Cybersecurity Awareness Month was launched in 2004 to promote online safety and security. This is particularly important in 2020 because so many things took a back seat when coronavirus disease 2019 arrived. COVID-19 may dominate the headlines, but data security breaches continue to pose a serious threat to small businesses nationwide. According to the Federal Trade Commission, cyber criminals target businesses of all sizes, so all are encouraged to take advantage of Cybersecurity Awareness Month 2020.
This year’s theme, “Do Your Part. #BeCyberSmart,” is intended to empower individuals and organizations to own their role in maintaining cybersecurity. The key message in 2020 emphasizes the importance of doing your part. “If you connect it, protect it.” Small businesses can reduce the risk of a cybersecurity incident by educating employees about basic cybersecurity measures and putting them in practice. The FTC suggests various measures that every small business should have in place.
- Update Software. This includes apps, web browsers and operating systems. Set updates to happen automatically.
- Back Up Files. Regularly back-up important files (offline, external hard drive, in the cloud, etc.).
- Require Strong Passwords. All devices should be password protected. A strong password is at least 12 characters that includes numbers, symbols and capital and lowercase letters. Never reuse or share passwords.
- Encrypt Devices. Encryption protects information from unauthorized access. Any devices containing sensitive information should be encrypted. This includes laptops, tablets, smartphones, removable drives, backup tapes and cloud storage solutions.
- Use Multi-Factor Authentication. Require multi-factor authentication to access sensitive information. This requires additional steps beyond logging in with a password, like entering a temporary code or providing additional identifying information.
- Secure Routers and Wireless Networks. Change the default name and password, turn off remote management and log out as the administrator once the router is set up. Make sure your router offers WPA2 or WPA3 encryption, and that it’s turned on.
- Train Employees. Create a culture of security by implementing a regular schedule of mandatory employee training. Update employees about new risks or vulnerabilities.
- Have a Plan. A response plan should be in place before a data breach happens. It should include plans for protecting and saving data, maintaining operations and notifying customers affected by the beach.
Implementing, maintaining and updating security policies and procedures is important, but it’s not always enough. Small and medium-sized businesses should have Cyber Perils Insurance Coverage to protect against various cyber threats and liability exposures, including the cost of complying with data breach notice laws. Please contact us if you would like more information about insurance specifically designed to protect against cyber threats and data security breaches.