Small Businesses Aren’t Immune to Cybercrime

The ability to handle business transactions via the internet has opened countless doors for owners of small to medium-sized businesses — even those who don’t have a single door for customers to walk through! Yesterday’s brick-and-mortar stores are today’s digital marketplaces, and consumer demand for online commerce is only bolstering the shift.

In fact, according to Big Commerce:

• More than half of Americans favor online shopping.
• Nearly every American with internet access has made a transaction online in his or her lifetime.
• Americans spend two and a half hours or more shopping online every week.

But with the speed, convenience, and sales volume eCommerce awards both consumers and business owners comes a serious risk: a cybersecurity breach. And business owners without brick-and-mortar locations likely allow customers to pay with credit cards, which means hackers could steal customers’ credit card data if business owners don’t properly secure their eCommerce sites. In fact, cybersecurity crimes have become such a common threat that cyber liability insurance premiums could grow to $20 billion or more by 2025.

But cybersecurity is only a concern for big businesses with millions of records to hack, right? We’ve read about the big ones: Target, Equifax, Home Depot, Yahoo, eBay. Unfortunately, every business — no matter the size — is susceptible to cyberattacks. They happen every day, and no business is immune. However, business owners can take measures to lessen their data breach risks, and cyber liability insurance is an extra layer that can protect them if they do fall victim to cyber events.

Protect your small business from cyberthreats

Many large businesses have entire teams solely dedicated to preventing cybercrime, but owners of smaller businesses likely don’t have the human power or budgets to do the same. Exercising vigilance in a few key areas can help small business owners defend themselves against negative cyber events.

• Update software and operating systems on all business devices. Every employee should run the most current version of antivirus software, use the latest browsers, and operate on the latest operating system on his or her shared devices — whether it’s a laptop, tablet, or phone. Set each device so it checks for and installs updates overnight rather than during business hours.
• If you accept credit cards at your business, make sure you’re using a chip-enabled card reader. A business owner operating without Europay, MasterCard, and Visa (EMV) technology is risking his or her own financial security and customers’ data security. By law since October 2015, business owners who don’t use EMV technology can be held liable for fraudulent credit card activity.
• For online or phone transactions, always require customers to supply their CVV codes— the three-digit codes on the backs of credit cards — and use an Address Verification Service to verify the authenticity of customers’ billing addresses.
• Implement regular cyber safety training. Establish companywide policies and systems to keep devices updated and ensure every employee knows and understands cybersecurity best practices. Review policies and practices regularly, and make them part of the new-employee onboarding process.
• Create strong passwords for all company devices. If possible, require employees to set up two-factor authentication on every device. This two-step sign-in process requires users to access alternate devices or codes to complete their login processes. This extra step greatly enhances account security.
• Be wary of Wi-Fi. Make sure the Wi-Fi in your business is secure and only available to employees. If you offer Wi-Fi access to customers, create a second Wi-Fi network with open access for guests. Also, if your employees travel or work remotely, discourage them from using public hotspots or open Wi-Fi connections.

Add cyber insurance — just in case

Even the most cyber-diligent business owners can fall victim to attacks and data breaches, which is why cyber liability insurance is a smart option for every business owner who engages in eCommerce or accepts payments via credit card. So, what exactly does cyber liability insurance cover? Depending on the policy, it can cover

• the cost of business interruptions and lost revenue if a business owner must temporarily shut his or her website down post-breach,
• the price of notifying customers of a breach,
• the expense of a public relations team to repair damage to the company reputation because of a cyberattack, and
• the regulatory fines a business owner could incur because of a data breach.

Such losses typically aren’t covered in general business insurance policies. Adding cyber liability insurance to your general business policy makes good business sense. It could literally be the difference between “business no more” and “business as usual” if cyber attackers infiltrate your network. Be sure your policy covers laptops and mobile devices as well to protect you and your business in as many situations as possible.