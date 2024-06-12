Nearly half of U.S. small businesses have been the victim of a cyber attack. Here’s how you mitigate risk.

Small businesses are getting smarter when it comes to protecting themselves from cybercrime, but that hasn’t slowed down cybercriminals. These perpetrators are using digital tools, including AI, to wage more frequent and effective attacks. Forty-one percent of U.S. small businesses have experienced a cyber attack during the past year, according to the Hiscox Cyber Readiness Report 2023. And no business is too small to pique a cybercriminal’s interest.

Sometimes, perpetrators attack a small business to gain access to a larger one–the small business’s client or vendor. Other ramifications include devastating costs; reputational damage; compromised personal, employee, and customer data; or even the complete demise of a company. “You can lose your business if you get attacked by a threat actor who has made demands upon you or locked you out of accessing certain bits of your data or website,” says Chris Hojnowski, vice president, technology & cyber product head at Hiscox. While these are serious consequences, there are steps you can take to mitigate risk, including understanding common threats, implementing simple but effective security measures, and investing in cyber insurance to cover costs and get your business up and running quickly in the event of an attack.

Understanding small business vulnerabilities Small and midsize businesses (SMBs) often have fewer protections in place than larger companies, making them prime targets for ransomware, a malicious software designed to block access to a computer system until a sum of money is paid. Hiscox’s survey found that 53 percent of ransomware attacks on small businesses are through phishing. Phishing messages are designed to look like they are from a trusted source to trick recipients into revealing personal information. The bad guys have gotten better at making their messages convincing with the help of digital tools. “I don’t speak French, but I can now write you a perfect phishing email in French because I can use translators and generative AI to make things seem more conversational,” Hojnowski explains. Other common points of entry for attacks on small businesses are credential theft and unpatched vulnerabilities that result when businesses fail to install security updates on servers and virtual private networks (VPNs).

Forging a protection plan Small business owners should consider these steps to protect themselves from cybercrime and mitigate damage in the event of an attack: Install a firewall. Forty-three percent of small businesses don’t have a network-based firewall, according to the Cyber Readiness Report. Hojnowski urges business owners to invest in a firewall to control incoming and outgoing network traffic and keep the business secure.

Forty-three percent of small businesses don’t have a network-based firewall, according to the Cyber Readiness Report. Hojnowski urges business owners to invest in a firewall to control incoming and outgoing network traffic and keep the business secure. Back up your data. Forty-one percent of businesses surveyed lack a data backup and recovery system, as well. If your data is backed up, you won’t have to worry as much if a bad actor locks you out of a business system, as you will still have access to your data.

Forty-one percent of businesses surveyed lack a data backup and recovery system, as well. If your data is backed up, you won’t have to worry as much if a bad actor locks you out of a business system, as you will still have access to your data. Adopt multi-factor authentication and data encryption. A multi-step login process that requires users to enter more than just a password is harder to hack. Encrypting your data will serve as another line of defense should fraudsters gain access to your system.

A multi-step login process that requires users to enter more than just a password is harder to hack. Encrypting your data will serve as another line of defense should fraudsters gain access to your system. Enable automatic security patching. Automated security updates and enhancements protect software and operating systems from the latest malware.

Automated security updates and enhancements protect software and operating systems from the latest malware. Train your team. Teach yourself and your team how to spot phishing messages, create strong passwords, and stay safe online. Another important tool is insurance. Fifty-three percent of small businesses have a standalone cyber insurance policy or cyber coverage through another policy, according to the Cyber Readiness Report. But 75 percent of U.S. small businesses do not possess sufficient insurance, putting their livelihood at risk. Cyber insurance coverage can include costs associated with responding to a data breach such as informing customers, mitigating ransom demands and extortion, and data recovery. It can also cover lost business income. As a growing number of enterprises are requiring their contractors to have cyber policies, investing in cyber insurance can also help your company win new business. The biggest selling point, Hojnowski says, is that a cyber policy can include expert assistance for containing the breach and getting your business back online, fast. “If my business is either going to be completely wiped out and down forever, or if I can have data forensics come in and restore everything so I’m back up and running in 48 hours, that’s a no-brainer to me.”