Big Budget, Little Budget: How to Prevent Cyberattacks According to Your Financial Plan

Businesses used to fear physical theft alone. In this day and age, cyberattacks are becoming an increasing problem for small, medium and large-scale businesses alike. After all, the recent Petya ransomware attack shows that victims can be large-scale international organizations, while the 2016 Internet Security Report from Symantec tells us that 43 percent of targets are actually small businesses.

Whether your company has a large, designated cybersecurity department or your SMB operates on a shoestring budget, it's important to think about how to prevent cyberattacks. Knowing that businesses of all sizes and structures are vulnerable to hacking, malware and data breach, it's easy to envision the reputational and financial damage that's at stake.

Take Advantage of Encryption
Encryption is a relatively simple safeguard against obvious cyberattacks-and it's often free! Encrypt company files, especially those containing client and employee data (like Social Security numbers, bank accounts, etc.). At the same time, make sure that company devices and accounts are set to log out after a certain amount of inactivity so that encryption kicks in.

Along with encryption, your company should use multi-factor authentication (MFA) that goes beyond a standard password. An example would be a strong password plus something you know (like a security question) or something you have (like an embedded software token). The point is your company must create \"a multi-layered mechanism that an unauthorized user would have to defeat in order to gain access.\"

Train Your Teams on Cybersecurity
Large companies may have full-time IT technicians or leadership roles in place to handle cybersecurity duties. In contrast, many SMBs cannot yet afford to designate these positions, leaving the responsibility spread across the team (or outsourced). Either way, employee training is the best way to get everyone on the same page and eliminate costly mistakes that could lead to a cyberattack. Here are a few key areas to cover during these training sessions:

− Avoiding opening suspicious pop-ups and email links/attachments that may contain malware
− Setting up spam filters to separate 'phishy' electronic messages from legitimate ones
− Protecting work devices from theft and/or unsecure use (especially if a BYOD policy is in effect)
− Avoiding unnecessary/potentially harmful downloads on work computers
− Setting and storing strong passwords complete with numbers, letters, symbols

Outsource Operations If Needed
After taking a good look at their budget, companies may conclude that they need to outsource some of their cybersecurity operations. While it's no substitute for in-house training and knowledge, certain functions (like security monitoring and testing) may prove more affordable to outsource to third-party specialists. Just make sure you keep up communication with these providers and maintain an active hand in your digital security over time.

There's no one-size-fits-all formula for how to prevent cyberattacks, but there are precautions that companies of every size and income can take. After all, hacks are often costly enough to interrupt or even bankrupt businesses outright. To learn more about cyberattack prevention and insurance, visit CyberPolicy today.

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375