The saying goes that an ounce of prevention is worth a pound of cure. And while a carefully crafted Cyber Liability policy can protect you from significant financial loss in the event of a cyber attack or data breach, it’s best to protect your company proactively through cyber security protocols. In fact, some insurance providers may insist that you have security measures in place before they will underwrite a policy for your business.
Every company has a different level of risk exposure based on how they use and store data, but even very small companies probably use email to communicate and have customer billing data in their systems, and they too are a risk for data loss. A shocking number of companies have some security in place but don’t enforce it or don’t bother to upgrade software.
Here is a general list of cyber security best practices that you should consider:
- Use a firewall.
- Install anti-virus software and do regular scans.
- Adopt a company-wide security policy.
- Enforce the use of password managers. Stolen or compromised passwords is a key security issue for companies.
- Educate your employees about phishing scams and suspicious websites.
- Have unique user accounts for all employees.
- Protect computers, networks, AND mobile devices.
- Invest in data backup and storage.
- Have a recovery plan in case there is a data breach.
- Limit who has the authority to install software.
- Update your software regularly.
Though it may not be in the budget for your small business, there are firms who perform security audits to test how vulnerable you are. At the very least you should do an internal assessment of how your company collects and stores data.
Once you’ve prepared your company to fend off attack, you should consider how well you can respond after a data breach occurs. Cyber Liability insurance can pay for data recovery and system restoration, loss of business income cause by a downed network, forensics investigation, customer notification, credit monitoring for those affected, regulatory fines, legal fees, and liability claims made against you by those whose data was lost.