Preheader

 

Get A Quote About FAQ Contact Home Page
 
Postheader

Auto Home Business Life
Home > Blog > 5 Cybersecurity Best Practices for Small Businesses
  • MAIN MENU
    • Home Page
    • Contact Us
    • Blog
    • Insurance Glossary
    • Join Our Newsletter
    • Locations
    • Refer a Friend
    • Testimonials
    • Privacy Policy
  • AUTO & HOME
    • Auto & Home Insurance
    • Home Insurance Quote
    • Auto Insurance Quote
    • Request ID Card for Auto Policy
  • BUSINESS
    • Business Insurance Home
    • Business Insurance Quote
  • POWER SPORTS
    • Power Sports Insurance Home
    • Motorcycle Insurance Quote
    • Recreational Vehicle Insurance Quote
    • Watercraft Insurance Quote
  • LIFE & HEALTH
    • Life & Health Insurance Home
    • Health Insurance Quote
    • Life Insurance Quote
  • REPORT A CLAIM
    • Claim Reporting
  • SERVICE CENTER
    • Login to MyHylant
    • Quote Forms
    • Report a Claim
    • Change My Policy
    • Pay Online
  • NEWSLETTERS
    • Hylant Select Newsletter Archive
TUESDAY, MARCH 1, 2022

5 Cybersecurity Best Practices for Small Businesses

Small business owners wear a lot of hats each day. Most probably never thought that “information technology professional” would be one of them. However, criminals are targeting businesses of all sizes, meaning that the cyber threat cannot be ignored.  

According to Cybersecurity Magazine, small and medium-sized businesses are involved in 43% of all data breaches, and 61% of small businesses surveyed reported at least one attack within the previous 12 months.

What Is at Risk?

What’s at risk if your systems are breached? Consider the possibilities:

  • Your financial information
  • Your business plans
  • Your intellectual property
  • Your social media accounts
  • Your employees’ personal information
  • Your customers’ payment information
  • Any information that you attached to an email or received as an attachment
  • Any links or passwords you shared with anyone
  • The security of cyber systems belonging to people and organizations with whom you do business
  • Your reputation

In other words, your very business is at stake.

However, every business can strengthen its defenses. Some of the following five best practices are easier than others to implement, depending on whether you have IT professionals on staff or retainer. If outside expertise is needed, services such as OneIT or  UTEC can help.

Here are five best practices to consider now.

1. Update your software regularly.

Threat actors are constantly searching for ways to exploit weaknesses in software, like the one that was found in Java’s Apache Log4 logging library late last year. Threat actors began taking advantage and installing ransomware and cryptocurrency-mining software almost immediately. 

Software companies regularly provide updates to combat these sorts of issues when discovered and to make other improvements. Watch for and install the updates for operating systems, web browsers and applications as soon as they become available.

2. Require strong passwords. Are you or any of your employees using “123456” as a password? If so, you should know that according to Nord Security, a developer of cybersecurity products, more than one million other people are also using it. It takes bad actors literally less than a second to crack weak passwords like this.

Strong passwords are one easy-to-implement defense against would-be attackers. According to the Small Business Administration, strong passwords share the following characteristics:

  • Have 10 or more characters
  • Are a combination of uppercase and lowercase letters
  • Have at least one number and one special character

Another approach that some businesses are taking is to use passphrases or sentences. Generally, the longer the passphrase is, the more difficult it becomes to crack. Sentences are also easier for end-users to remember than long strings of upper and lowercase letters and special characters.

How do you know how secure your password or phrase is? Try a tool like How Secure Is My Password.

Here are some samples:

  • Password used: 123456 – This password would be cracked instantly.
  • Password used: Sam23!Smith – It would take a computer about 400,000 years to crack this password.
  • Password used: It was a lovely summer day. – It would take a computer about 5 decillion years (that’s 33 zeroes!) to crack this password.

Of course, even the strongest password or passphrase is useless if it is written on a sticky note and stuck to a computer screen, left near a laptop or taped to a point-of-sale terminal where a bad actor can see it. Using a password manager—a software application that safely stores and manages your online credentials—could be helpful. It’s like writing all your passwords down on a piece of paper and then placing that paper in a safe. All you need to remember is how to open the safe (e.g., your password manager password).

3. Implement multifactor authentication.

If you have tried to digitally access your bank account lately, you likely received an email, text or call asking you to confirm your identity first. You might have been asked to answer a security question or to submit a special code within a few minutes of receiving the message. This additional security process is known as two-factor or multi-factor authentication, and it’s one more way to protect your small business, especially if some of your employees work remotely.

Consider implementing this technology to protect especially sensitive data on your network. Many insurance companies are now making this a mandatory protection to receive a cyber liability insurance quote or to keep existing cyber insurance coverage. Learn more about multifactor authentication here.

4. Train employees to identify and report phishing emails.

Today, one of the most common methods cybercriminals use to steal credentials or infect information technology systems is by sending “phishing” emails to unsuspecting employees. These emails look like they have been sent from a trusted individual or legitimate organization. They encourage the recipient to share sensitive information or to click a link, download a document or visit a website that then deposits malicious software onto the computer or network.

How can someone identify a phishing email? Start by asking these questions:

  • Is the sender unknown?
  • Are email addresses, domain names or URLs within the email inconsistent or incorrect?
  • Does the email contain typos and/or grammatical errors?
  • Is the email written in a way that makes you think this isn’t the writer’s native language?
  • Does the sender ask for login credentials or other sensitive information?
  • Does the email seem intimidating in any way or contain an urgent request?
  • Does the email contain a suspicious attachment?

Phishing Email Sample
+ Click Here

Employees should report suspicious emails to IT staff for validation before taking any action. If your business doesn’t have IT staff and employees receive an email, they should contact the sender via another means (e.g., phone, text) to confirm the email’s authenticity.

Services such as KnowBe4 can help staff improve their information security knowledge and practices.

5. Create a plan.

Every business, no matter how small, should have a cyber security plan. The more complex your business, the more likely you will be to benefit from hiring cybersecurity experts to plan for and address cyber threats.

The Federal Communications Commission has developed a site on which small businesses can create a free customized cybersecurity plan. Select the topics that apply to your business, such as payment cards, employees, email, data security, etc., and then let the tool generate your guide.

Besides implementing a sound cybersecurity plan for your business, obtaining a cyber liability insurance policy is another way to manage risk. Be aware that policies are becoming more difficult to obtain. Demonstrating that you have implemented an effective cybersecurity plan is a good first step. Speak with a trusted advisor to learn more about the availability, requirements and cost of a cyber liability policy.

A Final Word

This list of cybersecurity best practices isn’t exhaustive, but it does highlight some relatively simple but important actions you can take now to strengthen your business’s cyber defenses.   

Finally, it’s no secret that identity theft also has been on the rise for years. Hylant clients and associates have access to IDTheft Assist, a comprehensive, affordable credit monitoring and restoration service for individuals. A monthly subscription provides access to 24/7 response services, including a designated U.S.-based advocate who does all the work necessary so that you can get back to your normal routine. We invite you to learn more about IDTheft Assist.

The above information does not constitute advice. Always contact your insurance broker or trusted advisor for insurance-related questions.

Posted 10:37 AM

Share |


No Comments


Post a Comment
Required
Required (Not Displayed)
Required


All comments are moderated and stripped of HTML.

NOTICE: This blog and website are made available by the publisher for educational and informational purposes only. It is not be used as a substitute for competent insurance, legal, or tax advice from a licensed professional in your state. By using this blog site you understand that there is no broker client relationship between you and the blog and website publisher.
Blog Archive
  • 2022
  • 2021
  • 2020
  • 2019

  • personal insurance(10)
  • homeowners(7)
  • small business(6)
  • casualty(3)
  • winterize(2)
  • insurance(2)
  • life science(1)
  • hylant personal lines and small business(1)
  • hylantselect.com(1)
  • nick chupack(1)
  • furnace(1)
  • we can help you(1)
  • automotive(1)
  • businessowners(1)
  • mark holloway(1)
  • life insurance(1)
  • flood insurance(1)
  • retail(1)
  • wildfires(1)
  • financial wellness(1)
  • deferred annuity(1)
  • private equity(1)
  • chemical & polymers(1)
  • annuities(1)
  • higher education(1)
  • agent(1)
  • ann arbor(1)
  • real estate(1)
  • construction(1)
  • long term care(1)
  • transportation(1)
  • income annuity(1)
  • manufacturing(1)
  • healthcare(1)
  • franchise & hospitality(1)
  • retirement planning(1)
  • cyber(1)
  • planning for the future(1)
  • food/bev/ag(1)
  • ongoing revenue(1)
  • plumbing(1)
  • gutters(1)
  • michigan(1)
  • protect yourself(1)
  • public entity(1)
  • homeowners insurance(1)
  • insurance producer(1)
  • income stream(1)
  • nonprofit(1)
  • family office(1)

View Mobile Version

Home
About Us
Get a Quote
Customer Service
Newsletter
Contact Us
Auto & Home 
Power Sports
Business 
Life & Health
Hylant Headquarters
811 Madison Avenue
Toledo, OH 43604
Contact Us
Phone: 800-741-3490
Fax: 734-741-1850
Social
How Can We Help You?
or call us at
800-741-3490
Get A Quote My Policy Location Insurance Website Builder Facebook Twitter LinkedIn Facebook Twitter LinkedIn