5 Tips to Help Small Business Clients Assess & Manage Cyber Risks
Agents and brokers looking to expand their relationships with small and mid-sized businesses might try ramping up efforts to help them understand and manage enterprise threats, such as cyber exposures.
While hacking incidents, ransomware and other cyber-related attacks are serious risks for all businesses, they can be devastating to small and mid-sized accounts that forgo needed protection.
When discussing cyber risk with SME clients and prospects, simplicity is key. It’s better to focus on a couple of easily graspable concepts than make the issue appear so complex owners and managers incorrectly conclude it’s beyond their ability to address.
Here are five tips for agents to simplify cyber risk discussions with small commercial accounts and deliver value in helping them manage this enterprise exposure.
1. Let them know how to spot their most significant potential cyber-vulnerabilities. Whether it involves ransomware, malicious code or computer viruses, most of these problems result when someone opens a questionable email attachment, falls for a phishing scam, or visits problem websites. The common theme in these attacks is careless employees. Creating a culture that recognizes the seriousness around cybersecurity can go a long way.
2. Help SME clients understand what constitutes safe policies and procedures. In most cases, small businesses won’t need sophisticated IT capabilities to establish and maintain safe practices for preventing cyber incidents. They can start by having all employees establish strong passwords auto-generated via password managers; limit access to any financial systems exclusively to your authorized finance and accounting team members; establish procedures for portable devices and working from home; enforce secondary authentication with all account payables; and make sure automatic updates are enabled on all computers.
3. Explain the value of making sure cyber-risk management practices are strictly followed by all employees and associates. Be sure your SME clients not only frequently communicate their cyber-risk management policies and practices to their employees, but that they make sure employees take ownership of these measures. Employees need to realize cyber security is a shared responsibility and any lack of compliance may have a materially negative impact on their compensation, growth opportunities and even continued employment. Training can be used to expand the employees’ understanding of the company’s protocols, and assessments such as phishing simulation can be used in conjunction to drive procedures home. Finally, the weakest link breaks the chain so all training should be extended to any part-time employees, interns, and any other workers who will be accessing the company’s email and computer systems.
4. Make sure clients communicate their cyber risk policies to all suppliers. In all likelihood, any of your clients’ customers that use a client’s online resources will want assurances about cyber security and protection. At the same time, your SME clients should be encouraged to ask about – and be aware of – the cyber-security policies and practices of their trading partners, vendors and suppliers with which they share online data, tools, resources or conduct financial transactions. Often, even firms with strong internal cyber risk practices may be vulnerable if suppliers don’t follow equally robust protocols and enforce them. This can also place them at a competitive advantage, as a better cybersecurity program can be the tiebreaker with all other factors being equal.
5. Position cyber insurance as a critical backstop and resource. After reviewing with your SME prospect or client the fundamental aspects of understanding and assessing potential cyber-risk vulnerabilities and exposures, you’ll be in position to have a productive discussion about cyber insurance. Besides showing clients its value as a critical source of financial protection, don’t overlook bringing up the added value provided by many cyber insurance companies that offer helpful cyber vulnerability analysis and cyber security software to insureds.
The bottom line for small businesses is that countering the most significant cyber threats often comes down to implementing a handful of fundamental safeguards that may not require the involvement of an IT professional. Furthermore, by adhering to these basic cyber risk best practices, SMEs may also qualify for more affordable cyber-insurance that provides critical financial protection.
At the same time, agents and brokers who help clients solve this challenging hazard stand to benefit from any insurance policy placements that result, not to mention client faith and trust.