Preventing a cyberattack on your business

To protect a brick-and-mortar store from burglary , you almost certainly lock its doors, secure its windows, and activate the alarm when closing for the day. This mindset should be applied to safeguarding your business’s digital assets from the threat of cybercrime. Whether your business is physical, online or both, your sensitive data is still at risk .

Business cybersecurity means more than installing antivirus software and erecting firewalls. It requires constant vigilance on the part of business owners and employees at all levels. Use the following guide to l earn how to prevent cyberattacks on your business.

Start with the basics

Your business’s digital devices must have the following cybersecurity basics:

• Antivirus software, updated to the latest version
• Firewalls
• Password protection, with a built-in requirement or company policy that compels employees to change it regularly
• Two-factor authentication

This must go for both computers on workstations and for laptops and mobile devices used outside the office.

Speaking of laptops, make sure to impress upon employees not to leave company equipment in public areas. Leaving a work laptop unattended creates too many security risks. Someone could take it, or crack the password, or insert a virus-laden drive into the USB slot.

Set up a VPN

Basic business cybersecurity must also extend to the virtual office. In recent years, work-from-home set-ups have become normalized across many industries. This makes setting up a virtual private network (VPN) a must for most businesses. VPNs link devices to the VPN provider’s remote server, which offers a significant degree of privacy. Your business can use one to enable secure remote access to corporate accounts and data, even outside the office network.

Create network access policies

Determining who can connect to your business’s wifi or respond to emails on behalf of the business should not be left up to chance. Requiring user accounts, given to employees, may help greatly in keeping out unauthorized individuals.

Be careful about deauthorized individuals as well. If an employee leaves your business, they should not be able to sign into the network with an old password six months later. Policies should be in place that track who has access and when that access should change.

Beware low-tech methods

While cybercriminals can find hacking tools for free online, they’re not above using simpler methods. A common tactic that hackers use is to conduct research on social media and identify a new employee. They then call that person posing as a vendor or information technology employee, tricking them into providing sensitive information.

To prevent this, alert employees to the threat of cyberattacks. Instruct them to refrain from sharing sensitive information via phone unless they can verify the caller’s authenticity. Take care that physical documents with sensitive information are destroyed or rendered illegible.

Reset devices before disposal

One person’s trash may be another person’s treasure, and it may be the former’s ruin. When businesses dispose of obsolete computers or faulty mobile devices, they must properly reset this equipment first. Even if they’re not working well anymore, they may still contain valuable information. With a little dumpster diving, unauthorized individuals may be able to access sensitive data.

Clearing out old equipment is inevitable, but experiencing breaches from hackers who recover that equipment is preventable. Enforce policies for resetting and blanking out any equipment that once connected to the network. Consider recycling the newly emptied equipment as well, both to disappoint dumpster divers and reduce your ecological impact. Leave behind nothing that you would not want someone else to pick up.

Limit downloads

A common trick is for hackers to leave a USB drive loaded with “worms” on a desk. If plugged in, these self-replicating viruses may spread unaided through the network and infiltrate the company. Instruct employees to refrain from using devices such as portable drives if they don’t know where they came from.

Less dramatically but no less dangerously, navigating the internet may also leave employees prone to viruses and malware. Security software can screen downloaded software or files from web browsers.

Implement a phish warning system

Phishing is the use of fraudulent emails or other virtual communications to solicit personal information. It’s one of the more common methods that hackers use, and it’s evolved over time. One notable threat emerging in recent years is called spear phishing. The hacker researches your company and includes terms or names in the e-mail that are relevant to your company.

A phish warning system can help employees combat this threat. This gives them a button on their email platform for quick reporting of suspicious messages. Your security department can even test employees by sending their own harmless emails. It’s a harmless way to educate on how to identify potential phishing attempts.

Communicate new threats

Cybersecurity is too significant to only discuss once. Forgetful employees are vulnerabilities that outside threats may exploit. Moreover, the methods they use are ever evolving. What worked several years ago may be obsolete now. It may help to view cybersecurity as part of the ongoing business strategy, rather than something tangential.

Regular cybersecurity training can keep employees aware and alert, helping to avoid catastrophe. It may reinforce existing knowledge and offer fresh information on new methods or trends. Communication can be as exhaustive as a seminar or as simple as an email. Anything you can provide, from in-house educational modules to outside resources, is better than nothing.

Protect your business with commercial cyberattack insurance

Learning how to prevent cyberattacks on your business should be a top priority. So should preparing for and responding to a successful one.

American Family Insurance partners with Cyberscout to provide commercial cyber tools for your business. This may protect customers after they experience extortion threats, data breaches and other threats. They also offer cybersecurity resources and services such as ransomware consultation and crisis management, among others. Ask an insurance agent about how we can help to protect your business.

This article is for informational purposes only and based on information that is widely available. We do not make any guarantees or promise any results based on this information.

This information represents only a brief description of coverages, is not part of your policy, and is not a promise or guarantee of coverage. If there is any conflict between this information and your policy, the provisions of the policy will prevail. Insurance policy terms and conditions may apply. Exclusions may apply to policies, endorsements, or riders. Coverage may vary by state and may be subject to change. Some products are not available in every state. Please read your policy and contact your agent for assistance.