It’s nearly impossible these days for businesses to operate without the help of Internet-connected devices, which exposes them to cybercrime. It’s the small- to medium-sized businesses, however, that are especially vulnerable: half are victims of cybercrime and nearly two-thirds of those victims go out of business.1 Hackers increasingly target small businesses because there is a low risk they will be caught and a high probability they will be successful.

Maintaining personally identifying information (PII) on a computer connected to the Internet creates a nearly unavoidable risk. More than likely, names, addresses, and employees’ employment information are stored. If PII is acquired by someone without the authority to do so, in most states that is a security breach (data breach).

Banking, credit, and vendor account information is also vulnerable. Even if that valuable information is not stored on an Internet-connected computer, employees who have access to it can be duped into handing it over to criminal actors.

Best Practices and Security Tips

1. Train Employees in Information Technology Security. Training should be offered especially to those who are responsible for accounts payable, human resources records, and wire transfers. Training for all employees should be reinforced periodically.
   
   Employees should be instructed to refrain from clicking links or attachments in e-mails, and not to pay an invoice until it’s confirmed that the sender actually sent it. Even if the e-mail appears to be from a trusted source, employees should learn to always copy and paste links or type URLs into a browser to see if the address is valid.
    
2. Funds Transfers. Put a policy in place to have an in-person or telephone conversation to confirm e-mail requests for funds or personal information. It can greatly reduce the likelihood of fraudulent transfers or information sharing.
    
3. E-mail Authentication. Phishing can be substantially reduced by verifying that the e-mail originated from the domain it is associated with. If your domain is hosted, it’s worth taking some time to look at how your e-mail is set up to ensure proper authentication schemes are used.2
    
4. Change default passwords on your router and other Internet-connected devices.
    
5. Use a trusted VPN service when using WiFi.
    
6. Back up your data regularly both to the Cloud and to a removable device.
    
7. Update firmware and software regularly.

Security professionals used to strive for perfect security, but today they accept that goal is unachievable. Instead, they strive for optimal security by combining best practices with a risk management program that considers purchasing data compromise and cyber coverage through a knowledgeable insurance provider.

Cyber ShieldSM from Federated Insurance is a two-part coverage program designed to help provide essential protection against many of the critical cyber and privacy exposures businesses face. Data Compromise Coverage and Cyber Coverage can help your company recover from intentional or accidental breaches. Visit federatedinsurance.com for more information or contact your local Federated representative.

1“The Impact of Cybercrime on Small Business,” Course 10, Tutorial 1, Quoting Dr. Jane LeClair, Chief Operating
Officer National Cybersecurity Institute. Online at
https://www.sbir.gov/sites/all/themes/sbir/dawnbreaker/img/documents/Course10-Tutorial1.pdf .

2The leading e-mail authentication protocols are SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting & Conformance); best practice is to utilize the three protocols together.