One of the most valuable assets for any business is its data. Like any business, small businesses are susceptible to cyberattacks.
Safeguarding your company’s data is not just about avoiding financial loss—it’s about protecting customer and employee information, maintaining public trust, following government regulations, and keeping your business running with as little disruption as possible.
But one data breach can lead to potentially catastrophic financial penalties, ruin your company’s reputation and disrupt operations.
With small businesses often seen as an easy target for cyberattacks, it’s no wonder business owners have a touch of anxiety when it comes to understanding how to protect data—from banking and payment processing to email and customer databases. In fact, 44 percent of small businesses have experienced a cyberattack, according to computer security software company McAfee.
And, according to Forbes, 41% of small businesses don’t have systems in place for data backup and recovery.
“Everybody is a target for cyberattacks—and that includes individuals and small businesses,” said Jamie Neumaier, corporate information security officer at Erie Insurance. “One reason small- and medium-sized businesses are frequently targeted is because they don’t have the same technology as a large corporation. Not only does this make them an easier target, but attacks on small businesses often go unnoticed by the public because they aren’t heavily publicized.”
But it’s not all doom and gloom. A little bit of preparation and knowledge can go a long way in protecting your business from cyber criminals.
Ready to protect your business data? Here are seven things you can do right now to help prevent cyberattacks.
1. Implement a Strong Password Policy
Enforcing stronger passwords and policies surrounding password creation are some of the easiest efforts business owners and employees can make to secure company data.
Despite an increase in cyberattacks, NordPass, a password management company, says “123456” continues to rank as the most-used password in the world—with “admin” coming in second.
“People typically pick passwords that are easy to guess, then reuse them across multiple accounts,” Neumaier said. “To reduce the risk of cyberattacks, you should select a complex password—and be sure to use a unique password for every account.”
Common—or easily identifiable information such as birthdays, home addresses and pet names—should be avoided when creating passwords, according to the Cybersecurity & Infrastructure Security Agency (CISA), which is part of the federal Department of Homeland Security. The agency recommends the following tips for creating passwords: Make them long: Passwords should be at least 16 characters.Make them random: Use a mix of numbers, letters and symbols (if possible). Users can also create a “passphrase,” which is four to seven unrelatable words that are memorable.Make them unique: You should use a different password for every account you need to create.
2. Enable Multifactor Authentication
After you select a strong password, the next step to improving cybersecurity is enabling multi-factor authentication. And while this phrase may sound complex, the concept is quite simple.
When it comes to using technology, “authentication” is one way to prove that you are who you say you are. Your password, for example, is a form of authentication. When you enable multifactor authentication (sometimes called “two-step verification” or abbreviated as “MFA”), you’re requesting that a service uses more than one method of authentication to verify your identity.
Some of the ways you can use multi-factor authentication to further protect yourself include security questions; a personal identification number (or “PIN”); or a code that is texted to your phone, sent to your email or generated from an authenticator app.
“The combination of a strong password and multifactor authentication is one of the best ways to prevent any cyber risk,” Neumaier said. “You should enable it whenever possible—especially when a service is connected to personal or business accounts such as financial records.”
3. Buy Cyber Insurance
No matter the size of your business, keeping your financial, employee and customer data safe from cyberattacks should be a top priority. But 88 percent of small businesses owners surveyed by the federal Small Business Administration said their business is not prepared for a cyberattack.
“Every small business should consider cyber insurance as part of their plan to manage the risk of attacks,” Neumaier said. “At ERIE, our coverage not only provides the financial resources to help in the event of a data breach, but we also provide educational resources that can assist business owners on best practices they can implement to help prevent attacks from happening in the first place.”
With Cyber Suite from ERIE1, you’ll be prepared to respond to a wide range of cyber incidents—including breaches of personally identifying or sensitive information and threats that could jeopardize the safety of that information.
This includes protection for loss resulting from covered data breaches, computer attacks, cyber extortion, misdirected payment fraud and telecommunications fraud. Cyber Suite also includes third-party liability coverages for privacy incident liability, network security liability and electronic media liability. And, you’ll have access to a team of cyber professionals experienced in handling these types of claims.
A local Erie Insurance agent can explain more about the benefits of Cyber Suite and how it can help protect your business.
4. Educate Yourself and Your Employees
Human error is one of the leading causes of cyberattacks. And that means creating policies and educating yourself and your workforce is a top priority to helping to thwart cyberattacks.
ERIE’s Cyber Suite coverage includes access to a website that provides cybersecurity training to help protect you and your employees from cyber risks. The site also offers security policy templates to help you identify and document compliance with multiple regulations and it provides web app security scans to help you identify potential security weaknesses in your business.
Employees should be trained to recognize phishing scams, avoiding suspicious links and reporting any unusual activity. These educational opportunities, along with clear cybersecurity policies, can also help employees understand their role in protecting company data.
Conducting regular cybersecurity training sessions to raise awareness of potential threats and to teach safe practices can help prepare you and your employees if a threat happens.
5. Back Up Your Data
In the course of running your business, you generate a lot of information that would be difficult—or impossible—to replace. From customer files to accounting information, it’s critical for businesses of all sizes to have backup data readily available.
“Whether you choose a cloud or physical backup solution, the goal is to have easy access to your data so you can continue operations if your system is ever compromised,” Neumaier said. “It’s also important to periodically test your backups to ensure you can actually recover files, if needed.”
Backing up company data will help protect you and your business from one of the biggest costs of a cyberattack—business downtime. According to a study by Cisco, 40% of small businesses that faced a cyberattack experienced eight hours of downtime or more.
6. Update Your Devices
We’re all familiar with how it can feel when your computer, smartphone, apps and software programs are reminding you it’s time for another update. But did you know that clicking “remind me later” is leaving your company—and potentially your employees and customers—vulnerable to cyberattacks?
Many times, these updates are fixes for security vulnerabilities that have been uncovered within a given system. Sometimes, the updates are sent while a potential cyberattack is happening—meaning that if you skip that update, you could be leaving your device and the data accessible on it vulnerable to a cyberattack. That’s why it’s important to keep all of your equipment up to date.
“Updating the software on all of your devices is essential to protecting your business data,” Neumaier said. “It’s important to enable automatic device updates when that option is available.”
Whether it’s cyber extortion, phishing, ransomware, malware or account hacking, cyber criminals are always finding new ways to make money. Updating your devices means you’ll be protected as soon as tech companies identify and fix new vulnerabilities.
7. Use a Virtual Private Network (VPN)
When accessing the internet, a virtual private network (VPN) offers an added layer of protection and security. It’s especially important if you, or any of your employees, will be doing business remotely from a public Wi-Fi network.
Some benefits of using a VPN are that it masks the IP address of your device (this is a series of numbers that identifies your computer or smartphone) and helps keep your data “unseen” when using an untrusted internet connection—like the public Wi-Fi at your favorite local coffee shop. To accomplish this, VPN software encrypts your data and routes it through secure servers located in distant places.
“Business VPN software is a great solution for remote workers, especially if they need to connect to sensitive information on your business network,” Neumaier said.
Protect Your Business from Cyber Attacks Today
You’ve invested a lot into growing your business. At ERIE, it’s our job to help you protect it if something does go wrong.
With Cyber Suite from ERIE, you’ll have the coverage your business needs in the event it’s the target of a cyberattack. Talk to an ERIE agent today about Cyber Suite and get a quote for adding it to your business policy.
ERIE® insurance products and services are provided by one or more of the following insurers: Erie Insurance Exchange, Erie Insurance Company, Erie Insurance Property & Casualty Company, Flagship City Insurance Company and Erie Family Life Insurance Company (home offices: Erie, Pennsylvania) or Erie Insurance Company of New York (home office: Rochester, New York). The companies within the Erie Insurance Group are not licensed to operate in all states. Refer to the company licensure and states of operation information.
The insurance products and rates, if applicable, described in this blog are in effect as of January 2024 and may be changed at any time.
Insurance products are subject to terms, conditions and exclusions not described in this blog. The policy contains the specific details of the coverages, terms, conditions and exclusions.
The insurance products and services described in this blog are not offered in all states. ERIE life insurance and annuity products are not available in New York. ERIE Medicare supplement products are not available in the District of Columbia or New York. ERIE long term care products are not available in the District of Columbia and New York.
Eligibility will be determined at the time of application based upon applicable underwriting guidelines and rules in effect at that time.
Your ERIE agent can offer you practical guidance and answer questions you may have before you buy.