Digital Risk Management for Business Owners

Cybercrime is a growing threat. Major cyberattacks have targeted government agencies, top law firms and financial institutions. In fact, the U.S. Justice Department recently said that cybercrime is one of the greatest threats facing our country, with enormous implications for national security, economic prosperity and public safety.

Small businesses can be particularly vulnerable because they have sensitive customer and vendor information. Credit card data, billing records, account numbers: cyber criminals want it all. Cyberattacks are also becoming more sophisticated. Ransomware, for example, can take hostage systems and data until the victim pays the criminal to regain access. Phishing emails and fake attachments also look more legitimate than they have in the past, making it easier for adversaries to get information from well-meaning employees. Sara Trokan, who manages cyber claims in North America for Chubb, has created a list of important tips to help business owners protect themselves from would-be attackers:

  • Be prepared. Before any event occurs, prepare an incident response plan that designates the people within the business who will take charge if a cyber-incident occurs. The plan should include the names of experts prepared to assess the extent of the incident and provide legal advice.
  • Train your staff. Many cyber incidents may be preventable through employee training and preventive measures, such as not opening emails or attachments from unknown sources.
  • Remain compliant. If your business accepts credit-card payments, work with your bank or payment card processor to make sure you are compliant with the Payment Card Industry Data Security Standards. If you store personal health information, be aware of the regulations under the Health Insurance Portability and Accountability Act.
  • Protect your data. Use updated antivirus software to protect against viruses, and regularly backup your data and store it offline.
  • Act immediately. Should a cyber-incident occur, execute your response plan and promptly notify authorities in the event of breaches of personal information.

Specialty insurance may also be available to help you manage the costs of recovery.