Types of Insurance


Insurance Help


Log In

How to Audit Your Small Business’ Cyber Health During the Holidays

Your email address

Choose your Industry

Is your small business at risk during the holidays? It might prove faulty during this time because cyber crimes happen more during the holidays. Take these steps so you don’t lay your business bare to bigger-than-ever cyberbullies before, during, and after the holidays.

The statistics are startling: Cyberattacks now cost companies $200,000 on average, putting many out of business. A whopping 43 percent of online attacks target small businesses but only 14 percent of these businesses adequately put up defenses.

You may already know that having the latest security software, web browser and operating systems are the best defenses against viruses, malware, and other online threats, but what else can you do to go the extra mile to evade cybercriminals?

Here’s how to stop them in their tracks — and sometimes it simply takes a security audit.

Step 1: Get prepared for a security audit

Your first step is to get the basics in place in your company — particularly if you have employees. You may be thinking about getting a professional in to your business (particularly if you don’t have an IT department — most small businesses don’t!) to review your cyber capabilities. Even if you plan to do this, make sure you do what you know you need to do before a professional arrives. This includes:

  • Establishing basic security practices and policies for employees, such as requiring strong passwords.
  • Establish appropriate internet use guidelines for your employees that explain your company’s penalties for violating company cybersecurity policies.
  • Go over rules of behavior so your company knows exactly how to handle and protect customer information and other vital data.

Step 2: Seriously, consider getting a security audit

If you’re pretty clueless about security or don’t have a dedicated IT team, you’ll want to get an official security audit or have a security professional into your office to assess your specific network. An auditor assesses a network and its weak points to determine whether a cybercriminal would be able to easily get into the network from the outside. In fact, the auditor will pretend to be a cybercriminal — to “assault” your network in order to test its limitations.

Here’s how it works:

  1. First, the auditor pokes around in your network’s internal mechanisms and protocols to check the network’s design — this includes checking password standards, user account permissions, and more.
  2. An auditor can assess how effectively backup data is being stored and make suggestions as to how a company can streamline its recovery protocols.
  3. Auditors usually add physical security assessments, which evaluate how easily an intruder can access a company’s office or server room.
  4. Finally, an auditor will make sure your backup and disaster recovery systems are ready to help you bounce back from a cyberattack.

Getting expert advice can really help you turn the corner in avoiding cybersecurity threats.

Note: A comprehensive network security audit will cost anywhere from several thousand dollars to $20,000. Though this may seem expensive (especially for a small business with a potential modest income), it’s far less than you’d pay if you had to wade through a serious security breach.

Step 3: Create a plan for security

Based on the security expert’s advice, ask for an exact cybersecurity plan. Make sure you ask for as much detail as possible, including an execution timeline and strategy from the security auditor.

Ask questions and hopefully, your auditor will want to talk to your company’s employees to warn them of phishing attacks and other security risks. If they don’t do this, encourage them to do so, with a complete presentation and careful visuals (sometimes this stuff is hard to visualize unless there’s an exact visual representation of what the security expert is talking about.

Step 4: Pay attention to passwords

Don’t forget to put an emphasis on passwords. Require your employees (and keep yourself accountable!) to use unique passwords and also change passwords every three months. You may want to seriously consider implementing multi-factor authentication, which sounds complicated but it really just means that it requires you and your employees to add additional information (beyond just a password) to gain entry.

  • Don’t forget to check with all of your vendors to handle sensitive data, including financial institutions, to make sure they offer multi-factor authentication for your account.
  • Encourage your employees to engineer passwords with strong and complicated combinations of letters and numbers. You can ward off the sighs of annoyance from your employees by using password managers such as LastPass, 1Password or Bitwarde,
  • Make sure each of your employees has his or her own account and password manager. If you won't use a password manager, still require your employees to change their passwords every three months. Don’t let them write down their passwords in an accessible place.

Step 5: Secure your Wi-Fi network

Did you know that Wi-Fi equipment is not secure when you first purchase it? Your device comes with a default password, but don’t forget to ensure that your network gets encrypted with your own specific (complex) password.

  • Choose the most secure password. You’ll likely be able to choose from multiple kinds of passwords, and one of the most secure is a Wi-Fi Protected Access II (WPA2) code.
  • Don’t forget to hide your network! This means the router will not show the network name and broadcast it.
  • Prepare for customers or clients. If they need access to Wi-Fi while they’re visiting your office space, set up an account with a completely separate password and security measures. This means they won’t have access to your main network.

Step 6: Keep your system updated

Talk through keeping your system software updated with your security auditor — it’s crucial for the cybersecurity of your business.

Ask the following questions:

  • How can we make sure we have the most updated security software and strong firewalls?
  • What settings ensure the prevention of viruses or attacks by cybercriminals?
  • What do you recommend in terms of keeping my system automatically updated? (When your system is automatically updated, you’re instantly protected from many of the known vulnerabilities that cyber attackers routinely exploit.)
  • Ask other ways you can protect your system, specifically during the holiday season. No question is too silly when you want to make sure your system is secure.

Step 7: Further protect your hardware

You can do a number of other things to protect your hardware. Employ anti-theft cables or brackets, set up surveillance or web cameras, or lock your server and communications rooms. Do you have ultra-sensitive and confidential customer data? It’s a really good idea to consider adding a biometric scan to unlock the doors or add in an alarm system!

Ask your security advisor what other new technologies are available to help you further protect your livelihood.

Step 8: Check firewalls — especially for at-home workers

Has COVID-19 put your employees at home for good? How about yourself? Are you making sales calls from your home office or basement? Check the firewalls everyone has in place. A firewall is a set of related programs that prevent outsiders from accessing data on a private network. Even if you do your due diligence to make sure your operating system's firewall is enabled at the office, make sure it’s the same at your employees’ homes. If employees work from home, ensure that their home systems also benefit from firewall protection.

Also limit your employees’ access to just the files, folders, and applications they need to perform routine on-the-job tasks — and no more.

Step 9: Don’t forget the cyber liability insurance!

Get CoverWallet on your side. Cyber Liability insurance covers a broad range of security-related claims, including data breaches, network failures, and media or content liability.

One breach (even an employee's stolen laptop could be the culprit!) could cost your business, so get cyber liability insurance to cover your business even more.

Get Your Protection Plan in Place

Are you making high-tech security a top priority? Be honest with yourself. You may be a pro at employing antivirus software to run a scan after each update and add key software updates right when it’s scheduled, but what other things can you do to ensure you’re protected this holiday season?

Get temporary help in the form of a security auditor to make sure your holiday remains merry and bright.

Author Bio: Melissa Brock, the founder of College Money Tips and Money editor at Benzinga, spent 12 years working in college admission. She loves helping families navigate their finances and the college search process. Check out her essential timeline and checklist for the college search!