Menu

PNG SECURA Logo

Close

PNG SECURA Logo
SECURA Blog

How to talk to employees about cybersecurity

As a small business owner, your employees are the first line of defense in preventing a cyberattack. It’s important to talk to your employees about cybersecurity and what to do if something happens.

Employees talking around a table.

As a small business owner, your employees are the first line of defense in preventing a cyberattack. While you may think your business is too small to be targeted, small businesses with fewer than 250 employees have the highest rate of targeted malicious emails.1 Even the most sophisticated cyber protection software and policies can be undone if an employee unknowingly activates malware and causes a cyberattack that gives cyber thieves access to sensitive company data, including customer or client information.

It’s critical that you educate your employees about cybersecurity with training.

Highlight the potential cost/damage of a cyberattack to your business.

The average cost of a data breach for a small business ranges from $120,000 to $1.24 million.2

Address password security and best practices.

The best passwords are longer, include multiple character sets (letters, numbers, symbols), use incomplete words, change frequently, and are not used for multiple accounts.

The use of multi-factor authentication significantly enhances the security of digital accounts and systems by adding an additional layer of protection beyond just using a strong password.

Incorporate cybersecurity awareness in new employee training/orientation.

Your employee handbook should highlight cybersecurity practices and include a cybersecurity section.

Provide ongoing practice scenarios to help employees spot phishing attempts.

Through your company’s IT support or an outside vendor, test your employees’ knowledge occasionally with phishing drills. A phishing drill is a simulation exercise used to assess which employees are susceptible to an attack. Employees learn to identify suspicious emails and apply security awareness best practices.

Share “real world” cyberattack news to maintain awareness of risks.

Cyberattacks evolve and change regularly so sharing news about what is happening in the real world helps employees stay aware of what to watch for.

Emphasize that cybersecurity is every employee’s responsibility.

Make sure employees understand that cyber issues are not just the concern of the IT team, but their concern as well.

Create processes and procedures for communicating cyber attempts or successful attacks.

Create a chain of command and design a cyber incident response plan for your business.

1 Symantec Security Center Data

2 Ponemon Institute

© 2023 The Hartford Steam Boiler Inspection and Insurance Company. All rights reserved. This document is intended for information purposes only and does not modify or invalidate any of the provisions, exclusions, terms, or conditions of the policy and endorsements. For specific terms and conditions, please refer to the coverage form.

Cyber Security

Find an agent

Our independent agency partners will help you compare coverages and share industry insights as you shop for the right insurance policy for your needs.
FInd a local agent

Related articles

A man working on his laptop.
SECURA Blog

Create a cyberattack response plan for your small business

Cyberattacks can be devastating for a small business owner. It’s important to create a Cyber Incident Response Plan ready in case your business should fall victim to a data breach.
August 30, 2023 08:14 AM
Learn more
A screen that says "System HACKED"
SECURA Blog

How to deal with ransomware when data is held hostage

Educate yourself on the complexities of ransomware, and the importance of selecting a cyber insurance carrier that provides the coverages you may need.
September 20, 2022 08:00 AM
Learn more
Someone typing on a laptop, over the picture it says "protection"
SECURA Blog

How to prevent a cyberattack

Preparing to protect your business against a cyber-attack should always be on your check list.
April 22, 2020 08:00 AM
Learn more
Load More

Coverages may not be available in all states. Coverages described are subject to all the terms and conditions of the policy, including deductibles, exclusions, and limits of liability. Not all agents are authorized to write all types of insurance. Policies may be underwritten by SECURA Insurance Company or SECURA Supreme Insurance Company, affiliated companies referred to collectively as SECURA Insurance Companies. Please read the policy carefully. Any claim example is for educational and informational purposes only. The information in this document will not be used to determine the coverage of an actual claim presented. All claims are adjusted based on the relevant facts, conditions and coverages at the time of loss. For specific terms and conditions, please refer to your coverage form. Coverage is also subject to applicable deductibles and limits of coverage.

The information provided by SECURA on its Website (the Site) is for general informational purposes only. All information on the Site is provided in good faith, however SECURA makes no representations or warranties of any kind, express or implied, regarding the accuracy, adequacy, validity, reliability, availability, or completeness of any information on the Site. The information contained on the Website is to the best of our knowledge true and accurate at the time of publication, however it is generally to be used solely for informational purposes. The materials on this website are not guaranteed to be correct, complete or up to date. You should not act or rely only on information on this website.

The Site may contain (or you may be sent through the Site links to other websites or content belonging to or originating from third parties or links to websites and features in banners or other advertising. Such external links are not investigated, monitored, or checked for accuracy, adequacy, validity, reliability, availability or completeness by SECURA. SECURA DOES NOT WARRANT, ENDORSE, GUARANTEE, OR ASSUME RESPONSIBILITIES FOR THE ACCURACY OR RELIABILITY OF ANY INFORMATION OFFERED BY THIRD-PARTY WEBSITES LINKED THROUGH THE SITE OR ANY WEBISTE OR FEATURE LINKED IN ANY BANNER OR OTHER ADVERTISING. SECURA WILL NOT BE A PARTY TO OR IN ANY WAY BE RESPONSIBLE FOR MONITORING ANY TRANSACTION BETWEEN YOU AND THIRD-PARTY PROVIDERS OF PRODUCTS OR SERVICES.

UNDER NO CIRCUMSTANCE SHALL SECURA HAVE ANY LIAIBLITY TO YOU FOR ANY LOSS OR DAMAGE OF ANY KIND INCURRED AS A RESULT OF THE USE OF THE SITE OR RELIANCE ON ANY INFORMATION PROVIDED ON THE SITE. YOUR USE OF THE SITE AND YOUR RELIANCE ON ANY INFORMATION ON THE SITE IS SOLELY AT YOUR OWN RISK.

SECURA would like to remind you that the data contained in this website is not necessarily real-time or accurate.

SECURA and any provider of the data contained in this website will not accept liability for any loss of damage as a result of your reliance on the information contained within this website.