Running a business is hard. There are so many risks associated with running a business, from staffing, to cash flow needs and everything in between, businesses must be prepared for a variety of situations that will arise on a daily basis. Whether a business has 10 employees or 1000 employees, one risk that cannot be ignored is the potential risk of a cyber attack. Especially in the insurance industry where client information is personal, sensitive and needs to be kept extremely confidential.
The most widely known and talked about cyber attacks typically revolve around large Fortune 500 companies, however, according to the Symantec 2016 Internet Security Threat Report (ISTR), 43% of cyber attacks targeted small businesses. And, perhaps an even more alarming statistic is that 60% of small businesses that have had a cyber-attack go out of business within six months of the attack.
As if small business owners need another thing to worry about. But this is one that cannot be put off as a wait and see approach as hackers and scammers are aware that small businesses don’t have the resources and expensive firewalls in place that larger corporations do.
Our President, Susan Daniels has had first-hand experience with risk as a recent bear encounter got her thinking about the beasts that businesses can encounter without the right precautions in place. She recently co-wrote an article, featured in the October Issue of Claims & Property Casualty 360, where she discusses the risks insurance companies face when it comes to cyber attacks and steps businesses can take to protect the private information of their policyholders.
Some of the security controls and steps that can are below:
- Patches: Verifying that all operating systems and programs are fully patched and up to date.
- Firewall with anti-virus tools: Next-generation firewalls provide the most recent security controls for current scams.
- Password management: Password management software will allow users to leverage multiple sets of login and password combinations for different programs.
- Employee Training: Regular training for employees on Internet safety and phishing scams to decrease the amount of costly internal errors.
- Incident response plan: An in-place plan can make all the difference when time is of the essence and your customer’s data is at risk.
Businesses large and small need to be proactive in how they will handle cyber attacks or data breaches. Instead of waiting until one happens, having a plan in place can dramatically decrease the time when a threat has been realized to when action has been taken. Additionally, having the above precautions in place before one happens can prevent an attack from taking place at all.
These days, there are risks in practically everything we do. From driving to work, to checking our email, or in Susan Daniel’s case, fileting fresh salmon creek side, dangers lie everywhere and one wrong move or click can mean disaster for you or your company. However, companies are not powerless against these attacks and with the proper precautions set in motion before they find themselves in the midst of an attack can mean the difference toward thriving and surviving.
To view the full article on Property Casualty 360, please visit the site here.