How small businesses and restaurants can protect themselves from cyber threats

January 11, 2021

Despite the COVID-19 pandemic, many small businesses and restaurants have remained resilient.

Across the country, small business and restaurant owners have worked tirelessly to transform the way they operate to align with evolving customer needs. From introducing contactless payment options to offering new virtual services, they’ve moved swiftly to expand their offerings and digital capabilities in light of social distancing guidelines.

In the midst of these changes, however, it’s critical for small businesses and restaurants to make sure they’re guarding against potential cyber threats. Here are key steps they can take to help ensure that they stay protected.

Secure networks, devices and servers

According to data from the Chubb Cyber Index^SM, this year, roughly three-quarters (72%) of cyber incidents among U.S. businesses with revenues under $25 million were a result of external actors (a.k.a. “hackers”).

Fortunately, there are quick and easy steps small businesses and restaurants can take to reduce their risk to these attacks. For example, using Multifactor Authentication (MFA) techniques on company computers and mobile devices can offer small business and restaurant owners much needed peace of mind. This extra layer of security helps ensure that even if a bad actor happens to identify an employee’s login ID and password, they won’t have access to company systems or information.

In some states, small businesses and restaurants have started transitioning back to their typical operations—albeit while making some adjustments to comply with social distancing guidelines. Even during these “normal operations,” it’s imperative that they continue to keep their guard up and protect themselves from potential cyberattacks. A good example of this is public Wi-Fi. While it might make a cozy café more attractive to customers, it’s also an easy target for cybercriminals. Even if small businesses and restaurants offer public Wi-Fi to their patrons, they should use a private and secure network for their business operations.

Keep security systems up to date

While it’s important to stay vigilant about all kinds of cyber threats, small businesses have become frequent targets of malware attacks. The Chubb Cyber Index reveals that in the past year, malware was the most common cause of cyber incidents among U.S. businesses with revenues under $25 million.

Malware is particularly dangerous because it can spread across a network of connected technologies—credit card scanners, for example—to steal information. As a result, small businesses and restaurants should ensure that all of their devices have been updated with the latest software. Additionally, they should consider enabling automatic updates on their devices, since not all updates install automatically. This way, small business and restaurants owners, who already have so much on their plates, won’t miss a beat.

Educate employees

As important as it is to protect the technology they rely on, it’s crucial for small businesses and restaurants to arm their employees with the information they need to keep company data secure.

Restaurant and small business owners should consider holding employee education programs that offer comprehensive instructions around how to identify, prevent and report potential cyberattacks. This way, restaurant management staff and small business workers can help stop cybercriminals in their tracks. Plus, many programs come in free or low-cost versions, or are even offered as a cyber insurance policyholder benefit, which can be helpful for restaurants and businesses struggling to stay afloat during the pandemic.

One benefit of these educational programs is that they can help employees recognize cyberattacks that might seem less obvious to the untrained eye. As the Chubb Cyber Index notes, 40% of cyber incidents impacting U.S. businesses with revenues under $25 million were caused by social engineering this year. For a restaurant, this type of attack could be as subtle as someone pretending to be a food vendor and trying to trick an employee into clicking a malicious email link or wiring them money. If workers know how to recognize this and other kinds of malicious behavior, they’ll be in a better position to protect themselves and their employers.

Planning for 2021 and beyond

As they plan for the year ahead, small business and restaurant owners should not only update their cyber defenses, but also ensure that they have the proper cyber insurance coverage in place. Good cyber defenses can guard against most common cyberattacks, but no business is ever impenetrable—which is why even large organizations sustain breaches. To that end, small business and restaurant owners should work with an independent agent or broker to find the policy that best suits their needs.

After everything they have endured — from suspending their services to altering their operations and then changing them back again — the last thing small businesses and restaurants need is to become the victim of a cyberattack.

Patrick Thielen is a Senior Vice President and product lead for Cyber and Technology E&O for Chubb North America. Patrick is an underwriting leader with roughly 20 years of experience focused on providing a broad array of tailored property/casualty, cyber, and E&O insurance products and risk management solutions to customers of all sizes, industries, and geographies.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.