Prepare. Protect. Prevail.® Visit THEHARTFORD.COM/CYBER today
for additional cyber insights and resources.
2. Establish security safeguards.
Help safeguard SMBs’ sensitive data
from unauthorized access and use with
• Encryption for laptops, desktops and
mobile devices. Encryption encodes
information so that only the person
(or computer) with the key can decode
it. While not a full security solution,
it’s highly recommended for all
devices, especially those with sensitive
information. Most newer model mobile
phones and tablets include auto-encryption software. Many privacy
and consumer protection agencies
provide safe harbors in their statutes
to incentivize businesses to adopt
• Cloud service providers. Outsourcing
security management to cloud-based
providers is an increasingly viable
alternative to an in-house security
program. Cloud providers o;er a;ordable
expertise in identity and vulnerability
management that the SMB;needs but
often lacks. SMBs should negotiate with
providers for the security and privacy
services that best serve their company’s
• Password protection and authentication
controls. Passwords are the primary
means for controlling access to sensitive
data resources. Change default passwords
and require complex passwords that
must be changed every 90-120 days.
Multifactor authentication may be
required depending on the type of data
being accessed or the source (such as
• VPN (virtual private network) for
remote access. For organizations with
remote users, VPN provides a secure
channel through the internet to the
SMB’s private network. VPN controls
include encryption of all data that’s
transmitted over the channel, multifactor
authentication, strong passwords and
• Vendor security. SMBs’ vendors should
make securing sensitive information
a priority. Before entrusting data to
a third party, SMBs should get their
vendors’ specific controls in writing. And
augment them with additional controls
if necessary. Also require the vendor to
return or destroy all sensitive information
upon termination of the contract.
3. Prepare for the worst.
A security breach is a near certainty for
businesses today. For SMBs, preparedness
is key to surviving the fallout.
An incident response plan (IRP) prescribes
the way a business will respond to and
manage the e;ects of a security attack.
Its goal is to limit the damage and reduce
recovery time and costs. All SMBs should
prepare an IRP that includes:
• Identification of an incident response
team that includes system-savvy security
sta; and a manager authorized to make
decisions on behalf of the business.
• Clear delineation of possible incidents
(such as malicious code) and how to
identify and contain them based on the
business impact (confidential customer
data vs. intellectual property).
• Procedures for eradicating the root
cause of the attack and all traces of
malicious code, restoring data and
software, and monitoring systems for
any remaining signs of weakness.
SMBs should always work with their
insurance carrier to integrate procedural
requirements for coverage into their
Find an insurance carrier that
provides more than just coverage.
Having comprehensive cyber insurance
coverage is as important as best
practice policies. Partnering with the
right insurance carrier can help SMBs
improve their cyber security and reduce
financial losses. Experienced carriers
like The Hartford provide full breach risk
management solutions. So you can help
SMBs prevail in the face of an inevitable
The Hartford offers a unique and
comprehensive risk management solution
that rewards SMBs for boosting their
defense against cyber attacks. Find out
how at THEHARTFORD.COM/CYBER.
Experienced cyber insurers can help
SMBs tighten cyber security with
recommended providers. To learn more
CyberChoice First Response is o;ered on a SURPLUS LINES basis. *
For Producers Only – Not for Distribution to the General Public.
1) 2015 Internet Security Threat Report, Volume 20, http://www.symantec.com/security_response/publications/threatreport.jsp
*Eligibility for surplus insurance coverage is subject to state regulation and requires the use of a licensed surplus lines broker. Surplus lines insurance policies are generally not guaranteed by state guaranty funds. Policies should be examined carefully for suitability
and to identify all exclusions, limitations, and other terms and conditions. Surplus lines coverage is underwritten by Pacific Ins. Co. Ltd (except in CT and HI) and Hartford Ins. Co. of Illinois in CT and HI. The Hartford has arranged for data risk management services
for our policyholders at a discount from some third-party service providers. Such service providers are independent contractors and not agents of The Hartford. The Hartford does not warrant the performance of third-party service providers even if paid for as part
of the policy coverage, and disclaims all liability with respect to use of or reliance on such third-party service providers. The Hartford® is The Hartford Financial Services Group, Inc. and its subsidiaries. Its headquarters is in Hartford, C T.
16-0110 © 2017 The Hartford Financial Services Group, Inc. All rights reserved.