Cyber crime has become widespread in the business world, and although larger companies have more loot for the bad guys to steal, small businesses are regularly targeted too.

In fact, smaller firms are more vulnerable to cyber attacks in some ways.  Small business owners overwhelmingly believe that they are of low priority for cyber criminals – 85% in one survey said a large company was more likely to be hacked.  But this attitude can lead to complacency and a false sense of security, because hackers do target small businesses quite frequently.

Furthermore, small businesses are often unsophisticated in their approach toward network security, a fact not lost on the cyber thieves.  For instance, many small operations have a nominal IT budget and no IT director.  So they possess no expertise in dealing with cyber threats.

Adding to these challenges, small businesses are less prepared to react when they fall victim to a data breach and the problems that follow, including lawsuits, notification costs, regulatory penalties, and other fallout.

Put a plan in writing

One of the first things a small business needs to do to minimize cyber risk is develop written policies and procedures on how to deal with various network security issues.  Any potential gateway for hackers should be addressed, including email, web browsers, and mobile devices.  The FCC Small Biz Cyber Planner is an excellent resource to get this process going.

Educate and train employees

Once a plan is in place, small business owners must insist that employees and vendors alike adhere to it.  After all, a diligent and thorough plan is only as good as its execution.  But employees are likely to be unaware of how to be safe online:  A survey by Symantec and the National Cyber Security Alliance found that only 37% of small business owners train their employees in Internet safety.  The owner needs to set the tone by explaining the serious consequences of a hacking incident, and create a culture of concern over cyber security issues.

Backup data regularly

One cyber liability faced by small businesses is the corruption and/or loss of data.  Because digital information is so valuable and many businesses would grind to a halt if they lost their data, it is paramount that small businesses have an effective backup system.  Methods vary, but experts suggest having a physical backup made frequently and stored offline, at an off-site location.  The stored data should also be encrypted.

Audit your company’s network security

Small business owners should also undergo an audit of the company’s entire network security infrastructure.  This process, best performed by an IT expert who is given access to the network for a limited time window, will serve to expose holes in the system that could be exploited by cyber criminals.

Business insurance steps in when safeguards fail

Even small businesses that are diligent in constructing safeguards against cyber attacks become victims.  So it’s important to recognize the limits of taking precautions and understand that cyber liability insurance is crucial to protect the company.  Cyber insurance can protect against all sorts of first party and third party issues, and compensate for hacking losses that could otherwise easily become catastrophic.