You have locks on the doors and windows, but chances are, your company’s digital presence is not nearly as secure.

When it comes to protecting your company's private information and your employees' and customers' personal data, you’ll want to be aware of the many ways that cyber crimes can affect you. While many business owners and managers would rather outsource anything tech to the IT department and forget about it, staying ahead of trends in cyber security may just save your company's reputation.

You barely have to wait a day before hearing about some new cyber security breach of a major company, like Equifax  (143 million Americans' data), Uber (57 million users' data) and Cash App (details for 8.2 million accounts stolen), or a major government institution like the SEC which suffered from illicit trading of information.

But know this: you don't have to be big to be hacked. Data shows that 46% of all cyber attacks target small businesses (those with fewer than 1,000 employees).

So what should you do to ensure your company is cyber secure? Here's a quick rundown:

1. Start small: Passwords

Implementing a rigorous password protocol might just be the easiest way to slam the door on cyber hackers who try to get into your employees' emails, files, computers or even thumb drives. You can have your IT department set protocols to expire passwords on a regular basis, and to prevent the use of some of the perennial "worst passwords" that get used, like (believe it or not) "password" or "12345."

Most password "hacks" aren't hacks at all, they're guesses that you've picked a password that's easily figured out, says Kyle Brucker, Managing Director of Technology at Marsh McLennan Agency (MMA).

Some of Brucker's tips to make all your passwords secure include:

• Don’t write passwords down on paper. Consider using a program like LastPass (our secure password management software). LastPass securely keeps all of your passwords in one place. The best part is that you only ever have to remember one password! You can call or email the IT Helpdesk for more information or to get started.
• Never share your passwords with anyone. Even IT can’t see your passwords and we want to keep it that way.
• Never include passwords in email messages.
• Never reveal passwords in forms or questionnaires.

Brucker also has tips for creating strong passwords that can protect against even the savviest hacking software:

• If the password includes the names of your kids, your dog, your birthday, your favorite team, the city of your birth, your kids’ birthdays, your anniversary, etc., it's not a good password.
• Don’t use the same password for all of your password-protected accounts. If one is hacked, all others are vulnerable.
• Don’t use a password that is similar to an old one as it creates an avenue for compromise.
• Try an acronym from an easy to remember piece of information or a phrase. Substitute numbers, symbols and misspellings for letters or words in an easy to remember phrase. For example, $ could substitute for S, @ could substitute for a, luv could substitute for love, etc.

2. Keep software up-to-date

All those apps on your employees' phones and computers need updating to fix bugs, but they also get updated to repair holes that cyber criminals might pass through to get into company email, files and more. Encourage employees to keep their personal devices updated, especially if they're not company issue.

3. Educate employees on their role in staying cyber secure

You hear all the time about "that one employee" who made a bad judgment call and clicked on a phishing link or lost their laptop in a taxi out of town.

For example, "on March 13, 2024, a laptop computer was stolen from a TimeDoc employee who was traveling on public transport,” reports The HIPAA Journal. “The laptop was password-protected, but not encrypted.”

“A review was conducted which revealed patient data such as names, dates of birth, chronic conditions, and the name of the practice where the patient received treatment may have been downloaded to the laptop.” TimeDoc proceeded to change the employee’s password, report the incident to law enforcement and notify the affected patients, but the damage had already been done.

You can and should educate employees on their role in keeping your business safe. From having a secure laptop password and physically protecting electronics like phones and thumb drives to not sharing access to unauthorized personnel or sharing personal information through unsecure or unreliable methods like email. You want to keep everyone aware of their role as a gatekeeper to your business.

4. Have a plan and write it down

Developing a cyber security risk management plan involves identifying risks, analyzing risks, deciding on a mitigation response, and committing to continually monitor the situation.

Keeping your business cyber secure is a constant process. Make sure your IT department, web developers and any company hosting data outside your business work together to keep ahead of potential threats, keep software and anti-virus programs up to date and maintain a clear level of communication with employees so that no one person or group can put the company at risk.

5. Get covered

Cyber security insurance protects not only your business, but everything that your company touches with its digital footprint, from employee social security numbers to customers' credit card numbers.

According to an article in Forbes magazine, "As you and your company evaluate your risk and exposure to cyberattacks and data theft, remember that there is no avoiding the impact that this new threat has on all businesses of any size. Do not fret, however: There are great resources at your disposal and an army of experienced professionals waiting to lend a hand along the way."

Looking to make your business cyber secure? Start a discussion with an agent today.