Experiencing a data breach or cyber-attack is not just stressful and overwhelming, it can completely upend and destroy a small business, potentially leading to significant financial and reputational losses.

Yet, according to the Insurance Bureau of Canada, 69% of Canadian small businesses don’t consider cybersecurity a financial priority, and only 20% intend to purchase a cyber insurance policy. This lack of prioritization is a dangerous game that could cost them everything. It’s crucial for business owners to understand the importance of cybersecurity and the need to invest in it to protect their business.

IBM Security defines a cyber-attack as “any intentional effort to steal, expose, alter, disable, or destroy data, applications, or other assets through unauthorized access to a network, computer system or digital device.”

It’s vital for every business owner or leader to fully understand all regulatory and compliance-related requirements their business is subject to, develop an incident management policy and procedures, and seek out expertise from cybersecurity professionals for help developing an in-depth cyber response plan.

What to do if your small business suffers a cyberattack

Download Our FREE Insurance Guide

Learn everything you need to protect your small business.

Whitepaper download

"*" indicates required fields

Your email address will be used by Zensurance to provide latest news, offers and tips.
You can unsubscribe at any time.

Zensurance - Small Business Insurance Guide

Taking action quickly is critical if you suspect your business has suffered a data breach or cyber-attack. The steps below are for informational purposes only, and are intended to provide a general guide on what may be included in a cyber response plan developed by cybersecurity professionals:

1. Notify Your IT Security Team or a Cybersecurity Professional

If you have a dedicated IT security team or cybersecurity consultant, contact them immediately and have them investigate the attack and take action to minimize the damage.

2. Secure and Isolate Affected Systems

Move quickly to disconnect compromised computers, laptops, servers, or networks from the internet to prevent further unauthorized access. Securing affected systems by taking them offline can help contain the attack while it’s in progress.

3. Assess the Scope of the Breach

Identify which systems, data, and accounts were infiltrated by the attack, and determine what customer and financial data or confidential business records were compromised or stolen.

4. Accurately Document Everything

Thoroughly and accurately document all details about the incident and do not discard any evidence. Detail what took place, when it happened or was discovered, what systems were compromised, what data was stolen, what type of attack it was, and if the attackers demanded a ransom.

Speak to all employees who know about the event and record those interviews. Also, ensure your employees know who to contact with any information they have that could aid the investigation of the breach or attack.

5. Change All Passwords

Immediately change passwords for all affected accounts (email, website backend, data systems, cloud storage, social media accounts) and require all employees to do the same. If you’re not using multifactor authentication (MFA) to access critical accounts and systems, enable it for all employees.

6. Notify Your Insurance Broker

Immediately contact a Zensurance broker to inform them of the event (you can call Zensurance toll-free at 1-888-654-6030). Have the following details on hand, including:

  • The name of your business, your business’s address, phone number, and an email address to contact you.
  • Your business insurance policy number and the name of the insurance company that underwrites your policy.
  • Share all relevant details and records of the incident.

7. Notify Your Customers

If your customers, suppliers, and business partners’ personal information is compromised, be transparent with them by informing them of the breach. Provide details of what information was exposed and the actions your business is taking to resolve the issue.

8. Report the Incident to the Authorities

Contact your local police force and the Royal Canadian Mounted Police as soon as possible and file a report of the incident. The incident should also be reported to the Canadian Anti-Fraud Centre and the Canadian Centre for Cyber Security

Additionally, notify Canada’s two primary credit reporting bureaus, Equifax Canada and TransUnion Canada, to have a fraud alert added to your business’s credit report.

It’s also advisable to consult an experienced lawyer with privacy and cybersecurity expertise to counsel you if the attack against your company has broken any federal or provincial laws or industry regulations. Note: Cyber liability insurance includes coverage for legal advice, crisis management services, and credit monitoring fees.

9. Restore Affected Systems

After the breach or incident has been contained, any vulnerabilities in your systems or website have been patched, and your systems have been updated, restore your company’s data using your backups.

10. Strengthen Your Cybersecurity

Conduct a review of the incident and an overall cybersecurity audit of your business. Identify any weaknesses or vulnerabilities and implement necessary cybersecurity measures to prevent the incident from happening again. Also, ensure all employees get cybersecurity training to help them reduce your business’s cyber risk and be able to identify future threats before they impact your company.

Get Low-Cost Cyber Insurance and Protect Your Business

Zensurance can help you get the cyber insurance protection you need to help your business recover from data breaches and cyber-attacks.

Fill out our online application for a free quote in less than five minutes.

Our team of friendly brokers will shop the market for you to get the low-cost coverage you need and customize it to suit your business’s requirements.

This document is provided for informational purposes only. It does not, and it is not intended to, provide legal, technical or other professional advice, nor does it amend, or otherwise affect, the provisions or coverages of any insurance policy or bond issued by any carrier that is procured by, or with the assistance of Zensurance, nor is it a representation that coverage does or does not exist for any particular claim or loss under any such policy or bond. Availability of coverage referenced in this document can depend on underwriting qualifications and relevant laws and regulations. Zensurance disclaims all warranties whatsoever.
In addition, the referencing of certain entities in this material does not imply that any sponsorship, affiliation or endorsement relationship exists as between Zensurance and such entities. The use of any services or the implementation of any product or practices referenced in this material is at your sole discretion. In no event will Zensurance or any of its subsidiaries or affiliates be liable in contract or in tort to anyone who has access to or uses this material for the accuracy or completeness of the information contained herein. This document is not designed to be comprehensive and it may not apply to your particular facts and circumstances. Consult as needed with your own legal advisor or other professional advisor regarding the sufficiency of any resources referenced herein.

Recent Posts

Sign Up for ZenMail

"*" indicates required fields

The best of Zensurance news, tips, and resources are delivered straight to your inbox.
Name*

Share This Story:

About the Author: Brandon Bowie

Brandon Bowie is a Team Lead, Professional Lines at Zensurance.