The war in Ukraine – is there a risk to your business?
Businesses have been through a lot lately. And just as it seemed things might be returning to something close to normal after the pandemic, now the war in Ukraine may pose some risks to your small business. If the last two years have taught business owners anything, it’s the importance of having a Plan B, so it’s important to understand how this war could affect you.
One of the chief risks small business owners may face as a result of the war in Ukraine is that of a cyber incident.
Cyber risks
With tensions escalating between Russia and the West, including the United States, the potential for cyber attacks against western targets has increased. Businesses of all sizes should remain extra vigilant and all employees should be aware of the possibility of suspicious emails or social engineering attempts. Ransomware attacks are the predominant threat, enabled by phishing emails.
Companies in the telecommunications, energy and financial services sectors should be on high alert, as should companies that use these kinds of services via a third party or supply chain.
Here are three steps you can take to protect your business against cyber risks.
- Prevent an attack from happening in the first place. This means being able to recognize a phishing email and training your employees to do so as well. Make sure everyone is using secure passwords and two factor authentication wherever possible. Require vendors and other partners to meet the same security standards.
- Detect an attack quickly if it happens. Whether it’s a ransomware demand or something that just doesn’t look right, stop what you’re doing and get professional advice. Be sure your backups are up to date so you can restore any data you might lose.
- Mitigate the impact of an attack with insurance. Cyber security insurance should include tools for educating your staff and crisis management resources.
Related: What’s your cyber security IQ?
Types of cyber threats
The main threat from Russian elements is likely to be ransomware, enabled by phishing emails or smishing texts. Here’s what you need to know.
Phishing (emails) and smishing (texts)
Every email and text should be carefully inspected before opening it, and before clicking on any links. Check for these red flags:
- An email address or phone number that doesn’t match the sender’s name. Hover over the sender’s email address to see the actual address it was sent from – it may not be the address shown.
- Generic greetings. If someone doesn’t address you by the name you prefer, it’s probably not someone you interact with frequently – even if they’d like you to think it is.
- Suspicious links or images. Best practice is not to click on email links at all. Type the address into your browser – and make sure it’s the correct address, not just the one in the email.
- Spelling and grammar mistakes. If an email is purported to come from a large company, you can be sure that it has been seen by enough people that any glaring typos or grammar errors have been caught. If you see misspellings or errors that would commonly made by someone who’s not a native speaker, be cautious.
- A sense of urgency or secrecy. Suppose an employee receives a text message that appears to come from an executive, asking that money be transferred or an invoice paid. The email indicates that the request is urgent or needs to be completed without going through the proper channels. This is a common tactic of scammers, so be wary.
If you or an employee receives a message with one or more of these red flags, don’t open it, click on any links, or take action on the request until you can confirm with the sender by another method of communication.
Ransomware demands and Distributed Denial of Service (DDoS)
These kinds of attacks are carried out by a bad actor getting access to your system and locking it down. They typically gain access through a phishing email.
To prevent this type of attack, make sure you have the right software that protects against DDoS attacks. Vendors and suppliers should also have anti-virus software protection. And you should back up your system offline, and test your back-up at least every week.
Related: A cyber security expert answers your ransomware questions
Protect your business
Having an educated workforce is critical to keeping your business safe from hackers, no matter where they come from. Whether you’re a sole proprietor or have 100 employees – or more – those who use your system can act as a ‘human firewall’ to prevent malicious code from getting to your information.
Cyber security software can protect your business against the costs associated with a cyber-attack. A Hiscox cyber security insurance policy includes training resources (CyberClear Academy) and expert breach response services. Get a quote today to see how your business could be protected.
Subscribe to the Hiscox Entrepreneurial Digest on LinkedIn
Get valuable business resources, timely tips and inspiring success stories in your LinkedIn feed every month.
Related Articles
Why do you need fitness trainer insurance?
Learn about the insurance every personal trainer needs to have. Protect your personal training business with personal trainer insurance.
Read More
Focus on liability insurance: does my commercial lease need it?
If you're running your small business using a commercial space you may be wondering if your commercial lease requires you to carry liability insurance. Here's what you need to know.
Read More
5 Common examples of workplace harassment: Understanding and prevention
Discover how to prevent and address workplace harassment. Learn your rights and employer responsibilities to create a safe, respectful work environment.
Read MoreWe provide tailored insurance for the specific risks you face, so you can take the right risks to grow your business.