Cyber Liabilities Loom Large for Small Businesses

Each year new technologies, and improvements on old ones, come along to make our jobs easier.  That adds to productivity for businesses small and large. Today it is easier than ever to store and retrieve personal financial information, but protecting that information poses increasing challenges.  Security in cyberspace is something everyone needs to be concerned about.

“Statistically speaking, just about everyone is going to get hacked at some point,” says John Lucas, business intelligence director at IIAT. “People hack for fun, they do it for profit or they do it just to be disruptive. There is also a large underground market for personal financial information.”

News headlines feature the large corporations that have experienced data loss. However, the risk to small businesses can even be greater. With small businesses, the need for protection against cyber threats may be more easily overlooked. Small firms generally have fewer resources available to monitor and combat cyber threats, making them easy targets for expert criminals. Additionally, the legal requirements for storage and management of data may not be known and experts say small firms can have a false sense of security and believe they are immune to cyber-attacks.

“Even a small agency may have records for 500 people,” Lucas explains. “A breach will make your customers very unhappy. It’s a trust issue.”

A cyber security breach can also be costly. In addition to the disappointment of customers, a breach could essentially shut down a business for a day, a week or longer. There may also be legal liabilities. A business can be held liable if certain data is compromised, not only by hacking but even if a smartphone is lost or a laptop computer is stolen.

“A hacker could bring your business to a halt,” Lucas says. “There could be no way access to email or records.”

One way hackers succeed is through insufficient passwords. Lucas says the best defense is increasing the number of layers it takes to crack passwords.

Using different passwords for every account can be a pain, but it can also prevent a successful hacker from getting into every account. Make sure passwords are long enough. Microsoft suggests a minimum of eight characters. Make them as random as possible, and use numbers, letters, and symbols. Do not use a password based on personal information such as a birthday, and never use words like password or administrator.

Carnegie Mellon School of Computer Science suggests making passwords from a sentence that’s easily remembered such as “I like to eat Dave & Andy’s ice cream.” Then take the first letter of every word in the sentence, include the punctuation so the password becomes IlteD&A’ic.

Keeping backups of data is also important. Automatic backups on cloud servers are one way.

Even with adequate prevention, sometimes hackers succeed, damage and even destroy businesses. Cyber security risk insurance provides added layers of protection.

Some standard business insurance policies, such as a Business Owners Policy, may provide coverage for certain types of cyber incidents such as recovery or replacement costs from a computer virus. Coverage for a fuller range of cyber liability risks is available with a customized stand-alone cyber liability policy which may cover loss or corruption of data, business interruption, identity theft, cyber extortion, and reputation recovery.

“The amount of coverage you need depends on the value of your transactions,” Lucas says, emphasizing that even with insurance prevention is crucial.

“No amount of insurance can totally repair a damaged business relationship,” he says.

For a complete analysis of cyber liability risks and available coverage for your business, call April Moeser at LevelFirst 512-279-4720.