(Editor's note: One of many proof points that small businesses are being heavily targeted by cybercriminals comes from Verizon's 2013 Data Breach Investigations Report, in which three-quarters of the cases investigated occurred at companies with 100 employees or less. In this guest essay, Tim Francis, Enterprise Cyber Lead for Travelers Bond & Financial Products, offers small business owners a few pointers.)
There is little doubt that small businesses face a growing cyberthreat – and hackers are not showing any signs of letting up. Through even more sophisticated means, hackers are finding ways to attack businesses, sometimes forming syndicates of like-minded criminals to share information and new techniques.
Knowing the most common ways data breaches can occur and learning how to mitigate those risks can go a long way in deterring cyber criminals. Here are some general guidelines to help small businesses get ahead of cybercriminals and safeguard against cyber attacks:
All employees should learn the importance of protecting the information they regularly handle to help reduce exposure to the business. This includes everything from locking up customer records to keeping passwords strong and confidential. Employees should also be taught how to handle a breach if one occurs.
Defend your network.
Use appropriate firewall and antivirus technology and make sure that security software patches are updated in a timely fashion. Evaluate the security settings on software, browser and email programs, and select system options that will meet your business needs without increasing risk.
Monitor mobile devices and Wi-Fi access.
Establish usage policies for employees and be sure they are clearly communicated. For example, employees should be instructed to use public Wi-Fi only in very limited circumstances. Any data that shouldn't be made public, such as proprietary business or customer information or credit card numbers should not be transmitted or accessed through public Wi-Fi.
Derive an emergency plan.
If a breach occurs, there should be a clear protocol for which employee is managing the situation, and what action should be taken, such as informing the insurance provider, etc. Whether it is a large or small company, this business continuity plan can help an organization manage a breach while helping to ensure that the business is still meeting customer demands.
Consider insurance coverage.
Liability protection is available for when customers or other individuals who have been affected hold a company responsible for information stolen during data breaches or other network intrusions. A cyber policy can also include coverage for a forensic investigation, litigation and remediation expenses associated with the breach. In addition, a cyber program may include coverage for regulatory defense expenses and related fines, crisis management or public relations expenses, business interruption and cyber extortion coverage.