Cyber threats are heard about more and more in the news with many attacks affecting larger businesses. However, more recently, there has been a rise in attacks against smaller businesses. Unfortunately, most small businesses lack the funds and tools to protect themselves against cyber-attacks, which leaves them vulnerable. However, with a few policies put in place, they can focus on keeping their data secure and protecting their customers.

We’ve come up with a simple checklist to help smaller businesses get to grips with their cyber-security. Particularly in light of the recent changes to data protection.

Plan by having effective policies, training and backup procedures in place

 

Acceptable use policy

An acceptable use policy sets out the rules surrounding your business network. This could cover a company intranet or simply the use of the internet within the business. Putting this in place highlights to any user, which could be a customer or employee, what websites are deemed accessible within the company network. It protects against unwanted website access including social media sites and reduces the risk of malicious content.

Access control policy

Implementing an access control policy ensures that users understand who has the right to change, access or remove any business information that may be sensitive or confidential. It can help to trace anyone with access to this information.

Account management policy

Anyone who has access to a business system should be aware of this policy. It simply defines which software requires passwords or encryption and how employees should manage this. It protects the business against employees who have left the company and ensures that they no longer have access to sensitive data.

Password policy

This policy ensures that systems and sensitive data are protected by strong passwords. This means passwords that someone couldn’t guess easily. It also ensures that the policy is distributed amongst the company so that there is a complex system in place, making it hard to break.

Wireless network security policy

Much like your wireless box at home, this type of policy protects your small businesses wireless network. It prevents unauthorised access from people not involved in the company and can help to stop devices infiltrating the system.

E-mail policy

An email policy is simple to put in place. It sets out how company email systems can be used and protect against spam or any other undesirable mail. It also protects against your own domain, which can result in emails being blocked or placed in spam folders to your customers.

Clean desk policy

It sounds simple enough, but a clean desk policy doesn’t just keep your desk tidy. It is put in place normally to protect against anyone accessing sensitive information from your desk. This may be removing documents, but it could also include securing computers too.

Data handling and disposal policy

This process outlines how to dispose of sensitive data properly. Once the information is no longer needed, the company must ensure that the information is disposed of properly.

Physical security policy

The physical security policy protects the business building itself. It confirms who has access to the building including visitors and employees as well as who accesses equipment within the business.

Internet security policy

An internet security policy ensures all devices and hardware within the business with anti-virus software. It outlines how this will be implemented and then maintained on a regular basis.

Training

Whilst most of your company policies will be written within a handbook, it’s important that staff members are aware of their duties to protect any data they have access too. Informing employees of these policies and ensuring that passwords and encryptions are correctly put in place can help to gain more awareness and protect your data.

Data backup

It’s also important to back up any data that you have, not just for the protection of your business but for your customers too. By putting these policies in place and backing up any data, you can still maintain control over your sensitive data.

 

Prevent the worst from happening with cyber security best practices

 

Getting these policies in place is the first step towards cyber-security, and there are some simple tasks you can do to ensure that your business follows the rules it sets out.

Secure your emails

Encrypted emails are really important for a small business who may be susceptible to malware or viruses sent from spam or robot-mail boxes. Most email providers have spam filters too which can help to stop you from accidentally opening unwanted content.

Delete old users

Both for employees and customers, it is important to delete any users who may have access to business systems. It prevents them from gaining access to new sensitive information when they are no longer there.

Delete irrelevant data

Any data, particularly sensitive data should be removed from your systems as soon as possible. Customers also have the right to ask for their information to be removed too.

Password protection

Two step/ two-factor authentication and password management can be imperative in keeping your data safe. A two-step authentication requires a code, in addition to a password, to gain access to a system. Only a few people should have access to this. Therefore, if a password is guessed, then there is another boundary. It’s also best practice to implement a password manager, to ensure employees are changing emails when necessary and someone has access to all the information.

Secure your network

Some businesses restrict access to certain sites that may not be secure. In order to ensure your policy is protected, you can remove certain sites so that they are not accessible from your network.

Social media access

It’s important to let employees know what they can and cannot share on social media. It protects the company on both a business and personal platform.

Stay up to date

Keep systems and software, particularly anti-virus software up to date to ensure they are protected. The internet is a world of fast-paced changes and so keeping up with the latest updates will help keep your data secure.

 

Cover your back in case the worst happens with specialist cyber insurance

 

Getting the right insurance can help to protect your business in the event of a cyber threat. Businesses, particularly smaller businesses, need to realise their responsibility when it comes to protecting their data and protecting their clients. In the event of a breach or fraud, a business could lose out on profits, through lost customers, loss of trust and legal fees. Business insurance can help protect against these losses and keep the business running until it can be secured again.

Get a Cyber Insurance quote for your business.
 

Cyber insurance claims are becoming more and more common with each passing year. As business grows more dependent on technology, instances of cyber insurance claims are bound to rise in turn. The causes vary from malicious attacks, to security loopholes, on to employees not paying attention. All are traps which are worryingly easy to fall into.

Here is a brief overview of some of the most common cyber insurance claims businesses make.

Human error

An employee making a mistake, though innocent, can still be costly for a business. For example, an employee on a reception desk leaving confidential information on display to customers. Or, another example could be attaching an incorrect file to an external recipient. Human error is all too common, as such these types of insurance claims are regular.

Ransomware

Take for example an employee in the finance department clicks on a malicious link in an email, inadvertently downloading ransomware software into the business network. This software in turn encrypts all financial data, rendering it inaccessible until a “ransom” is paid. The business has no ability to function until said ransom is paid, or their system otherwise unlocked.

DDos attack

A DDoS attack generally involves deliberately overloading a network, causing a business website to go down. This in turn means customers can’t access it. Hence the name – Distributed Denial of Service attack. This causes the business to lose income from lost business and forces them to scramble to locate the source of the attack. It’s inconvenient and potentially highly damaging.

Phishing

Clicking malicious links also runs the risk of other harmful software being downloaded, it can even happen simply through visiting unsafe websites. Phishing software, once downloaded, scours the system for valuable confidential information – this gives the hackers access to passwords, accounts, and much more besides. Phishing software is usually highly efficient at finding profitable confidential information.

Unauthorised access

This can occur from a variety of directions. For example a hacker could gain access to the network through a loophole in the security. It could also be a case of a low-level employee accidentally being able to access data restricted to management. Either way, when someone has access to a system that they shouldn’t, it never bodes well for the business in question.

Malware and viruses

When malware or viruses enter the computer network, they quickly get to work disrupting everything. They can cause screens to freeze, machines to become unresponsive, or even to shut down altogether. With new viruses being developed every day, even the strongest anti-virus software must be regularly updated. Just one infected machine can easily cause the entire network to go down.

Data breaches

Data breaches can occur in a number of different ways – some malicious, some accidental. For example, an email containing confidential customer financial information being sent to the wrong recipient. Whether it’s through poor network security or employee error, the cost can be equally damaging. Data breaches can result in legal action as a result of failure to comply with data protection legislation, so are to be avoided at all costs.

Impersonation

In the right circumstances it could be very easy for one person to impersonate another digitally, given the right information. For example, a high-ranking employee accidentally leaves their Intranet log-in details on the train. A random person finds them, and is then able to access the system, posing as the employee. They can then either steal confidential data, or deliberately disrupt the system.

Rogue employees

Employees can turn malicious for a number of different reasons. Whether it’s due to perceived wrongs a company has done them causing a desire for revenge, or wanting to ingratiate themselves with a competitor by providing classified information. However it occurs, it can be devastating depending on the level of access to the system the rogue employee has.

Misleading communications

It can be surprisingly easy for a business to be duped into sending money for goods or services to someone claiming to be genuine. For example, a business receives an invoice for raw materials. The numbers add up and it looks authentic, so the invoice is paid without further question. However the sender has simply engineered the invoice from data they have found or stolen.

These are just a few examples of common cyber-crimes you need to be aware of. Always stay alert to protect your business, your customers, and your reputation!

Read more about cyber insurance and how it could help protect your business.

Get a Cyber Insurance quote.
 

Cyber insurance, which covers your business against the effects of a serious cyber incident, is not an “off the shelf” policy. Our team will work with you to assess the exact cover your business needs to protect your company as well as your customers.

So what does cyber insurance actually cost?

Your cyber insurance policy will be built around your business, and the specific needs of you and your customers. Although this means that there is no single published price for a cyber policy, it also ensures that you always get the best value for money. With a bespoke policy, you are never paying for anything you do not need.

As a rough guide, our cyber insurance cover typically starts from just £182 a year, and provides protection against:

• Breach costs: This includes legal advice, undertaking forensic investigations and notifying regulators or customers of the breach. It also covers credit monitoring support for affected customers.

• Hacker damage: You’ll be reimbursed for the costs associated with restoration, repair or replacement if a hacker damages your systems, website, data or programs.

• Privacy protection: We’ll help you settle claims made against you in relation to failing to keep personal data secure. We’ll also cover the regulatory investigation costs and settle civil penalties levied by regulators, if possible.

• Cyber business interruption: If damage caused by a hacker prevents you from earning revenue, we’ll compensate you for the loss of income as well as the damage caused to your reputation.

• Media liability: Our policy includes protection if you infringe someone else’s copyright by mistake. For example, if you accidentally libel a third party in your electronic communications or you use a picture without permission from the owner.

• Cyber extortion (ransomware): If a hacker attempts to hold your business to ransom, we’ll protect you by covering any ransom you pay. We’ll also cover the costs of hiring a risk consultancy firm to manage the situation.

 

Factors which could affect the cost of your cyber insurance policy include:

• the specific types, and level, of cover you require;
• the nature of the risks that your business faces; and
• your annual turnover.

 

Value for money

Despite the cost, it’s important to remember that cyber insurance represents excellent value for money. Cyber incidents and data breaches can cost your business a lot more than simply a hit to your finances. Huge penalties under data protection laws, regulatory fines, reputational damage, and loss of business are just a few of the potential consequences of a cyber attack and are all things that cyber insurance can protect you against.

 

The cost of not being covered

Since May 2018 and the introduction of GDPR, the risks of not being covered by cyber insurance have increased dramatically. If your business is attacked by cyber criminals and you suffer a data breach, you could be liable to pay a fine of up to €20,000,000, which very few businesses will be able to afford. That fine will be on top of the costs of notifying and supporting your customers, fixing your IT systems, and the loss from reduced business.

Whilst it is an extra expense, it is easy to see why cyber insurance is excellent value for money, especially when you compare this to the costs of not being covered.

Contact us today for a no-obligation discussion about how we can help you find the right cyber insurance for your business.

Get a Cyber Insurance quote for your business.

Legal Expenses insurance helps to fund the cost of legal advice and / or the costs of bringing or defending court cases that can arise from your day to day business activities. This is an optional cover providing protection for issues outside your standard Employers and Public Liability insurances.

It is not designed to pay you the actual damages that you are trying to cover through the court action, nor does it cover your liability to pay damages to others*, however, it will help to cover the costs involved with a claim.

Many insurers include Legal Expenses as standard in their policies, but it is worth checking to make sure that you have the cover in place with your business insurance policy.

What kind of cover is offered under Legal Expenses?

  • Legal and Tax Advice
  • Counselling Helpline – trained counsellors provide employees with help and support over the phone
  • Business Legal Services Online – personalise and download a wide range of legal documents
  • Contract and Debt Recovery
  • Employment Protection and Compensation Awards
  • Employees Extra Protection
  • Tax protection
  • Compliance and Regulation
  • Property Disputes

Your Legal Expenses cover will help to insure you against the cost of Legal Expenses in the event of having to defend or pursue an event as detailed above.

* Employment Protection can often include the compensation award

Many businesses need to transport goods from one place to another but unfortunately goods can sometimes get damaged in an accident, or in some cases can get stolen.

Standard vehicle insurance often does not include much cover for the items you are carrying.

You may need Goods in Transit insurance instead to ensure your costs are fully covered, especially if you often transport items for others, such as if you run your own courier or haulage company.
 

What kind of cover is offered under Goods in Transit Insurance?

  • Loss, theft or damage to your property while in transit in vehicles owned, leased or hired by you
  • Damage caused by accidents in transit
  • Loss of or damage to materials and other goods for incorporation in the contract whilst in transit

 
It is important to make sure that your policy covers you for what you need, so carefully consider the value of goods that you transport to ensure you have cover in place for them.

Some policies also allow for cover abroad, while others may place a weight or value restriction on the items you can carry; speak to our insurance specialists for more information.

Need to arrange goods in transit cover? The head over to our GIT product page found here.

If you are a tradesman running your own business, you will understand how important your tools of trade are, as the livelihood of your business depends on them being safe.

However, accidents and unforeseen events can arise, leaving your tools damaged, lost, destroyed or stolen, risking the financial security of your business.

Luckily you can insure yourself against such instances so that if you are forced to have to replace your tools you are covered for the chosen sums insured.

Tools insurance can also be extended to include any employee’s tools and equipment.

What kind of cover is offered under insurance for Tools?

  • Loss of or damage to portable tools belonging to you or the property of partners, principals, directors or employees used on the site of a contract, carried out by you in connection with the business often on an ‘All Risk’ basis
  • Automatic reinstatement of sum insured

There are often limits on the maximum sum you can insure your tools for, both as a full sum amount and a single article limit. It is important to speak with your insurer to find out what is covered by your policy. Tools cover is often added as an extension to your main Public and Employers Liability insurance.

Sometimes you have to expect the unexpected with your business. Consider this: if something happened to your business premises – such as a fire or flood – that meant you had to re-locate, or an unforeseen event interrupted the operations of your business leaving you at risk of losing income, what would you do?

You may want to consider taking out Business Interruption insurance to help you to maintain the turnover of your business during the indemnity period following an insured incident such as a storm, explosion or a burglary and more.

This cover helps you to continue trading at your anticipated pre-loss trading level until normal business activities are resumed.

What kind of cover is available under Business Interruption?

  • Loss of business income following a claim under the building or contents cover
  • Cover to help recover outstanding debt balances where records are lost following damage
  • Denial of access as a result of damage to premises in the vicinity
  • Failure of public utilities

For more information about Business Interruption insurance, get in touch with our insurance specialists today.

Even the most secure of businesses can find themselves with money stolen from their premises by violent and forcible means. Any amount of money going missing will be worrying, but losing a few thousand pounds could be a serious inconvenience in the smooth operation of your business, not to mention the potential damage to your property that may arise.

Loss of Money, or Cash on Premises cover, makes it possible to insure yourself against such losses to ensure your financial stability. Levels of cover vary depending on the nature of your business and the policy you choose to take out, but if money should be stolen you can help to get it back and keep your cash flow moving.

What kind of cover is available under Loss of Money or Cash on Premises?

  • Loss of money during business hours
  • Loss of money in a bank night safe
  • Loss of money in a locked safe when closed for business
  • Loss of money in transit
  • Loss of money not in a locked safe when close for business

Speak to your insurance provider to be sure which level of cover you are taking out. For more information, get in touch with our team of insurance specialists.