For an optimal site experience, we recommend using a different browser.
Using Internet Explorer may prevent you from accessing, and some site features may not function as expected.

skip to main content

Just because you run a small business, doesn’t mean you’re beyond a hacker’s notice – or reach. Unfortunately, small businesses are particularly susceptible to hacks and breaches, simply because they have fewer resources and may lack the knowledge to be adequately prepared. Here are a few ways that you can protect your business from a cyber attack:


1. Understand what’s sensitive data and what’s not.

Credit card information is often the target of cyber attacks but, depending on your business there is a lot of other sensitive data you may be holding—such as customer profile information, account details, email addresses, even phone numbers—that may be just as valuable to hackers.


2. Educate your employees.

The more your employees know about cyber attacks and how to protect your data, the better off you’ll be. Send out regular reminders not to open attachments from people they don’t know or expect; outlining procedures for encrypting personal or sensitive information; and requiring employees to change their passwords regularly. And train your employees to double check in person if they get rush requests to issue unexpected payments—a common scam.

woman at work on the phone


3. Make sure you’ve got the right partners and platforms.

Your cyber security is only as good as the security of the platforms and partners your business depends on. Check the following:

  • Do you have a WAF (web application firewall) in place – to protect your site?
  • Is your ecommerce platform PCI-DSS (payment card industry data security standards) Level 1 compliant? That will protect you against digital data security breaches across your entire payment network, not just a single card.
  • Does your website hosting company have staff that are regularly patching security vulnerabilities – to reduce the likelihood of attacks?


4. Secure your hardware.

Data breaches can be caused by physical property being stolen too. If your servers, laptops, cell phones or other electronics are not secured and are easy to steal, you are taking a big risk. Security cameras and alarms will help, but physically locking down computers and servers will help even more.


5. Hire security.

Hire an outside expert to evaluate your risks and, if necessary, guard your property and data – physical and online. Make sure you do your homework, though, to ensure that the company you trust with your business is truly trustworthy.


Your insurance company may also provide cyber consulting and risk management services, so check with your agent or broker when choosing your cyber insurance coverage.

This document is advisory in nature and is offered as a resource to be used together with your professional insurance advisors in maintaining a loss prevention program. It is an overview only, and is not intended as a substitute for consultation with your insurance broker, or for legal, engineering or other professional advice.

Chubb is the marketing name used to refer to subsidiaries of Chubb Limited providing insurance and related services. For a list of these subsidiaries, please visit our website at Insurance provided by ACE American Insurance Company and its U.S. based Chubb underwriting company affiliates. All products may not be available in all states. This communication contains product summaries only. Coverage is subject to the language of the policies as actually issued. Surplus lines insurance sold only through licensed surplus lines producers. Chubb, 202 Hall's Mill Road, Whitehouse Station, NJ 08889-1600.