According to The Ponemon Institute, 55 percent of small businesses experienced at least one data breach in 2012 and 53 percent had multiple breaches. Yet, a recent study by the National Cyber Security Alliance and Symantec found that only one in 10 small business owners say they have someone responsible for online and cyber security at their business.
The Hanover Insurance Group is sharing five keys to help small business owners protect their businesses from cyber threats:
Encrypt your data – Begin with the assumption that “bad guys” are going to get in. From this position, the first priority becomes minimizing damage they can cause—and that starts with making sure that data encryption software is properly installed. Remember that cyber-thieves are experts at finding and exploiting system weaknesses. For this reason, ensure that your encryption software is tested and updated on a regular basis.
Know your personnel – Insider threat is one of the main causes of data breach incidents. The fact is, employees are often the weakest link in the security chain. For this reason, conduct background checks on all personnel—including vendors and contractors—whose work requires them to have routine access to sensitive or confidential information. Remember, too, that even the most trusted employees can cause a data breach if they misplace their laptop, USB device, or hardcopy files of sensitive or confidential information.
Understand exposures and find the right insurance coverage – Many businesses think it cannot happen to them – but Cyber-liability is a real risk for businesses. Business owners are wise to carefully review their exposures with the help of a qualified independent third party, and build an insurance program that protects their businesses from cyber threats.
Understand your insurance contracts – Regardless of what kind of coverage you purchase, the best place to begin always is talking to your independent insurance agent. Discuss your exposures and various risk scenarios and, together, decide on the policy terms and conditions that provide the most appropriate type and level of protection for your business.
Have an incident response plan developed in advance – Your company is better positioned to minimize potential damage from a data breach when you have a response plan in place. Make sure your plan identifies where and how sensitive data is stored, where and how it is backed up, and who has access to it. A robust response plan also includes a list of “first contacts” to notify, including law firms, forensic data experts, public relations firms, and credit monitoring companies. The faster you can respond, the better able you are to minimize and control potential damages.