cyber crime credit card fraud scams

Cyber Security for Small Businesses

Complete security is impossible in the digital age. Instead, aim to be as secure as possible and have an action plan for when things go wrong.

According to a 2016 report1, 43% of cybercrimes are targeted at small businesses, an increase of 18% in 2011. When hackers or other thieves search for digital prey, they sometimes look for easy targets with customer data, payment info, data they can hold for ransom or other valuables.

Small businesses often have lower security than larger establishments but are still likely to have these kinds of valuables stored on their systems. This might make them popular targets.

Continue reading the guide or if you are ready to get a quote:

Find the right business insurance with a qualified consultant

By submitting this form, you agree to finder.com.au privacy policy
If you are ready to speak with a consultant about different business insurance options available, simply enter your details in the form. Keep reading if you want to learn more about the different types of cover available.
FBI Lender Logos

Receive quotes from these direct insurance brands

Details Features
Edmund Cyber Insurance
Edmund Cyber Insurance
Edmund Insurance covers the modern cyber risks that traditional insurance does not.
  • Event Recovery Costs
  • Third Party Liability
  • Business Interruption Loss
  • Emergency Response Costs
Go to site More info

How much does a data breach cost?

Depending on what’s lost, the cost of data breach or loss might include:

  • The value of the data itself. If data is corrupted, becomes unusable or is held for ransom, the cost might be the ransom paid, the business lost or other value in the data itself.
  • Potential liability costs. Businesses are often required to take appropriate steps to secure confidential customer information. A failure to do so may lead to lawsuits or penalties.
  • Indemnity costs. If data theft, loss or corruption leads to an inability to carry out your contracted job, you could be liable for related indemnity costs.

It’s important to nore stolen data can’t be returned the way physical goods can. Once it’s out there, you can only assume that it’s been replicated and that anyone might have access to it. In such circumstances, you might have no choice but to take drastic and expensive steps.

As you can imagine hacking, electronic failure or other data losses can be potentially ruinous. For example, it’s estimated that in 2014 about $16 billion was stolen from consumers in the US, from identity theft alone. Much of that had to be paid back at the expense of businesses and banks.

Is 100% security possible?

There are no sure-fire ways of making sure all your systems are completely secure and will never be misused, especially if they’re connected to the internet. There is always going to be some risk. For example:

  • Your employees might make more money than you could ever pay them from selling confidential information.
  • No system that is connected to the internet is 100% secure.
  • No one is immune to mistakes, and any system that involves humans is vulnerable to social engineering and similar “hacking”.

How to protect your assets

You can improve your security by:

  • Using effective antivirus and malware filters and scanners.
  • Making sure you and your employees are all well-trained, at least with basics like avoiding suspicious emails or clicking pop ups.
  • Keeping your computer systems up to date.
  • Ensuring that confidential information is encrypted.
  • Backing up your data securely. Hardware is always subject to potential failure, and any data that is not backed up will be lost. It’s a good idea to automate backup if necessary.
  • Always remembering to protect company phones, and assess staff security for those who work remotely or connect from networks outside the field.
  • Setting up business insurance that also covers you against cyber threats

What needs to be protected?

Assets and tools to protect include:

  • Computers
  • Servers
  • Business mobiles and tablets
  • Company networks
  • Email accounts and other communications

What to do when things go wrong

One of the first questions a company asks themselves after discovering a breach is whether or not they should inform their customers.

Companies can approach a security breach on the following ways:

  • Promptly notify their customers, and take steps to maintain consumer confidence.
  • Try to cover it up, but run the risk of being discovered and penalised.
  • Cover it up without being discovered. Naturally the public would not be notified.

You may want to use third-party experts to advise you on the best practises for your situation. These might be consultants, digital security specialists, insurers or experienced in-house staff.

Can insurance cover lost or stolen data?

Yes. However, it depends on the type of breach or loss, the type of insurance and your situation. There are three main types of business insurance, each of which might cover a different situation.

  • Loss and damage business insurance. This is the type of cover that might pay for a burned building, storm damage, or the destruction of data. Some policies might exclude cover for the loss of digital or electronic data, while others might offer it as an optional extra for a specific sum insured, and some might include it automatically. It can be worth checking how a business insurance policy covers data.
  • Professional indemnity insurance. This type of cover protects your business against claims for loss or damage arising from the provision of your professional services. For example, if you collect confidential customer information that is hacked and used to commit identity theft and the customers sue you for the costs. You might find “cyber cover” excluded, offered as an optional extension or as an automatic inclusion depending on the policy.
  • Public and product liability insurance. This can cover you against unintentional loss caused to others, potentially including invasion of privacy, libel, slander, blackmail and other types of non-physical loss that may result from data theft. It’s similar, but not identical, to professional indemnity insurance. The exact cover may vary between policies, and you’ll often find exclusions for computer viruses and other “preventable” breaches.
  1. https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf

Picture: Shutterstock

Don Gribble

Don is a creative writer with extensive experience writing scripts, blogs, web content and ebooks. He enjoys writing because it allows him to know a little bit about a lot of subjects and to continue learning new things every day.

Was this content helpful to you? No  Yes

Related Posts

Ask an Expert

You are about to post a question on finder.com.au:

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • finder.com.au is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Privacy & Cookies Policy and Terms of Use, Disclaimer & Privacy Policy.
Ask a question
Go to site