Back to top

Encompass® Agency Insights & Articles



Preparing Your Small Business to Withstand a Cybersecurity Attack

Cybersecurity.

What would happen if a hacker launched a cyber attack against your business? Would the hackers gain access to sensitive information or are your data and networks secure?

As a small business owner, cybersecurity threats may not be top of mind. After all, hackers are only interested in companies with vast troves of sensitive customer data, like credit card data or Social Security numbers, right? Think again: while it’s easy to assume no one would bother your small business, this mindset could leave your company vulnerable to cyber threats, hackers and identity theft.

Why Cybersecurity Preparedness Matters for Small Businesses

A 2016 report by Keeper Security and Ponemon Institute found that half of all small and medium-sized businesses (SMBs) had been breached in the past 12 months. SMBs are a popular target for hackers because they are easier to penetrate than major corporations. Failure to establish and enforce security protocols leaves small businesses vulnerable to security breaches. The Keeper Security and Ponemon Institute report found that 65 percent of SMBs with a password policy fail to adequately enforce it and that 59 percent of SMBs have zero visibility regarding employees' password practices.

Part of this is a perception problem. When an attack hits a major corporation and millions of customers are affected, the story makes national headlines. When a small business suffers a security hack, fewer customers are impacted, so it’s less likely to make the news. While major corporations have access to financial and legal resources to recover from a cyber attack, not all small businesses do. Sixty percent of small companies go out of business within six months of a cyber attack, according to the Denver Post.

How to Create a Cybersecurity Preparedness Plan

September is designated National Preparedness Month (NPM), a reminder for small business owners to evaluate their company’s preparedness levels. When considering possible emergencies, don’t underestimate the risk of a cyber attack. These are three cybersecurity issues to keep in mind when creating your company’s preparedness plan.

  1. Train employees to detect threats. Proper employee training can mitigate many low-level threats. Coach employees on data security protocols, policies, and practices. Educate your employees on the importance of cybersecurity and be serious about protocol enforcement. Doing so will help foster a company culture where cybersecurity is top of mind rather than an afterthought.
  2. Assess threats. Everything from your company's Wi-Fi network to cloud storage carries a cybersecurity threat risk, cautions the FCC. This does not mean you should stop using Wi-Fi or ban cloud-based platforms. You can, however, carefully consider potential risks associated with Wi-Fi network security, confidential data access, cloud storage, and BYOD (bring-your-own-device) policies and take steps to control access, encrypt sensitive information, and harden network security.
  3. Create a business response and continuity plan. With cyber threats constantly evolving, even the strongest line of defense may prove to have vulnerabilities. In the event a data breach occurs, having a business response and continuity plan in place can help prevent further damage. This plan should be similar to your existing emergency response plans; it should document roles and responsibilities, determine communication methods, and advise employees on next steps. If you need assistance getting started with a preparedness plan, PrepareMyBusiness.org offers free resources including a Crisis Communications Checklist.


Encompass agent adjusting his cuff.

Only agents with a certain mindset need apply.

Encompass is as discerning about our agents as our consumers are about their coverage.

Become an Agent

The general information contained in The Encompass Blog is provided as a courtesy, and is for informational and entertainment purposes only. The contents of this website are subject to periodic change without notice. Information provided on The Encompass Blog is not intended to replace official sources. Although attempts will be made to ensure that the information is accurate and timely, the information is presented "as is" and without warranties. Information contained on The Encompass Blog should not be mistaken for professional advice. Information contained herein should not be considered error-free and should not be used as the exclusive basis for decision-making. Use of website information is strictly voluntary and at the user's sole risk. We encourage you to obtain personal advice from qualified professionals when making decision regarding your specific situation.

Other resources linked from these pages are maintained by independent providers. The Encompass Blog does not monitor all linked resources and cannot guarantee their accuracy. Statements, views and opinions included in an independent provider's material are strictly those of the author(s). These views may not necessarily represent the opinions or policies of The Encompass Blog, the Encompass family of companies or its agents, officers or employees.

ECC Monitor: OK