Skip to Main Content
Corin Cook

By: Corin Cook on March 24th, 2021

Print/Save as PDF

Ways You’re Making Your Business Vulnerable to Cyber Attacks

Business Insurance | Cyber & Identity Theft

As a business owner, you try to do everything you can to protect your business. 

But when it comes to cyber attacks, it can be tricky. Even the most tech savvy companies have issues keeping up with the latest vulnerabilities hackers are taking advantage of.

At Berry Insurance, we offer cyber insurance. So we are well aware of the risks associated with cyber attacks, and we never want any businesses to have to deal with one.

Below, we’ll go over some basic things you may be doing that could actually be putting you at risk for cyber attacks.

Responding to online inquiries:

Imagine this scenario: you get a message on your website’s online chat tool from somebody asking who your CEO is. You answer. Then your employees start getting dangerous emails from an account pretending to be the CEO. 

Let me let you in on a little secret. This scenario actually happened to us recently. In fact, it is what inspired us to write this article to help you out.

By simply responding to an online chat, someone was able to gain information about our company to try to trick our employees.

Fortunately, our team, who is well trained on cybersecurity, knew right off the bat that the emails were phony, but if not, our company could have experienced a serious cyber attack.

To make sure it doesn’t happen to you, make sure you and your employees are aware of these types of attempts and know how to recognize them. 

Responding to phishing inquiries:

So, you know that example we talked about above?

When the cyber attacker sent those emails under the name of our CEO, that was a phishing attempt.

Phishing is an effort through email, phone, or text to act as a reputable contact in order to have the recipient share sensitive information or click on a dangerous link.

If the hacker is successful, this kind of attack can lead to the capture of important data, or significant financial loss.

Make sure you carefully look at each email you get before you take any action. Especially the email address it is coming from, and what the sender is asking you to do.

Giving employees administrator rights:

While giving your employees administrative rights on their computers might be an effective way to reduce some of the trivial administrative tasks you have to perform as a business owner, it is not a safe strategy.

Granting your employees administrative rights allows them to install any software on their computers without your permission. This may save you time and effort, but can be disastrous.

If you have no way of vetting what your employees are downloading on their computers, you also have no way of knowing if someone is downloading something with a malicious code, malware or worse, ransomware.

Using commonly used/shared passwords:

It may be inconvenient, but there’s a reason experts recommend you change your passwords often.

No, it’s not because they want to drive you mad trying to remember your new password or trying to think of a new variation of numbers in characters. It’s because it actually really does help to protect you. 

The longer you have a password, the longer a hacker has to figure out what it is. Change your passwords regularly to keep the hackers guessing.

We suggest using a password manager, which can keep all of your passwords organized in one location.

Another common mistake is having the same password for everything. If hackers uncover your password to an account, and you use that password for all of your accounts, that means the hacker has not one … but all of your passwords.

Not using a VPN for remote employees:

If employees are accessing company servers and data remotely, they should be using a secure virtual private network (VPN).

A VPN is a network that creates anonymity, protecting your identity and browsing information from hackers and other entities.

By allowing employees to work on their less-secure home networks, you are making your business data more vulnerable to a cyber attack.

Not updating software:

I know, I know, it’s another one of those minor tasks that you just ignore and put off, but it really is important to update all of your software and operating systems to ensure they are up to date.

After all, the reason organizations provide software updates is to implement improvements, and oftentimes, those improvements are in security.

The longer a version of a software or an operating system has been out, the more likely hackers are to have found a way in.

By regularly performing any software or system updates, you are ensuring you are using the most secure options available.

Not training employees:

Whether or not you know all of the best practices to avoid cyber attacks, it doesn’t make a difference if your employees aren’t educated.

Each employee you have using technology opens up more opportunities for cyber attackers to harm your business.

To reduce this risk, you should make sure you have an in-depth cyber security training program that includes regular training to every employee. You can also set some rules around password creation and requiring VPN use when working remotely.

Hey, maybe even send them this article to start! Bonus points if you send it to your IT provider!

Protect your business from cyber attacks

Technology advances quickly.

If you want to protect your business, you need a thorough cyber security strategy that is continually updated and improved.

But sometimes, simply being cautious and not doing the things we outlined above isn’t enough. 

Cyber attackers have advanced methods nowadays and any business is vulnerable to a cyber attack. To better protect your business, you need a comprehensive cyber insurance policy. Read this article “What is Cyber Insurance and Do I Need it?” to learn if a policy is right for you.


Cyber Scorecard Download