Here's a little something that big-money clients took away from the infamous Target hack a few years ago: their security is only as strong as the weakest link. After all, Target's breach of 40 million customer credit cards was made possible once hackers got a foothold in the HVAC vendor's system, which was a surprisingly easy feat.
Advisen states the cyber crooks simply sent a malware-laden email to one of the HVAC employees who had access to Target's network for electronic billing and project management. One unsuspecting click – and boom. The hackers were in.
By now, it's common knowledge that cyber saboteurs zero in on the easiest point of entry to access their targets. Unfortunately, those easy entries are usually the small businesses and independent contractors that do business with larger (and more valuable) corporations. Advisen explains big businesses may get cold feet about partnering with small entities, given that…
- Small businesses and contractors usually don't have robust IT security in place.
- It takes about 240 days to notice a breach, which is a long time for data to bleed out.
- There have already been 380 breaches in the United States this year.
- 1,000 breached records cost about $52,000 to $87,000 in losses.
That's not to say your dreams of reeling in the big fish have floated downstream. Rather, you need to demonstrate the strength of your data security to win over corporate clients. Let's recap some ways you can do that.
1. Give employees full-blown cyber security training.
Employees are and always will be easy targets for cyber attacks. To make matters worse, email phishing attacks are on the rise, and they don't look like the messages from Nigerian princes that were once so easy to spot. These emails appear to come from managers or vendors and ask employees for login credentials or other confidential information. Wily hackers! Once the goods are surrendered, they can wreak havoc and plunder with ease.
Training your employees is the key component in your cyber security defenses. You might want to:
- Teach them about malware links, phishing emails, and what a thief can glean from trashed hardcopy records.
- Give them the resources they need to access your business network safely.
- Require that they use two-factor authentication for their business email.
- Train them on the importance of changing their passwords and updating software regularly.
For more tips, read "Want to Cut Business Losses by Three-Quarters? Try Security Training."
2. Consult with an IT professional.
If a device is used to connect to the Internet (e.g., router, smartphone, or laptop), it's a data breach liability. Good thing an InfoSec consultant can help your business identify potential risks and manage them through software and best practices.
In the age of mega hacks, it's not enough to simply run the occasional antivirus program (though antivirus software and firewalls should be staples in your digital security). Valuable clients want more guarantees than those bread-and-butter security measures. An IT professional can help you figure out which software or equipment can better protect data and give big clients the assurances they expect from their vendors or partners.
3. Invest in Cyber Liability Insurance.
Another way to demonstrate your commitment to data security? Carry Cyber Liability Insurance. Few small businesses do (only about 3 percent), even though it's the only policy designed to cover the costs associated with data breach recovery. The fact that you do have a policy can help distinguish your business from competitors and prove to clients that you understand the stakes when it comes to data breaches.
In addition to helping you position your business as a security-savvy partner, Cyber Risk Insurance can help you pay for:
- Notifying customers about a breach.
- Providing credit-monitoring services to affected parties.
- Repairing your network.
- Rebuilding your reputation through good-faith advertising and other PR measures.
Some policies may even provide coverage for business interruption costs when hackers disrupt your service.
As for the price of coverage, that depends on the size of your business, the number of customers, your web presence, and the type of data you store and collect. However, you may be able to save on your Cyber Liability coverage by adding it to your Business Owner's Policy.
Put these three tips to use, highlight your efforts in your marketing materials, and go fish.