Don’t Let Weak Site Security Compromise Your Business’s Cybersecurity

Setnor Byer Insurance & Risk

Small businesses spend a lot of time and money to protect their sensitive and confidential information, and rightfully so. Data breaches can lead to crippling, often insurmountable financial and reputational harm. Unfortunately, many businesses overlook the most basic security measures. Cyber criminals, for example, pose the biggest threat to data security, so most businesses focus almost exclusively on cybersecurity while paying little or no attention to physical (site) security. This can prove disastrous because sophisticated firewalls and advanced security software cannot stop someone from stealing a flash drive or paper file containing sensitive information.

According to the Federal Trade Commission, cybersecurity begins with strong physical security that effectively protects sensitive or confidential information in paper files and electronic devices (hard drives, flash drives, laptops, point-of-sale devices, etc.). The FTC offers the following tips for maintaining physical security.

  • Store paper files and electronic devices containing sensitive information in a locked cabinet or room to keep them secure.
  • Train employees to put paper files in locked file cabinets, log out of networks and applications before leaving and never leave files or devices with sensitive data unattended.
  • Limit physical access to records or devices containing sensitive data to only those who need it.
  • Keep track of documents and devices containing sensitive data so they can be handled accordingly.

To protect sensitive data stored on devices,

  • Require passwords that are long, complex and unique.
  • Require multi-factor authentication, like a password and a temporary code, to access sensitive information.
  • Limit the number of incorrect login attempts allowed to unlock devices.
  • Encrypt portable media, including laptops and thumb drives, that contain sensitive information.

Sensitive and confidential business data can be stolen online or onsite, so businesses must make physical (site) security a key component of their cybersecurity protocols. Since security measures aren’t always enough, small and medium-sized businesses should have Cyber Perils Insurance Coverage to protect against various cyber threats and liability exposures, including the cost of complying with data breach notice laws. Please contact us if you would like more information about insurance specifically designed to protect against cyber threats and data security breaches

October is National Cybersecurity Awareness Month

Cybersecurity Awareness Month was launched in 2004 to promote online safety and security. This is particularly important in 2020 because so many things took a back seat when coronavirus disease 2019 arrived. COVID-19 may dominate the headlines, but data security breaches continue to pose a serious threat to small businesses nationwide. According to the Federal Trade Commission, cyber criminals target businesses of all sizes, so all are encouraged to take advantage of Cybersecurity Awareness Month 2020.

This year’s theme, “Do Your Part. #BeCyberSmart,” is intended to empower individuals and organizations to own their role in maintaining cybersecurity. The key message in 2020 emphasizes the importance of doing your part. “If you connect it, protect it.” Small businesses can reduce the risk of a cybersecurity incident by educating employees about basic cybersecurity measures and putting them in practice. The FTC suggests various measures that every small business should have in place.

  • Update Software. This includes apps, web browsers and operating systems. Set updates to happen automatically.
  • Back Up Files. Regularly back-up important files (offline, external hard drive, in the cloud, etc.).
  • Require Strong Passwords. All devices should be password protected. A strong password is at least 12 characters that includes numbers, symbols and capital and lowercase letters. Never reuse or share passwords.
  • Encrypt Devices. Encryption protects information from unauthorized access. Any devices containing sensitive information should be encrypted. This includes laptops, tablets, smartphones, removable drives, backup tapes and cloud storage solutions.
  • Use Multi-Factor Authentication. Require multi-factor authentication to access sensitive information. This requires additional steps beyond logging in with a password, like entering a temporary code or providing additional identifying information.
  • Secure Routers and Wireless Networks. Change the default name and password, turn off remote management and log out as the administrator once the router is set up. Make sure your router offers WPA2 or WPA3 encryption, and that it’s turned on.
  • Train Employees. Create a culture of security by implementing a regular schedule of mandatory employee training. Update employees about new risks or vulnerabilities.
  • Have a Plan. A response plan should be in place before a data breach happens. It should include plans for protecting and saving data, maintaining operations and notifying customers affected by the beach.

Implementing, maintaining and updating security policies and procedures is important, but it’s not always enough. Small and medium-sized businesses should have Cyber Perils Insurance Coverage to protect against various cyber threats and liability exposures, including the cost of complying with data breach notice laws. Please contact us if you would like more information about insurance specifically designed to protect against cyber threats and data security breaches.

Cybersecurity Tips for Small Businesses

When it comes to data security breaches, things aren’t getting any better. According to Risk Based Security’s 2019 MidYear QuickView Data Breach Report, more than 3,800 data security breaches were reported in the first six months of 2019. More than 4.1 billion records were compromised. When compared to midyear 2018, the number of reported breaches is up 54%. The number of exposed records is up 52%.

Breaches involving big businesses make the headlines, but small businesses are at risk too. According to the Federal Communications Commission, every small business needs a cybersecurity strategy to protect their business, their customers and their data from constantly growing and evolving cybersecurity threats. The FCC has the following tips for small businesses.

Train Employees. Educate employees about data security. Establish basic security practices, policies and Internet use guidelines that include specific penalties for violations.

Protect Data, Devices and Networks. Using the latest security software, web browsers and operating systems can help defend against viruses, malware and other threats. Set antivirus software to run a scan after each update. Install other key software updates as soon as they are available.

Protect Mobile Devices. Mobile devices, particularly those with sensitive data or network access, can create significant security risks. Require employees to password-protect devices, encrypt data and install security apps to protect data on public networks. Implement and enforce reporting procedures for lost or stolen equipment.

Backup Sensitive Data. Require regular backups of critical data, including documents, spreadsheets, databases, financial files, human resources files and accounting files. Backup data automatically if possible, or at least weekly. Store backups offsite or in the cloud.

Secure Wi-Fi Networks. Make sure networks are secure, encrypted and hidden. Network names should not be broadcast. Routers should be password protected.

Limit Access and Authority. Employees should only have access to data needed to do their jobs. Employees should not be able to install any software without permission.

Passwords and Authentication. Require employees to use unique passwords and change passwords every three months. Consider implementing multi-factor authentication that requires additional information beyond a password to gain access.

Data security threats have become a constant concern for small businesses. Implementing, maintaining and updating security policies and procedures is important, but it’s not always enough. Small and medium-sized businesses should have Cyber Perils Insurance Coverage to protect against various cyber threats and liability exposures, including the cost of complying with data breach notice laws.

Please contact us if you would like more information about insurance specifically designed to protect against cyber threats and data security breaches.