Prepare Your Small Business Against Cyberattacks

Are you prepared to defend your small business?

Knowing how to prepare your small business to defend against a cyberattack can be challenging, as cyber threats and the risk landscape are constantly evolving. There are several cyber safety best practices that small businesses can put in place to improve their cybersecurity posture.

It’s never too late. Taking these steps can help businesses avoid a devastating cyber event.

5 steps to take to help protect against cybercrime:

1. Use multifactor authentication (MFA). Multifactor authentication adds a layer of security by requiring the use of two or more authentication factors to verify the legitimacy of account access attempts. A popular form of MFA is having a code sent to a mobile device.
2. Keep systems up to date. Hackers often target vulnerabilities in outdated software and operating systems. You must keep your systems up to date with the latest security patches and software updates. This helps protect your business from known vulnerabilities.
3. Use endpoint detection and response (EDR). Small businesses should monitor their networks and systems for suspicious activity. One way to accomplish this is to implement EDR, which can help protect and monitor every asset in an enterprise network by identifying and remediating suspicious activity before the rest of the corporate network is exposed to unnecessary risk.
4. Have an incident response (IR) plan. Small businesses should have an IR plan in place, in case of a cyberattack (or any incident impacting their systems). This plan should outline the steps to take if an incident occurs. Details should include whom to contact, how to isolate affected systems and how to recover data.
5. Back up your data. Data backups are a critical part of cybersecurity. In the event of a cyberattack or data loss, having recent backups of your data can help lessen the impact on your business. It is important to back up your data to a secure location, such as a cloud-based service or an offsite server.

In addition, employees are a “human firewall” and one of the greatest potential assets to your cybersecurity program. Human error, such as clicking on a malicious link or using weak passwords, exposes your business to hacking. It is crucial to train employees on cybersecurity best practices. These include recognizing phishing attempts and having strong passwords that are unique for each account. These can be seen as basic steps but are an essential part of any business’s cybersecurity.

Take advantage of these U.S. government resources:

• U.S. Small Business Administration (SBA): Strengthen your cybersecurity. Learn about cybersecurity threats and how to protect yourself. The SBA provides resources for small businesses to help improve their cybersecurity posture. These resources include articles on best practices for cybersecurity, webinars and training courses.
• Cybersecurity and Infrastructure Security Agency (CISA): Cyber Guidance for Small Businesses. Take advantage of free cybersecurity services and tools. These include services provided by CISA, popular open-source tools and free services offered by private and public sector organizations across the cybersecurity community.
• Federal Bureau of Investigation (FBI): Internet Crime Complaint Center (IC3). IC3 allows businesses to report cybercrimes and receive help from the FBI. The FBI also has an InfraGard program, which provides information and training on cybersecurity.

Learn more about small business insurance

Many insurance carriers offer an endorsement to a business owner’s policy (BOP). Travelers CyberRisk coverage is offered as a stand-alone coverage to better tailor to your business’s needs.

Recovering from a cyberattack can be costly. Do you have cyber insurance? Contact your Travelers representative or local independent agent to review your small business insurance policy.

This material does not amend, or otherwise affect, the provisions or coverages of any insurance policy or bond issued by Travelers. It is not a representation that coverage does or does not exist for any particular claim or loss under any such policy or bond. Coverage depends on the facts and circumstances involved in the claim or loss, all applicable policy or bond provisions, and any applicable law. Availability of coverage referenced in this document can depend on underwriting qualifications and state regulations.