Gloucester Court House, Va. — Small business owners can take a number of practical steps to protect themselves and their business, including customers, employees, finances and even their firm’s “secret sauce,” against the rising threat of cyber thieves.
That was the message Sera-Brynn Executive Vice President Heather Engel carried to small business owners recently at the Gloucester County Chamber of Commerce and Gloucester Main Street Association “Cybercecurity for Small Businesses” event at Lulu Birds Kitchen on Main Street.
Sera-Brynn is a leading cyber risk management business based in Suffolk, Va., that was ranked earlier this year No. 1 in Virginia, No. 13 in the U.S. and No. 16 in the world on the Cybersecurity Ventures’ list of 500 hottest cybersecurity firms around the globe.
Among the first questions small business owners should ask themselves in evaluating cybersecurity risk is the critical information the business has, where it is, who has access to it and what they would do in a crisis situation such as a data breach or a cyber attack. Other questions include the compliance requirements for the business and whether cyber insurance is needed to cover gaps.
Some simple protection steps that Engel touched on included not using social media on business computers, turning off autofill for logins and disabling Adobe Flash as a result of its susceptibility to being hacked.
In the event of a crisis situation such as a data breach or cyber attack, Engel said a company’s first telephone call should be to its attorney. Information shared with the attorney is protected under the attorney-client privilege and the attorney can then hire a cybersecurity firm to handle the response to the attack.
“An area that is increasingly important in cybersecurity is vendor management,” Engel said. “Vendors frequently have access to a company’s computer system, a partnership that can be exploited by cyber thieves.”. It’s critical for businesses to ask vendors what steps they take to protect systems and data. In one recent case, Engel said a local company had been hacked because they did not know they were responsible for applying their own patches to their Point of Sale systems.
When it comes to cyber insurance, Engel recommends understanding your requirements before you shop around.
Cyber insurance might cover breach response, crisis communications, lost revenue, and customer notifications, Engel said. “And watch for exclusions that may prevent you from being able to make a claim.”
Engel also highlighted how to protect yourself from cyber attacks. Among her tips were educating your kids on internet safety, using separate networks for sensitive information and non-sensitive information, and not giving out personal data. Other advice included avoiding public wi-fi that leaves you susceptible to being hacked, varying passwords and considering a credit freeze if you’ve been breached.
Social security numbers of children are particularly valuable, worth 100 times the amount of an adult because they can be used for years by criminals without drawing notice. To see if your kids’ Social Security numbers have been compromised, Engel recommended pulling a credit report on them. “They should not have one,” she said.