Six Ways to Build a Culture of Cybersecurity Awareness

An examination of how cybercrime can harm your business, how it happens, and what to do to prevent it.
Christine Lacagnina Written by Christine Lacagnina
Christine Lacagnina
Written by Christine Lacagnina

Christine Lacagnina has written thousands of insurance-based articles for by authoring consumable, understandable content.

Reviewer: Jeffrey Green Reviewed by Jeffrey Green
Reviewer: Jeffrey Green
Reviewed by Jeffrey Green

Jeff Green has held a variety of sales and management roles at life insurance companies, Wall street firms, and distribution organizations over his 40-year career.  He was previously Finra 7,24,66 registered and held life insurance licenses in multiple states. He is a graduate of Stony Brook University.

Modern interior of server room in datacenter. 6 Ways to Build a Culture of Cybersecurity Awareness.

Cybersecurity is a concern for all businesses, regardless of size or industry, in today's digital world. Being prepared with the right type of coverage can help you prevent the loss of sensitive data, not to mention revenue and even your customer base. Since so many things are stored electronically today, having the right cyber liability insurance is becoming less optional for business security by the second.

Considering that RiskIQ predicted that by 2021, the world would lose $11.4 in cybercrime costs every single minute, it's never too early to call up your independent insurance agent. They'll help you get equipped with the right cyber liability policy. But up first, here are a few handy tips to help your business build a culture of cybersecurity awareness.

Six Ways to Help Deliver a Dependable Cyber-Secure Business

Your business needs a protocol for cybersecurity measures to keep your employees, customers, and your data safe. Taking proactive steps to ensure an environment of cybersecurity in your business can even help you save money on your business insurance if you have the proper protections in place. Start by following these six tips.

1. Maintain a Secure Office Network

To secure your office's network, change all passwords, including the ones that came with any routers, to secure passwords that include more than 10 characters and a combination of letters, numbers, and special characters. If your business offers public guest Wi-Fi, make sure it's separate from your business's internal network, and that customers and employees don't cross over to the other network unless they use a virtual private network (VPN) for added security.

You may also want to change the default name of your network to make sure it doesn't identify your business to others when they search for Wi-Fi. Ask any of your remote employees to take these same steps to secure their usage of your business's network if applicable. 

2. Require Your Employees to Use a Two-Factor Authentication

Two-factor authentication, or the process of requiring two forms of identification before you can sign in, is becoming more and more common. Use this security method in any area you can, such as when logging into company email accounts. You can set it up so that you get a code texted or emailed (to an alternate address) before you can access company accounts.

This process can greatly deter hackers, because not only do they need to gain access to your email or other accounts they want to break into, but they'd also need access to your phone or personal email. This makes their job much harder or even next to impossible in many cases. You can look up these two-factor authentication apps to help keep your business safe:

    • Okta Verify
    • Google Authenticator
    • LastPass
    • Microsoft Authenticator

3. Keep Devices Secured and Password-Protected

Any equipment used by your business needs to be secured with a password, including any computers, tablets, or phones. Make sure each device has a unique, secure password. Businesses can subscribe to secure password managers like DashLane or LastPass to keep track of company passwords.

Don't skip physical security measures either. Keep all important equipment secure with lock and key, or require the use of keycards, tokens, or badges to gain access.

4. Limit Who Can Access Your Data

The more folks who have access to your business's network and data, the greater your cyber risk becomes. Make sure your business keeps track of all employees and other users who have access to various information, in case a breach or other issue ever happens. Any time an employee quits, gets fired, or is laid off, make sure to update all company passwords that this individual had access to right away.

Also ensure that your employees use common sense practices, such as never posing for photos in front of computers displaying sensitive information, etc. Have your business set up firewalls and encryption methods for an added layer of security. If you don't have an IT employee on staff, you can call in a professional to help you set it up.


Save on Business Insurance

Our independent agents shop around to find you the best coverage.

5. Take Phishing and Other Social Engineering Scams Seriously

Social engineering is a type of hacking that involves manipulating victims to hand over the desired information. Common forms of social engineering include:

  • Email phishing: Phishers might pretend to be friends, family, coworkers, bosses, or even official organizations like the IRS or an insurance company. They create official and realistic-looking emails and get victims to click on links or reply with sensitive information, which they then can easily steal. 
  • Phone scams: Scammers often pose as prospective vendors to steal company credit card information when an employee places an “order." Your business never receives the "order," and your credit card information gets stolen and distributed. 
  • Baiting: This involves hackers creating fake prizes or deals that direct employees to a malicious web page. These web pages install malware or capture passwords and other valuable information when employees attempt to log in to claim their prize.

A reported 91% of successful data breaches have used phishing attacks, a type of social engineering. Make sure your employees and coworkers are all educated on how to spot and manage social engineering attacks on your company.

6. Engage All Employees in Up-to-Date Cybersecurity Training

Cybersecurity experts make it their job to stay on top of current cyber threat trends. You can research these trends yourself and then hold employee training regularly to keep everyone up to date on what to look out for. You can also hire a professional to come to your business and host the training for you, or sign up for a webinar. 

The Importance of an Incident Response Plan

The actions your business takes after a breach are just as important as its prevention steps. Having a solid incident response plan in place is key for helping to get your business back on track ASAP after a data breach. Having a plan in place beforehand can help you minimize losses, recovery time, and damage to your business's reputation.

How Common Are Data Breaches and Other Cyberattacks?

They are more common than you may think. That means it's more critical than ever to ensure that your business's cybersecurity practices are in place.


Since the start of the COVID-19 pandemic, cybercrime is reportedly up 600%.

Here are some more shocking cybercrime stats:

  • The cost of data breaches rose to $4.24 million in 2021, up from $3.86 million the previous year.
  • On average, one data breach can cost a small business between $120,000 and $1.24 million in losses.
  • A reported 66% of small businesses had at least one data breach between 2018 and 2020.
  • In 2021, the ransomware being released to target victims was 57x more powerful than the malicious software used in 2015.
  • Just one malware attack can cost a business an average of $2.5 million in losses.
  • The worldwide cybercrime cost is estimated to reach $10.5 trillion by 2025.

Knowing just how great of a threat data breaches and other cybercrimes are to your business can help stress the importance of following proper safety protocols and having prevention tips and response plans in place. 

How Do I Add Cyber Liability to My Existing Insurance?

Since cyber liability policies aren’t standard, you’ll want the help of an independent insurance agent to add one to your business insurance policy. Together, the two of you will assemble a package of coverages to protect yourself and your business against cyber risks that are unique to you. Cyber liability insurance is designed to keep your business afloat following a huge disaster like a data breach or other cyberattack. 

Insurance expert Jeffery Green said that cyber liability insurance can help businesses recover from incidents like data breaches and other attacks on their computer systems. Coverage reimburses the costs of notifying customers of the incident, replacing lost income, restoring data, and repairing damage to company computer systems. 

In addition to following the action steps above, ask your independent insurance agent to help you add cyber liability insurance to your business's policy today. You can also help keep your business safe by checking out these resources.

Additional Resources to Help You Protect Your Business:

Why Choose an Independent Insurance Agent?

Independent insurance agents simplify the process by shopping and comparing insurance quotes for you. Not only that, but they’ll cut through the jargon and clarify the fine print so you'll know exactly what you’re getting.

Independent insurance agents also have access to multiple insurance companies, ultimately finding you the best cyber liability insurance coverage, accessibility, and competitive pricing while working for you.

Share this page on Twitter Share this page on Facebook Share this page on LinkedIn,data%20breach%20is%2025%2C575%20records