5 Things Small Businesses Need to Know About Cyber Attacks

Small business owners take a relatively relaxed approach when considering their cybersecurity. However, this laid-back method of preventing cyber attacks can put them in a difficult situation. When asked about their cybersecurity efforts, most small businesses reported being unconcerned about a data breach, believing themselves an unlikely target for cyber criminals. Unfortunately, this casual attitude toward cyber threats is exactly what puts them at risk.

When companies don’t believe they are credible targets for cyber criminals, they are less likely to invest in cybersecurity software. Their limited defenses make them an easy target. While they may not possess as much sensitive data as a large company, even a few dozen credit cards can be a lucrative prize to a hacker.

Small Business Cybersecurity Facts

The following are some of the trending statistics regarding small businesses and cybersecurity:

  1. 84% of small business owners don’t feel at risk for a data breach
  2. 73% of small business owners don’t believe that have vulnerable customer data
  3. 73% of small businesses have some cybersecurity protocols in place; however, 64% manage their own IT
  4. 61% of cybersecurity incidents happen to small business
  5. 33% of small businesses invest in cyber liability insurance

What makes the above numbers so concerning is that even though small business owners are taking steps to protect themselves, they’re relying on their own know-how to do so. Most small business owners wear many hats during the startup phase, meaning they are the accountant, the marketing manager, the cybersecurity specialist, and more.

When spread that thin, there is no way to perform each job to the fullest. Something has to give, and, unless the owner has a background in IT, cybersecurity is not likely to be their strong suit. Compounding the problem, the majority of small businesses neglect to invest in cybersecurity insurance. Inadequate security measures combined with unacceptable exposure to risk can lead to financial crises that small businesses can’t withstand.

How to Protect Small Businesses from Hackers

Small business owners can take several steps to protect their enterprise from cyber attacks. Some recommendations include:

  • Implementing and updating security software often.
  • Only using secure point-of-sale (POS) systems
  • Providing employee training on how to recognize spam, malware, and phishing scams
  • Employing an IT expert
  • Purchasing cybersecurity insurance

While most of the above points focus on prevention, businesses have to formulate a plan for dealing with a successful cybersecurity breach. This means investing in cybersecurity insurance that suits their risk profile. The Reilly Group understands that no insurance policy is one-size-fits-all. Contact us to learn more about how we can help protect your small business.

How to Reduce the Likelihood of Hackers Cracking Employee Passwords

Cybersecurity has been making headlines due to a number of significant data breaches. Yahoo, Target, and Equifax are just some of the biggest successful hacks to gain attention. Most data breaches are the result of human or process errors. The top five causes are:

  1. Lost or stolen paperwork
  2. Posting or sending data to the wrong individual
  3. Emailing data to the wrong individual
  4. Insecure website (i.e. hacking)
  5. Lost or stolen unencrypted device

How Hackers Obtain Passwords

By now, most businesses know their employees need to use strong passwords including a mix of uppercase letters, lowercase letters, numbers, and symbols. Some even go so far as to implement a rule requiring employees to change their password every few months. However, even the strongest of passwords are vulnerable in traditional practices.

Adding a layer of difficulty to password strength is an employee’s propensity to reuse it. An employee may believe he or she has a strong password and thus reuses it with simple alterations. This is a problem if a hacker learns the basic password. The cybercriminal can brute force their way into several applications by adding 1s, !s, and other common password variations. To help employees manage their passwords, some companies are utilizing password storage software that encrypts the passwords while giving access to the employee.

Two factor or multi-factor authentication (2FA/MFA) can help cut down on hacker success since they rely on two or more separate methods of confirming an individual’s identity. The most common methods are inputting a password in combination with a code texted or emailed to a separate account. Some companies go so far as to implement biometrics (i.e. fingerprint logins) or single sign on (SSO) systems. SSO systems allow a user to login to several applications with a single login. This makes tracking unusual activity simple and allows companies to monitor accounts better.

Employee education is the best first line of defense against data breaches. Many employees are unaware that their password is weak or that their login is vulnerable. After bringing employees up to speed on modern cybersecurity, businesses need to invest in quality cybersecurity personnel and insurance. The specialists can help keep the hackers out while the insurance can help manage the aftermath should a breach occur. To learn more about protecting your business from cyber risk, contact the experts at The Reilly Company.

5 Tips to Avoid Becoming a Cyber Scam Victim

Cybersecurity experts put a lot of emphasis on creating unique, strong passwords for sensitive accounts. However, keeping your business data safe goes far beyond distinctive passwords. Even when staff members deploy seemingly unbreakable passwords, they still fall victim to cyber crimes. That is why, in addition to using impenetrable passwords, employees need to take measures to avoid becoming a victim.

Many people fall for cyber scams because they lack basic cybersecurity knowledge. By arming themselves with the following information, individuals can thwart cyber criminals.

  1. Banks and financial institutions will never call businesses and ask for an account pin or password over the phone.
  2. Much like the above, these entities will never send an email asking for passwords or instructing individuals to reset their passwords. These are phishing scams designed to learn login information and break into accounts.
  3. Banks and companies never send employees to private residences to gather credit card or bank account information. They will also never direct account holders to relocate funds to a new account for fraud prevention.
  4. Just because a caller sounds legitimate over the phone does not mean they are. The caller may know intimate details about a company or executive, but many of these private details are available on several websites. Cybercriminals will take the time to learn as much as possible about a lucrative target. Remember, if the caller starts asking for sensitive account data, they are more than likely a scammer.
  5. A solid cybersecurity insurance policy can help companies recover from a successful breach. Even with solid passwords and cybercrime prevention, hackers sometimes gain access. If this happens, businesses will need quality coverage to recoup losses and restore their reputation.

No business is safe from cyber criminals. The Reilly Company understands the pervasive cyber threats facing businesses. With our expertise, we can help your company protect itself from breaches and cyber fraud. To learn more about cyber protection for your business, contact us today.

How to Shut the Door on Cyber Liability Risk

When a cyber security breach occurs at a company, it is almost always the result of negligent behavior. However, this behavior is not always malicious or even on purpose. Often times, employees lack the necessary training and understanding of cyber security best practices. Below are several methods businesses can use to reduce their cyber liability risk.

Training and Retraining

Employees are prone to human error, but this does not mean businesses have no means to temper it. By holding onboard training and regular training for the tenure of their employment, businesses can improve their employees’ cyber security expertise. Many businesses believe onboard cyber security training is enough, but the evidence proves otherwise. Skills become rusty without use so it behooves businesses to ensure their employees retrain to retain their cyber security knowledge. This does not mean holding one annual training. It means conducting cyber drills and training on a regular basis—at least quarterly—to keep employees on the top of their cyber security game.

Establish a Baseline and Improve

Businesses often promote employees because they are good at their current job—not because they will do well in the next tier of responsibility. This results in promoting individuals to the point of incompetence, which is known as the Peter Principle. When this happens in departments dealing with cyber security or sensitive data, the potential for a cyber catastrophe skyrockets. Combating this problem can present uncomfortable challenges, but it is a crucial step to reducing cyber liability.

This does not necessarily mean demoting or replacing certain staff. Instead, businesses can schedule immediate training and certification courses to get their employees up to speed. While staff may balk at the notion, it is important to note no individual will place their trust in an unqualified professional. Just as individuals will not hire lawyers without a valid license to practice, they will not want to work with a business that employs uncertified cyber security specialists. Even if employees do not work in cyber security, it benefits a business to ensure they have all certifications relevant to their position.

Cybersecurity Insurance

Reducing the human error factor goes a long way toward eliminating cyber risks. However, with ever-increasing security technology comes bigger cyber threats and attacks. It is not always possible to prevent a breach from happening despite a business’ best efforts. That is why investing in cyber liability insurance is crucial. In the event that proactive cyber security measures fail, insurance can pick up the slack and save a business from financial ruin. The Reilly Group is committed to helping businesses assess their cyber risk and determine which policy best suits their needs. To discuss your cyber risk and coverage options, contact us today.

What Every Business Needs to Know about Cybersecurity Insurance

In the aftermath of the Equifax data breach (see our earlier post here), many businesses are scrambling to find out more about their cybersecurity insurance. Do they have enough coverage? What happens in the event of a breach? Investing in appropriate coverage is smart, but it can only mitigate some of the financial risk associated with cyber attacks. For example, there is not much cybersecurity insurance can do about the hit to a company’s reputation after a breach or the associated loss of business. Below are several other facts about cybersecurity that businesses need to know.

Businesses Cannot Insure Against All Risks

Investing in cybersecurity insurance is one way companies can manage their risk. However, there are so many cyber threats that to insure against them all would be cost prohibitive. Instead, businesses should focus on the threats most likely to affect them. They should also take a top-down approach: identify what digital assets are most important and afford them the most protection. From there, businesses can measure the remaining threats and insure accordingly.

Cyber Insurance Has Its Limitations

Like many other types of insurance policies, cyber insurance has exclusions and limitations. As mentioned above, it is not suitable for dealing with damage dealt to a business’ reputation. It is also inadequate for covering the loss of intellectual property. Business owners need to familiarize themselves with their policy’s weaknesses and invest in supplemental insurance if necessary.

The Wording of Cyber Insurance Policies Matters

Some cybersecurity insurance policies include coverage that overlaps with other standard business insurance policies. Businesses need to dig into their policies to make sure they have the coverage they need for the cyber threats most likely to happen to them. Cyber insurance policies should do more than provide financial recompense. After a cyber attack, businesses will need a legal and PR response at the least.

However, sifting through dense insurance policies can be confusing and no business wants to leave itself exposed to cyber threats. The Reilly Company can help business owners identify their specific threats as well as which cyber insurance policy would benefit them most. To learn more about protecting your business from cyber threats, contact us today.

Equifax’s Cyber Insurance Not Enough to Contend with the Breach

As news broke of one of the biggest information hacks in history, Equifax became the new face of insufficient cyber security. The breach now serves as a cautionary tale for businesses everywhere. Most cyber attacks focus on small businesses, as they are often easier to hack into due to deficient cyber security. Larger businesses are harder to penetrate as they can afford to invest in the best cyber security available.

However, as Equifax is learning the hard way, investing in cyber security does not mean businesses do not need cyber liability insurance. Equifax has several insurance policies covering cyber security, general liability, crime, and much more. However, untangling which policy will payout for the hack will take time, and the coverage is likely not going to be enough to account for the expense.

Cyber liability insurance is not the only policy plaguing Equifax. Their property and business interruption insurance is likely inadequate to compensate for the losses they are encountering and will experience in the coming weeks. They are also contending with investigations at the state and federal level as well as a potential multi billion-dollar class action lawsuit.

Understanding the Breach

Hackers were able to achieve such a massive breach by taking advantage of a U.S. website application weakness. Equifax discovered the breach in late July and immediately engaged a cyber security firm to halt the attack. However, the breach began several months prior and accessed up to 143 million individuals’ private information. Equifax also commissioned the firm to discover what data the hackers compromised and how to prevent such an attack in the future. In the meantime, Equifax created a website to allow individuals to determine if the breach included their personal information. Equifax is also offering free credit monitoring for a year.

Risk Retention

In the aftermath of the breach, many are wondering why Equifax’s cyber liability coverage is insufficient. It comes down to risk retention. It is a risk management technique where a company plans to accept certain losses. Some examples include high deductibles or not investing in insurance on purpose. However, Equifax’s situation is more complicated. What insurance policies and how much coverage they choose varies depending on availability, cost, and perceived threats. The attackers struck during a period of insufficient coverage as part of Equifax’s risk retention strategy.

Assessing and Addressing Cybersecurity Risks

Business owners need to evaluate their cyber security situation and manage any gaps in their coverage. Even if a business owner believes their coverage is sufficient, they need to reevaluate their policy from time to time. For example, many business owners believe their business liability insurance protects them in the event of a cyber attack, but this is often not the case. In addition, business owners need to adjust insurance policies as technology changes and businesses grow to ensure they have sufficient coverage.

Understanding Cyber Threats

The latest buzzword related to cybersecurity is breach, but that is not the only type of cyber threat businesses face. Below are some of the most common cyber threats business owners may encounter.

  • Data breach. Data breaches, such as the one Equifax is dealing with, happen after a security measure fails. Hackers access private data such as credit card numbers or social security numbers and use them without permission. Businesses that lose their customers’ data face high penalties, investigations, and more.
  • Hackers use this type of attack to target smaller businesses. They install malware onto a company’s devices and demand payment to remove it.
  • Third party data. This scenario applies whether your business handles a third party’s information or if your business engages a vendor to handle sensitive data. For example, if your business hires another company to safeguard sensitive data, cyber policies will still payout if hackers compromise the company.

The best way for businesses to protect themselves from cyber risks is to discuss their insurance options with an expert. The Reilly Company can help businesses assess and mitigate cyber risks as well as secure the best coverage pricing for policies. No business is impervious to cyber attacks; to learn more about protecting your company from cyber threats, contact us today.

Three Types of Insurance Business Owners May Not Know They Need

Starting a new business is an exciting prospect, but it also requires a lot of hard work. Entrepreneurs have to focus on several elements all at once such as their products, their customers, their insurance, and their bottom line. However, failing to invest in the right kind of business insurance can lead to financial ruin. While most entrepreneurs are familiar with the major forms of business insurance (i.e. general liability, property, etc.), not all businesses conform to traditional coverage needs. Below are examples of three types of business insurance coverage small business owners may not realize is vital to their continued success.

Home Business Insurance

Many individuals operating their business out of their home may assume their homeowner’s insurance covers them in the event of theft or damage related to their home business. Unfortunately, this is not the case. Some homeowner’s policies allow add-on coverage to protect some elements of a home business, but the best solution is to invest in home business insurance coverage. This type of policy covers liability, theft, loss of business equipment, and more.

Business Life Insurance

Many businesses cannot withstand the loss of their leader. This is especially true for small businesses since one individual may perform several major jobs. For example, the COO may also be the primary hiring administrator as well as head of marketing. A company would find it difficult to replace such an individual. Moreover, the time spent finding and training new employees to fill those jobs puts a financial strain on the company. If such an individual were to die without warning, the business itself could collapse. In the event of such an unfortunate incident, business life insurance helps companies stay afloat while they replace the individual.

Cyber Insurance

Almost every company does some business via the internet. While having a presence on the web is often good for business, it also represents a liability. If a business collects credit card information or personal data about its customers, it needs cyber liability insurance. Cyber liability insurance also provides coverage in the event of cyber attacks designed to disable internal networks. On average, cyber attacks cost small businesses $9000 per incident. As a result, companies who fail to invest in cyber insurance can experience financial instability or even bankruptcy.

Neglecting to invest in insurance specific to your business is an unnecessary risk. The Reilly Company can help your business identify risks unique to your industry and suggest preemptive methods to protect against them. Contact us to learn more.

Cyber Insurance Vital to Risk Management

Business owners can handle risk management in a couple of ways. They can reduce their exposure to risk as well as invest in insurance to protect their assets against risk exposure once it occurs. Reducing contact with known risks can reduce insurance rates as well. A company’s best line of defense is to mitigate risk to avoid expensive insurance claims; however, it is unrealistic to assume a claim will never happen.

Failing to invest in insurance is an ill-advised business practice and poor risk management. While many business owners do not intentionally overlook insurance, many are not aware of the coverage they need. For example, many businesses lack the proper coverage for cyber incidents. This is an issue as cyber insurance is necessary to controlling cyber threats. Technology in the workplace will continue to flourish, as will the associated risks. Businesses that collect customer data such as medical records or credit card numbers face a heightened risk of cyber attacks as they possess highly sought after and lucrative information.

Employee Negligence Limits Insurance Protection

More often than most would like to admit, employees fall for cyber tricks that result in a data breech. Some insurance policies only go into effect for unauthorized breeches. If a breech occurs due to employee negligence, the policy may not provide coverage. Smart business owners will train employees to recognize threats and risks as well as how to avoid them. Some examples include:

  • Never leaving laptops open and unattended
  • Creating strong passwords
  • Recognizing phishing email scams

Businesses need to consider all angles of exposure for effective risk management. The Reilly Company can help businesses identify the unique risks to their industry and develop a proactive strategy to defend against them. To learn more, contact us.

Understanding the Most Common Types of Cyber Attacks

There is a growing disconnect between the types of cyber threats business executives think they will encounter and the actual risks their company faces. Business owners hire consultants to install state of the art software to address relatively small problems while leaving larger issues unchecked. Below are some of the most successful types of cyber attacks most companies will encounter at some point.

Socially Engineered Trojans

This is the single most successful type of cyber attack businesses will face. Hackers will manage to gain temporary access to a trusted website. When an employee visits the site, a message will pop up and inform them they have a virus. It will prompt them to install a program to help remove the virus. It will be a fake program imitating an application the employee is familiar with and trusts, such as Adobe Reader. This executes the malware. The employee’s computer will display a warning that the program is potentially harmful. However, most programs, even safe ones, trigger this message so the employee does not pay it any mind. Thus, the hacker now has access.

Phishing Attacks

Most cybersecurity failures are the result of human error. Many individuals think that using a work computer will prevent them from being hacked. They assume the company’s existing firewall and security measures are sufficient. As a result, they drop their guard while checking their work email. Phishing scams have come a long way in recent years, so they are not as obvious as they were in the past. Companies can provide employee training to help their staff understand how to recognize this kind of threat.

Network-Traveling Worms

Individual viruses are not the major threat they used to be. Network-traveling worms, however, are still a nefarious threat. This type of worm is better at hiding itself and harder to detect. Employers should ensure all employee emails block executable files to defeat this type of cyber attack. Instituting strong password policies can help as well. Many worms run programs to try and brute force their way past logins by using common passwords (i.e. 12345, qwerty, password1, etc.).

Businesses need to make sure they are employing the right kind of cyber protection. Many of the above issues are easy to mitigate with the proper cybersecurity and preventative measures. Businesses cannot afford to lose data related to their top dollar projects. To learn more about cybersecurity, contact The Reilly Group.

Can Cybersecurity Protect Your Business Against Attacks?

In the early days of cybersecurity, IT professionals divided businesses into those that have been hacked and those that will be hacked. As technology improves and hackers hone their skills, this outlook has become bleaker. Now, IT security specialists view companies as those who know they have been hacked and those that do not.

While it is unlikely that every business in existence has experienced a data breach, the threat is real. Of the plethora of risks businesses face on a day-to-day basis, cyber incidents represent the third largest of them all. Victims are as varying as their attackers are. Large corporations, small businesses, non-profits, and even government organizations are prone to attacks. These cyber aggressors could be hacktivists for a specific social cause, individual attacks for fiscal gain, and more.

Protecting Against Cyberattacks

The situation is not as dire as many in cybersecurity make it seem. Businesses do not need to revert to non-technological forms of communication and data storage, but they do need to protect themselves. The easiest way to do that is with cybersecurity insurance. Unfortunately, many businesses neglect this type of insurance until it is too late.

The first step to managing cyber risk is acknowledging it requires attention and resources. If a business neglected cybersecurity in the past, they need to make it a priority now. This does not just mean preventing cyberattacks. Businesses also need to have a plan in place in the event of a successful breach.

Common Sense Measures

Beyond investing in cybersecurity insurance, businesses should also make sure they are engaging in best practices. Holding cybersecurity training for employees, discouraging sharing passwords, and changing passwords on a regular basis are simple measures employers can take to reduce the likelihood of a security breach. More often than not, hackers obtain their information from unsuspecting employees. If employees know the signs of a scam or suspicious email, they can take the appropriate steps to contain the threat.

Cybersecurity is a multifaceted issue that can be difficult for businesses to navigate. The Reilly Company can help your business understand what cyber protection policies are available to them as well as what type of coverage best suits their needs. To learn more, contact us.