Homer Smith Insurance Blog

Recently we talked about Cyber Insurance and discussed some of the reasons that small businesses as well as large should be considering this type of coverage.  Today we’ll look at the practical side of managing your cyber security risk.

As a small business, you need to be particularly concerned about security.  Symantec reports that as much as 40% of attacks are against businesses with 500 or fewer employees; possibly, in part, because they represent easier targets.  About half of small businesses don’t even back up data, so a cyber break in that involved destruction of files could be devastating.  No one needs the risk to their reputation or the possible danger to customers or business partners that come with a cyber attack.

What can you do as a small business to defend yourself?  Well, you can do quite a bit actually if you follow some simple advice and invest a little in prevention.  The U.S. Chamber of Commerce has published an excellent cyber security guide for small businesses.

Hardware and Software

It is important to create an effective cyber barrier between your business and the outside world -- just as you would put a good lock on your back door.  Invest in antivirus, antispyware and firewall security programs for your business.  Keep them current through attention to regular updating.  Make sure they are installed on all computers.  Schedule updates and scans to occur on a frequent basis and monitor and fix any issues reported immediately.

Keep your WiFi network and any routers that connect to the internet secure.  Routers have passwords and there is a common administrative password for each brand or model of router.  Be sure to change this password after installing any router and always be sure to password protect access to a wireless router.

Download and install updates to your operating system software and to any key applications.  News about security vulnerabilities travels fast on the internet and if you re exposed, it does not take long for hackers to find you – studies as far back as 2005 showed a completely unprotected computer (no firewall, no virus scanner an no password protection) could be attacked within minutes of connecting to the internet.     

Keep your computing equipment and your data safe. Don’t allow unauthorized individuals to use business computers unsupervised and protect laptops from theft.  A lost laptop may be more valuable for the information on how to connect to your business than for the data on it.  Backup the data on every computer used in your business.  There are many backup options; including backing up to storage on the internet itself and most can be scheduled to run automatically.

Human Factors

Establish security policies in your business and train your employees in the basic security necessary to protect business information.  Policies should also describe how to manage and protect customer information and other vital data. If employees work from home, make sure their home systems are protected by firewalls and have adequate antivirus protection.  There are free antivirus programs for individual uses, so there should be no financial barrier.

If your business networks its computers, setup a separate account for each individual, use strong passwords (a strong password uses letters and numbers or symbols) and change passwords regularly. Encourage employees to resist sharing passwords – they will not remain secret long.

Give administrative privileges only to key personnel or IT staff and limit the authority to install software or access all data.  In principle, employees should only be given access to the specific permissions and data they need for their jobs. 

At Homer Smith Insurance, we are happy to help you find Washington business insurance that may help with a security related claim; we would just rather you didn't have to use it.