For the past month the agency has been dealing with a cyber attack to our partner’s at SonicWall. This forced us to pivot and find another provider to protect our network!  While we did not sustain a direct loss, the lost productivity and the time to migrate to the new system were very disruptive. I can only imagine what the cost of a direct cyber loss would be to the agency. We currently insure our cyber exposure with a cyber liability policy but our tech team continually reinforces policies and procedures to avoid a loss.  What are some of the top cyber risks facing small businesses today?

Phishing Attacks

Fraudulent emails or messages trick employees into giving away sensitive data or credentials.

• Prevention –
  • Use email filtering solutions.
  • Train employees regularly on how to spot phishing attempts.
  • Enable multi-factor authentication (MFA) on all accounts.

---

Ransomware

Malicious software encrypts your files and demands payment for the decryption key.

• Prevention –
  • Regularly back up data (offline and offsite).
  • Keep software and operating systems updated.
  • Use reputable antivirus and anti-malware software.
  • Restrict user permissions.

---

Weak Passwords

Easily guessable or reused passwords can be exploited to access business systems.

• Prevention –
  • Enforce strong password policies- 12+ characters, complexity.
  • Use a password manager.
  • Enable MFA (multi factor authentication) on all critical systems.

---

Unpatched Software & Systems

Outdated software contains known vulnerabilities that attackers can exploit.

• Prevention –
  • Schedule regular updates for all systems and software.
  • Enable automatic updates where possible.
  • Subscribe to vendor alerts for security patches

---

Business Email Compromise

Attackers impersonate executives or vendors to trick staff into sending payments or sensitive data.

• Prevention –
  • Train staff to verify payments or sensitive data requests by phone.
  • Limit who can initiate or approve financial transactions.
  • Use email authentication protocols.

 

---

Use of Personal Devices

Unsecured personal devices may access sensitive data and lack proper security.

• Prevention –
  • Implement a BYOD policy with security requirements.
  • Require device encryption and antivirus
  • Use Mobile Device Management (MDM) tools.

While this is not a complete list of loss controls to avoid a cyber loss, implementing these relatively easy items may save your company from dealing with a cyber loss. October is National Cybersecurity month so this may be the proper time to contact the Trusted Choice Insurance Agents at Richey-Barrett to discuss your Cyber Insurance needs.