We don’t know about you, but the increased time at home in 2020, (along with the fact that Halloween wasn’t long ago), has led to some great scary movie nights.
But there’s one thing almost every movie victim forgets to do in the chaos of preparing for the spooky threat they know is looming around the corner.
They don’t lock the front door!!
We may not be home defense experts, but if Freddie is scratching around outside the house, locking the front door should be the first move. (Quickly followed by grabbing the whole family, jumping in a car, and getting the &^#% out of dodge.)
It’s so easy for us to see the glaring missteps victims make in horror films, but many small business owners don’t realize they’re making the exact same mistake when it comes to their company’s cyber security.
Cyber liability insurance is a great tool to help small business owners recover from a devastating cyber attack, but unfortunately, it’s led to complacency in building a strong cyber security structure. They see it as a safety net that catches and cleans up the aftermath of any attack, but the reality is, cyber liability insurance is your last-ditch effort to protect your business, not your primary defense.
What is cyber liability insurance?
Before we keep going, let’s unpack what cyber liability insurance is and why it’s not your primary cyber security solution.
Cyber liability insurance is pretty much just what it sounds like — it’s insurance that protects you and your business from the aftermath (and ensuing liability) following a cyber attack on your business. To be clear, we’re not arguing the importance of having cyber liability insurance for your small business. It’s an important recovery tool to invest in! But the reality is, it doesn’t cover the cost, damage, and stress caused by a cyber attack like most small business owners think. Limitations of cyber liability insurance
Though every company’s cyber liability insurance plan is different, all plans share some common limitations that you need to know about going in. The most surprising limitation is the Act of War clause that could nullify your insurance claim depending on the type, scope, and details of the cyber attack your business has experienced.
If your insurance company labels your cyber attack as an Act of War, they are released from any responsibility to provide an insurance payout for damages caused by the attack. Now, we’re not suggesting every insurance company is just waiting to nullify your claim with this clause, but it’s important for you to know that the cyber liability insurance “security blanket” isn’t as good as it used to be.
So, to avoid being hung out to dry by your insurance company after a devastating cyber attack, it’s imperative that you know your policy and ask detailed, scenario-driven questions to ascertain your level of protection in the event of a number of possible attacks.
That’s why cyber liability insurance isn’t and shouldn’t be your first line of defense. Instead, invest in the best defense: cyber security.
First line of defense? Developing a cyber security plan.
Honestly, it's hard to warn business owners of this reality before they learn the hard way that they need an enhanced cyber security plan. And there's a good reason for that — cyber security is expensive! However, the risks incurred by a cyber attack are much more costly, especially when it’s not a guarantee that cyber liability insurance can bail you out.
Did you know that as a small business owner, you are the primary target for a cyber attack like phishing or uploading stolen credentials to the dark web? That’s because as the owner, you have the most confidential access to every aspect of your business, and attackers know that business owners will often compromise security for efficiency.
Instant (and free) tips to improve your online business security:
Though we can’t make every cyber security measure as efficient as you might like, there are some practical, incredibly helpful steps that you can take right now at low to no cost to your business.
In looking at the NIST framework that we referenced in this earlier blog post, we can’t over-emphasize how important it is that at a minimum, every business owner implements tools for the Protect layer of cyber security as soon as possible:
Here are a few low-to-no cost tools that we recommend implementing for your business today:
- 2FA or two-factor authentication: Yes, 2FA is a pain and strain on business efficiency, but it’s the No. 1 tool to drastically diminish the opportunity for a cyber attack.
- Strong password policies and training: Strong password policies include regularly changing passwords, avoiding repeating passwords, and using a password management tool like V-Docs.
- Firewalls: Every company needs to have firewalls in place, but so many don't until it’s too late. Whether it’s a human firewall or a digital one, your company needs firewalls in place.
- Dark web monitoring: This allows you to know when your credentials have been discovered on the dark web, so that you can change, remove, or protect your assets before they’re attacked.
Additional recommendations for improving your online business security:
As with anything, the more you invest in your cyber security, the stronger it will be. And since cyber security is your first line of defense (instead of cyber liability insurance), it’s worth taking the financial leap to protect your business! Here are additional recommendations with monthly cost estimates that we highly recommend for your business:
- Next-Gen Anti-virus: Estimated cost of $2 per user per month. If someone is in your house, you want to be warned about it before going downstairs to grab a midnight snack. Though traditional anti-virus does protect against viruses, it won't tell you if someone got past your system. That’s where Next-Gen Anti-Virus steps in.
- SOC, or Security Operations Center: Estimated cost of $5 per user per month. Though cyber attacks occur in the digital world, behind the screen is a real person making real decisions that lead to your door. SOC is an active scanning tool that looks for the behavior patterns of your attackers in order to detect attacks before they happen.
- SIEM, or Security Information Event Management: Estimated cost of $28 per user per month. We’ve covered SIEM in-depth in previous blog posts, but in summary, it’s an incredible cyber security tool that protects your enterprise business from cyber attacks while empowering you to exceed compliance requirements.
Now that you’ve finished this post, are you looking for more help in assessing your cyber liability insurance or strengthening your cyber security plan? Check out Varay’s resources to create your own customized cyber defense strategy, and schedule a free, confidential cyber security meeting to discuss your business needs.