurance company’s perspective, the moment that a phishing email has been shared or interacted with, a claim has begun.
Ransomware
Ransomware is becoming an increasingly common means by which companies are attacked. Ransomware is incredibly effective because your company’s data will be locked behind a pay wall if the attack is a success. Even large companies are unable to unlock this kind of paywall and are forced to either pay the ransom or else, restore company information from backup data.
Ransomware typically gets into the network of a business through a phishing email with a malicious attachment, unpatched software, or an RDP that is left unsecured.
It is simple enough to avoid this kind of threat with proper training, correct network security, and proper data backups that are conducted daily.
Ransomware attacks can cause companies to lose many weeks away from work while also costing them hundreds of thousands of dollars related to payment of the ransom and legal issues as a result of the attack.
Make sure that your backups are not being stored in a location that is associated with your work network. You should also be sure that you are checking that backups are being completed on a routine basis correctly. It is always a bad idea to have to pay the ransom, but you will have little choice if your backup process is not set up correctly.
Business Email Compromises
This kind of cyber threat is one of the most costly hacking schemes out there. This kind of attack happens when a fake wire transfer, a change of vendor deposit location that is not real, or a payroll direct deposit update is compromised by a phishing link. This kind of threat often goes unnoticed since hackers are getting so good at hiding their emails in plain sight.
Often, companies don’t realize that they have fallen for this kind of scheme until much later. This is a kind of loss that is reported to the FBI on a routine basis. These losses far outpace standard phishing losses in recent years, making this one of the kinds of threats that businesses absolutely must train their staff to recognize.
Many business owners think that their crime insurance protects them from this kind of threat. The problem with this assumption is that BEC might not fall into any of the categories that are linked with standard cybercrime. As this kind of attack becomes increasingly common, policy language should catch up with new forms of attack, but at this time, BEC is something that you need to be sure you are training your staff about.
Data Breaches Related to a Vendor
Vendors and other business partners can actually be the reason that you suffer a breach. Payroll companies, cloud platforms, CRMS, and even managed IT partners can all expose your business to cyberattacks. These companies typically have access to your network and also to all the essential information that your company uses to do business.
If you are working with these kinds of business partners, you need to have the right insurance protection in place. You cannot control the risks that other companies expose your business to. Even if you are very careful about working with well-established and legitimate companies, you can still suffer a breach related to these businesses.
Small businesses tend to think that the cyberattacks that other businesses suffer won’t impact them even if they are vendor or business partners with the business that has been attacked. This is not the case, and you will almost always have to accept joint responsibility with the other company.
How do I Avoid Risk?
Now you are probably wondering how you can avoid these common business risks. You don’t need to set up some kind of crazy or involved security system. You simply need to follow these best practices.
· Dual verification for payment information/changes/acceptance
· MFA on all points of entry to your network
· Backup testing on a routine basis
· Clear and well-crafted vendor contracts
· Employee awareness training
· Quality cyber liability insurance
Studies show that cybercrime is only going to get more sophisticated and attacks on small businesses are only going to increase. This means that you need to have the right cybersecurity plan in place to protect your business.
Underwriting for these kinds of claims is already tightening up in preparation for the expected uptick in claims of this nature. You need to be sure that you are taking the time to make sure that your business is safe and secure at all times. Best practices training, proper network security, and staying up to date on cybercrime news can help you to prevent this kind of attack at your place of business.
You should think about your cyber liability insurance in the same way that you think about your general liability and workers’ compensation. It is a vital and necessary part of the support structure of your business and using it properly can help you to recover if you do end up dealing with a cyber threat of any kind.
Working with a skilled and experienced insurance agent matters. The team at USA Business Insurance can help you to avoid these common pitfalls that can lead to business owners having to shut their doors for good. We treat our customers like family and we take the time to educate business owners about the various kinds of cyber threats. You can count on us to help you create a business that is thriving while also being able to sleep at night.
