One of your employees clicked on that ridiculously suspicious link that showed up in your employees’ emails.
Malware is downloaded onto your company’s server and all of your information has been encrypted.
The employee that clicked the link receives a message demanding a ransom of $20,000 that must be paid in Bitcoin within the next 24 hours in exchange for the key to decrypt the files.
Do you pay the fee?
Will your insurance cover this?
Panic sets in. That is, unless you’re prepared to handle situations like this.
I have to admit, one of the scariest and most expensive risk exposures my clients face today is the threat of a cyber attack.
And while many believe that the cyber attacks are happening to some of the largest companies in the world, statistics tell us otherwise.
In 2016, 43% of cyber attacks targeted small businesses.
And the impact these cyber attacks have on small businesses are costly.
Impact of a Cyber Attack
Hackers, thieves and other unauthorized individuals have become adept at exploiting weaknesses in a business’ computer system, whether through traditional hacking methods or social engineering.
There’s several types of attacks that could completely cripple your ability to perform normal business activities, which include:
- Malicious code that renders your website unusable
- Distributed denial of service (DDoS) attacks that make your website inaccessible to employees and customers alike
- Viruses, worms or other code that deletes critical information on your hard drives and other hardware
It’s easy to see how any of these events may disrupt your company’s normal operations.
And unfortunately, many smaller businesses don’t have the manpower behind them to detect the problem and work on remedying the situation, which only increases the length of the interruption.
Ways to Prevent a Cyber Attack
While you can’t necessarily “prevent” a cyber attack, you can implement strategic precautionary strategies to reduce the risk of a cyber attack from happening in the first place.
Here’s a few suggestions I recommend on cyber security protocols that you can implement in your company today to help prevent the threat of a cyber attack:
- Create a formal, documented risk management plan that addresses the scope, roles, responsibilities, compliance criteria and methodology for performing cyber risk assessments.
- Train your employees on cyber security principles
- Install, use and regularly update antivirus and antispyware software on every computer used in your business
- Use a firewall for your internet connection
- Download and install software updates for your operating systems and applications
- Make backup copies of important business data and information
- Control physical access to your computers and network components
- Secure your Wi-Fi networks
- Require individual user accounts for each employee
- Limit employee access to data and information, and limit authority to install software
- Regularly change passwords
But even with the best cyber security policies and procedures in place, a hacker can still find ways to exploit weaknesses in your computer systems.
Your Role During a Cyber Attack
If you end up falling victim to a cyber attack, here’s a few action items you need to take immediately:
- Check your software to make sure all your systems are up to date
- Run a scan to make sure your system isn’t infecting or acting suspiciously
- If you find a problem, disconnect your device from the internet and perform a full system restore
- If you have an IT department, contact them immediately to investigate and clean your computer
- If you believe you may have revealed sensitive information about your company, report it to the appropriate people within your company, including network administrators.
How to Respond After a Cyber Attack
After a cyber attack, we recommend filing a report with your local police so there’s an official record of the incident. In addition, report online crime or fraud to the Internet Crime Complaint Center (IC3) or the federal government’s internet fraud resource website, and report any identity theft to the Federal Trade Commission.
Why Your Small Business Needs Cyber Liability Coverage
Most traditional business insurance policies do not cover business interruption losses due to a cyber attack.
Fortunately, a cyber liability policy can fill that void.
Should your business be unable to perform normal business operations, a cyber liability policy can help pay for expenses related to the interruption, such as:
- Lost income due to the cyber attack
- Profits that would have been earned had the cyber attack not occurred
- Operating expenses, such as utilities, that must be paid even though your business may be temporarily closed
- Rented or leased equipment
Cyber liability coverage also helps protect your company from the following events:
- Data breaches, which include costs for customer notification, some legal costs and credit monitoring for those affected
- Damages to third-party systems, if, for example, an infected email from your servers crashes the system of a customer or vendor
- Data or code loss due to a natural disaster or malicious activity. (Physical destruction is covered under a different policy.)
- Cyber extortion, including ransomware, which is malicious code installed into a computer on your network that prevents you from accessing it until a ransom is paid.
Your company, regardless of size, needs to be proactive to protect against the growing threat of a cyber attack.
Download our FREE Cyber Security Planning Guide
In addition to the tips and strategies above, download our FREE Cyber Security Planning Guide. The guide is designed to help you protect your business, information and customers from growing cyber threats.
It’s no secret that the rise of cyber risk is growing.
By understanding the risks your company faces, and implementing the actionable steps in this article to reduce the risk of a cyber attack, you’re one step ahead in protecting your company against cyber crime.
Need Cyber Liability Coverage?
I’m Pat O’Neill, a risk advisor at The O’Neill Group, and I’d be happy to help you identify the cyber risks you face, and secure for you a cyber insurance quote. Call me at (330) 334-1561, email me at firstname.lastname@example.org or click here to schedule a time on my calendar that’s convenient for you to discuss cyber insurance.
Or, request a cyber insurance quote today.
This article was adapted from Zywave. This is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice.