5 Things Your Small Business Needs to Know about Cybercrime

5 Things Your Small Business Needs to Know about Cybercrime

Five Things Your Small Business Needs to Know about the Current State of Cybercrime:

As a conscientious small business owner, you’ve hired people who go the extra mile to satisfy customer needs. Internally, you’ve built a group of genuine team players ready to assist fellow employees at a moment’s notice. It’s a recipe for success that would make any corporate leader proud.

In today’s world of inter-connectivity, however, such unbridled eagerness to serve can come with a hefty price tag.

Cyber-criminals recognize that a business’s “do-anything-to-please” culture can make it an easy mark for increasingly sophisticated cyber-attacks, explains Stephenie Maroni, vice president of operations at James & Sons Insurance.

“By nature we want to please, especially in customer service industries,” Maroni says. “Cyber criminals use this to their advantage. A lot of these schemes use social engineering to manipulate people and get to your business.”

The good news: There are ways to fight back. Here are five points to remember about cyber-crimes, how to prevent them, and what you can do to save your business from catastrophic losses.

No business is too small for a cyber attack

While data breaches at major companies grab headlines, a recent study found that 43% of cyber-attacks target small businesses. Maroni warns that scammers thrive by focusing on “low-hanging fruit,” vulnerable businesses that have failed to put protections in place.

“All businesses are a target,” Maroni says. “We hear about the big ones in the media, but smaller cyber-crimes happen multiple times every day. If you think, ‘They’re not going after me, I don’t have that much to offer’, don’t fool yourself.”

Cyber-criminals exploit online information for profit

Maroni says fraudsters take extraordinary measures to deceive by researching the company and employees through websites and social media, crafting a legitimate-looking email, and sending it to targeted staffers who can execute their scheme. In one nightmarish lapse, an employee received what appeared to be a valid email from a business owner requesting all employee W2s. In minutes, the recipient had sent the file to a cyber-criminal’s inbox.

Another popular scam entails a cyber-criminal posing as a company owner who is on vacation—information that might be gleaned from ill-advised Facebook postings. The email asks the employee to immediately wire money to handle an emergency.

Cyber extortion remains a threat

Cyber extortion, which has seen alarming growth in recent years, continues to plague businesses, Maroni says. In one approach, an employee receives an urgent email from a company principal. A careless click on an attachment downloads ransomware that encrypts company data. The perpetrators offer a deal: They will unlock the data in exchange for an amount paid in crypto-currency, such as Bitcoin. Failure to pay will result in the scammers releasing the sensitive information to the public and keeping the data inaccessible to the business.

Another mode of attack, known as DDOS (Distributed Denial of Service), involves sending an attachment which shuts down a company’s website. Once again, the cyber-criminals demand a specific payment to return the site to business as usual. Even when a company refuses to pay, the cost in downtime and disaster recovery can run into millions of dollars.

Start by training the gatekeepers

Human error remains the top reason why ransomware, DDOS, and other malware such as keystroke trackers continue to infect businesses, according to Maroni. Research has shown that 96% of ransomware attacks are sent through emails.

“Educating your employees is probably the most effective and least expensive thing you can do to prevent cyber-crime,” Maroni says.

Continually reminding employees not to click on suspicious attachments is critical, Maroni continues. Some companies deploy software that sends test emails company wide to gauge employee awareness. The program records who clicked on the fake email attachment, enabling the company to provide further education to the most susceptible employees. Other best practices include:

  • Verifying email requests for information or money transfers by calling the parties who supposedly sent the emails
  • Creating complex passwords
  • Keeping passwords out of sight rather than leaving them on sticky notes at work stations

Cyber insurance equals peace of mind

Maroni notes that many business owners wrongly assume their general liability and property coverage protects them against cyber-crime. In fact, cyber liability insurance must be purchased as a separate policy—a wise addition considering a single breach costing hundreds of thousands of dollars can cripple a small business.

Take, for example, the company that inadvertently forwarded employee W2s to a cyber-criminal. The owner was fortunate to have cyber insurance coverage, Maroni explains. Even though the breach happened over a holiday weekend, on-call experts sprang into action on short notice. Among other tasks, they notified the compromised employees and mitigated damage by reaching tax authorities who could freeze accounts.

Today, most insurance providers offer some type of cyber insurance policy, from ones covering basic minimum limits of liability to complex plans that pay for more lucrative post-breach expenses. These may include the cost of notifying breach victims, investigating the source of the infiltration, monitoring credit, beefing up data security, managing public relations, paying legal fees, and settling third-party lawsuits.

Some policies also include breach coaching and assistance with preparing an Incident Response Plan (IRP). An IRP documents what procedures will need to be followed and what data and cyber security professionals should be contacted in the aftermath of a cyber-crime.

Maroni emphasizes that small businesses need to assess what data they have, determine if it’s being properly protected, and decide how much they can afford to spend to bring in professional help.

“Consult with experts and put together a plan,” Maroni says. “Most insurance policies have the resources available so you can get in touch with experts who will walk you through the steps of what you need to do in case of a breach.”

Take the Next Step:

Consider a Life Policy to Fund a Charitable Gift

Consider a Life Policy to Fund a Charitable Gift

Are there any charities that have a special meaning to you, your family or your friends? Do you ever feel as though you would like to support an organization that makes an impact?

Life insurance can be a great way to give back to these institutions to show your support. This charitable contribution can be given to numerous organizations, such as non-profits, churches, colleges, charities, clubs and private foundations. There are many benefits to having either a James & Sons Insurance Single Pay Whole Life or Ten Pay Whole Life policy, in part because they can be used for this type of funding. You will be making a one-time payment to have the premium paid in full, or payments for 10 years, to cover the entire life of the policy.

By doing this, it will be creating a gift for your organization and the money they receive will be a greater contribution than the premiums paid into the policy. It may also qualify as a tax deduction for the premiums paid and a reduction in the size of your taxable estate.

Upon your death, the benefit will be paid directly to the charity named as the beneficiary, and this legacy will live on after you are gone. It may also avoid having to go through any complications of probate or estate settlement.

In order for this to be considered as a charitable contribution, the foundation generally needs to be the owner and the beneficiary on the policy. You, the insured, will pay the policy’s premiums. Another option is to make the charity the beneficiary of an existing policy if there is no longer a need to support a partner or family member.

Charitable giving is “giving without receiving!” By helping these organizations that offer assistance to others, you can leave a legacy that will change the lives of many.

Take the Next Step:

Protect Your Assets with a Personal Umbrella Policy

Protect Your Assets with a Personal Umbrella Policy

Even though you have insurance that protects your automobiles, your home or your “toys” (boats, motorcycles and seasonal locations), do you have insurance that protects your assets? Is protecting your family’s financial assets a priority for you? We can help protect your assets with a personal umbrella policy.


A personal umbrella policy provides additional liability limits above your personal auto, homeowners and watercraft policies. It protects your assets from a liability suit and from paying out of pocket if there were a catastrophic liability claim. It also provides defense coverage, and in some cases may provide coverage when your other policies do not.

CLAIMS EXAMPLES - Here are two examples how a personal umbrella policy may help you:

  • Automobile: You are involved in an accident with another automobile where the passenger in the other vehicle sustained major injuries. You could be sued for $2 million in medical bills.
  • Social Media: Your teenager writes something on a social media site about another person in their school. The other teen’s parents sue for $3 million, because they feel the remarks are defaming and disparaging.

In both cases, your primary policy may pay on average only $250 - $500k, leaving the additional burden to you and your family. A personal umbrella can help ease that burden.


A personal umbrella policy is affordable. If you have only one automobile and one home, $1 million in coverage may cost just $150 to $200 a year. Additional automobiles, recreational vehicles, watercraft and additional liability limits would cause the premium to increase. We all love lower premiums and there is a way for you to save money with multi-policy discounts. When you insure your automobiles and home with James & Sons Insurance, you’ll receive a discount on your personal umbrella policy. Conversely, a personal umbrella policy will give you a discount on your automobile and homeowners policies.

Take the Next Step:

Developing Safe Drivers

Developing Safe Drivers

Do your business operations include employees who drive? If so, their daily job includes sharing the road with other drivers; many of whom are pairing driving with another activity such as texting, eating and drinking, or adjusting the stereo, entertainment or navigation system.

According to the National Highway Traffic Safety Administration, 80% of accidents and 16% of highway deaths are the result of distracted drivers. Additionally, the National Safety Council reports that every seven seconds someone is injured in a car crash, and every 15 minutes someone is killed.

As an employer you absorb costs associated with these crashes, whether in actual damages to a business-owned vehicle, lost man hours, or increased operating costs. One way you can protect your employees and your business is by implementing driver training.


A defensive driving program is an excellent way to mitigate the impact of distracted driving claims. Defensive driving encourages the driver to always be on guard against possible collisions by using the following defensive driving techniques:

  1. Driver Awareness – Being vigilant to the lack of driving skills, distracted driving, or improper driving techniques of others.
  2. Weather and Road Awareness – Changing driving practices to account for the weather, road or traffic conditions.
  3. Awareness of Surroundings – Being aware of pedestrians or other objects coming from outside of the road.
  4. Situational Awareness – Being aware of situations, such as merging or driving into the sun, which could lead to additional collision exposures.
  5. Distracted Driving Awareness – Teaching tips to avoid distracted driving.

Take the Next Step: