. true

More in This Category

Be Proactive: Cracking the Code for Small Business Cybersecurity

Jeff Weaver, Assistant Vice President, Management Liability Insurance 

By Jeff Weaver
Assistant Vice President, Management Liability Insurance

Due to employee negligence, a computer virus impacted a physicians’ group with professional offices in multiple counties. Forensic investigators determined that the incident did not compromise protected health information or other personally identifiable information. Unfortunately, the healthcare organization still suffered a loss of valuable data.

A payroll employee at a plastics manufacturing company received a spoofed email from a scammer purporting to be the company’s CEO. As requested by the scammer, the employee emailed them all employees’ W2s. Multiple employees have since reported that fraudulent tax returns have been filed in their name. 

Could these actual cyberattacks have been avoided? What steps can small businesses take to improve their cybersecurity?  

It’s not just about having the right cyber liability insurance policy in place – it’s about taking a holistic approach to protecting your business. Whether you’ve heard of it as ransomware, cyber extortion, social engineering, data breach, or security breach, cyberattacks are a growing threat for all businesses.  Situations like the examples above emerge daily, especially with opportunities created by the COVID-19 pandemic. And unfortunately, size doesn’t matter. 

Cyber events can put any sized organization’s operations on hold, or even worse, put them out of business entirely.  Small businesses can be attractive targets because they may lack the security budget and infrastructure of larger companies. 

According to a recent Selective survey, only 20% of small businesses carry cyber insurance coverage despite acknowledging increasing concerns about cybersecurity due to pandemic-related remote work. Purchasing a cyber liability policy is an excellent start to help small business owners sleep better at night, but it shouldn’t be the end of the journey. To protect your small business from cyber threats, consider these additional steps:  

1. Use a Multi-Faceted Approach to Cybersecurity 

Take the time to understand where vulnerabilities may exist in your operation. Through cyber risk management tools, you can attend various webinars, execute questionnaires and checklists, and better understand your organization’s data's sensitivity. Do you provide laptops or cellphones to your employees? Those are all potentially open ports for hackers to access. If you use Microsoft Office or Google Workspace, is your two-factor authentication turned on? Multifactor authentication adds another layer of security to your applications and may be considered essential to almost any business operating today. 


2. Arm Your Staff with Training & Education

If you’ve heard the phrase “the problem exists between the chair and the keyboard,” then you already know the importance of building your staff’s cyber threat knowledge and awareness. Educating your employees to identify phishing scams and other fraudulent requests and how to develop strong passwords might not sound as impactful as creating new firewalls or downloading new software, but the impact can be significant. In fact, human error causes approximately 95% of cyber breaches. Through cyber risk management portals, like the Security Mentor training available to Selective’s customers, your employees can improve their cybersecurity awareness, and in turn, better protect the valuable data and operations with which you entrust them with every day.


3. Have a Cyber Response Team in Your Back Pocket

A proactive risk management approach to cybersecurity is the best way to protect your business from cyber threats.  However, if a cyber event does arise, your insurance carrier, and the experienced personnel it brings, is critical to mitigate against further loss. Selective’s Cyber Liability Insurance and Data Breach Response Coverage provides necessary support and guidance to policyholders through access to a skilled cyber response team to help assess the incident and experienced vendors to assist in resolving the situation. It’s not always the claim's cost but rather the time associated with managing it that you can’t get back. Having the assistance of a knowledgeable team is imperative if a cyber event arises. 

Cracking the cybersecurity code involves having the right cyber crime insurance coverage, the proper preparations, and the right insurance partner. It is essential that small business owners continuously evaluate and assess their risks, while building employee awareness and education around evolving cyber threats. Cybercriminals are continually changing their approaches, requiring the rest of us to keep current our cyber risk management solutions. At Selective, we’re working towards developing new solutions that will assist our small business owners in these matters . . .  Just another way that Selective provides unique insurance solutions to small businesses. 

 

About the Author

Jeff Weaver, Assistant Vice President, Management Liability Insurance, is responsible for all Management Liability Lines including Directors & Officers Insurance, Employment Practices Liability and Fiduciary liability, as well as Cyber Liability across the company.