4 Ways to Protect Your Small Business From Cyberattacks

Since the beginning of the COVID-19 pandemic, small businesses have quickly adopted remote working and transitioned to new technologies, such as contactless payments and online ordering. Unfortunately, these adjustments have come with increased risks. According to a 2022 report from Barracuda, a cloud and networks security company, small businesses with fewer than 100 employees receive 350 percent more social engineering attacks—like phishing, scamming, or email compromise—than larger businesses.

Compared with larger companies, many small businesses have fewer resources to dedicate to cybersecurity, leaving them vulnerable to the ever-evolving tactics of cybercriminals. And dealing with the consequences of a cyberattack can be seriously detrimental to a business’s bottom line, costing approximately $25,000 per year.

Business owners should understand where their data lives and classify what types of data they store—for example, names, addresses, Social Security numbers.

Lipton suggests reaching out to a legal expert, especially if you’re handling sensitive information like Social Security or credit card numbers, to get a better understanding of the consequences of a data breach and get a professional opinion on how to protect your data.

As a business owner, you can implement basic security and hygiene practices, such as:

Installing firewalls to prevent unauthorized access to your networks.

Using antivirus software and ensuring that it’s updated regularly.

Regularly backing up data and storing it offline or in another location, not just in the cloud.

Creating strong passwords and not using the same password across different accounts.

Requiring multi-factor authentication, which asks for two identifying factors, like a password and a code, to access accounts and systems.

Some of these security features may already be at your disposal. “Many of the applications and software your company already uses will have built-in security features, but they won’t necessarily be turned on by default,” said Lauren Winchester, vice president of risk and response at Corvus Insurance, by email.

You can enable these features to quickly and easily add an extra layer of security to your business.

Receiving basic cybersecurity training can help you and your employees learn to identify common threats, such as phishing emails or suspicious downloads, as well as develop online best practices, like safe browsing and strong passwords.

And with employees working remotely or in different office locations, it’s particularly important to create and review cybersecurity policies for your business, including safety guidelines and what to do in the event of a data breach.

If, for example, your point-of-sale system is hacked and the hackers release the stored credit card information of your customers, this policy would cover the cost of notifying your customers, investigating the incident and providing credit monitoring services. It would also cover legal fees or settlements if a customer sues your business as a result of the incident.

The best cyber insurance carriers in the market today, however, are more than a backstop to financial loss, says Lipton of AmTrust Financial Services. These insurance companies will not only provide a comprehensive policy, but will also help evaluate your systems, offer advice on how to better protect your data, and connect you with additional security partners or vendors in their network.

Look for a carrier that’s volunteering to be your partner in cybersecurity strategy, Lipton says. Insurance is “a critical component of the cybersecurity strategy, but it’s just one piece.”