COVID-19, Digital Risk Protection & Cyber Insurance: What SMBs Need to Know
The COVID environment accelerated digital transformation in the small to medium sized business sector, to levels not seen since the cell phone was commercialized.
Chances are, we’ve all seen evidence that in this current atmosphere, small businesses have two choices: adapt to today’s demand for rapid digitalization or get left behind. As a business owner implementing changes to increase your presence in digital territory, you probably realize that while critical to remaining competitive, these measures can also introduce inherent risks and new challenges. You are connecting more information to the internet and allowing more access points into their digital infrastructure, opening yourself up to ransomware, identity theft and data loss. Being proactive, however, by adapting your business’ protocols, procedures, information technology and cyber security, will go a long way to securing your digital resiliency from the potential global threats that could knock you off course.
In this blog, we explore a few areas of digital risk protection that your business should focus on to ensure that your risk and potential data threat posture is meeting your level of digital transformation.
Choose a financial institution wisely
Make sure you know that your financial institution is keeping up with today’s (and tomorrow’s) rapidly evolving digital landscape. Some local banks and smaller credit unions may not have the security or protocols in place to ensure your information is secure; be certain your provider is not one of them. This new digital era has opened financial institutions up to a new and growing set of risks, including data breaches, privacy, and cybercrime. But implementing what may seem like small measures can dramatically improve your risk exposure. One immediate step you can take is to ensure your financial institution uses dual authentication or certain password parameters to get into accounts. You would also be well advised to make sure all employees know that if your corporate credit card or purchase card allows for touchless purchasing, the cards must be kept secure and potentially behind a radio-frequency identification (RFID) protective barrier.
You’re only as strong as your weakest link
Vendor risk is a real risk in today’s economic environment. Ensuring that your suppliers, contractors and vendors are taking proper precautions to secure transactional information is a major focus area of digital security companies. From the order intake through the delivery stage, there are various aspects of the supply chain that have become potentially more vulnerable due to advancements in technology. Be aware of all the players involved in each step of your business process, and ask questions until you feel confident that they are taking adequate measures to ensure the necessary security and protocols to minimize their digital risk (or find a new vendor if they aren’t).
Keep software up-to-date
Patch management is a simple way for small businesses to help themselves stay digitally resilient. Ensuring that your IT department has a formal and consistent approach to version all software to the most current and most secure is essential. Even if you do not have a dedicated IT resource, patch management for most software products can be managed through regular updates. Making this a company-wide priority on a consistent basis is an easy measure to take against digital risk.
Recognize the challenges of remote working
As digitalization for business effectiveness and efficiency has become increasingly prevalent, we’ve seen the exponential rise of the mobile workforce. Working remotely brings significant and numerous advantages, but it also challenges certain inherent human behavior that can lead to a greater need for digital risk protection. As we’re all likely aware, unplugging while home has become more difficult. Employees work longer and in potentially more distracting environments. In addition to simply working when tired, it can also lead to “screen fatigue,” both conditions that make it more likely to falter on security protocols and procedures. Working in isolation – as opposed to working in an office where you can drop in on another coworker with questions – can also make us and our staff members more susceptible to impersonation attacks via phishing emails. Since remote work is here to stay, being aware of these challenges and the potential risks they introduce, and creating company initiatives that address the issue, can go a long way to staving off digital risk.
We challenge you to “Rise above risk” by taking these steps:
- Communicate clearly from management to staff. Explain the importance of digital threats and risk awareness, demonstrate the threats that are real and create company-wide buy-in for proactive policies and procedures that will build real risk resilience as you continue to grow.
- Educate staff via regular training, online courses and/or promoted materials so that the entire organization maintains an ongoing understanding aware of the global digital landscape and their role in everyday transactions. Their choices can make the business more vulnerable to risk or serve as a shining example of how a business can thrive in a secure and resilient ecosystem.
- Create and deploy a vendor management process in which your team, at a minimum, asks basic foundational questions about their security posture. When on-site, maintain an independent secure WIFI, ensuring data is transferred in a protected manner rather than just as email attachments. Ask about connectivity of monitoring devices on equipment, and other more specific actions to better mitigate the liability assumed on behalf of vendors.
- Integrate routine, forward-looking enterprise digital risk and compliance assessments into business planning. Incorporate security and training into the annual budget with defined spend so that the entire organization is aware of its importance, collectively accepts cyber risk as a true organizational challenge, and understands the value of being vigilant about risk protection.
Ultimately, your people are your most important asset. They are the easiest – and most straightforward – way to protect your business. By educating, communicating with and training every team member, you can ensure that employees can understand the risk of malicious activity, recognize suspicious activity when it occurs and follow security protocols. Collectively, it will greatly improve your risk posture for ongoing peace of mind in the ever-evolving digital landscape.