Building cybersecurity defenses for small businesses

January 1, 2025 3:41 PM

Person using a laptop with several lock graphics on top of the image.

Systems breaches and social engineering attacks are the top security threat for insurance and financial services businesses, according to a 2024 Data Breach Investigations Report by Verizon Business. This division of Verizon provides cybersecurity services to small businesses, which account for 23% of all data breaches, according to the report.

Digital Insurance spoke with Alla Reznik, senior director at Verizon Business, about how small businesses, particularly small insurance companies, can protect their valuable data, what they should know about cyber threats, and what to watch out for in the future.

This article is from a longer interview and edited for clarity.

What do Verizon Business cybersecurity services provide?

Alla Reznik of Verizon Business — Alla Reznik, senior director, Verizon Business.

We help enterprises and small businesses recognize the risk. We help them train employees, and then recommend tools. The tools could vary from as simple as implementing something on all of your mobile devices, so our network can prevent suspicious links and threats from even getting to your employees.

If they don't have a CISO [chief information security officer] and they don't know how to deploy something, we will set up a solution on their mobile devices or router.

What are some of the measures Verizon takes for these businesses and how do they operate?

It's going to be tools they set up. Technology will help them enforce those tools. The protection in our network will block sites we flag as suspicious. We enforce dual authentication to make sure if employees log in to systems from wi-fi, they are dual authenticated and everything is encrypted.

We hope small businesses realize cyber security doesn't have to be scary. They can do it with simple steps, and get to the levels they really should have.

What cybersecurity functions are uniquely necessary for small businesses/insurers?

The nature of insurance companies is they have a lot of both structured and unstructured data. Structured data can be easily read by technology, and therefore it's easier to protect. To be fair in the insurance process, insurers also collect a lot of unstructured data, like videos, emails and photos. That data is harder to protect, so insurance companies have to implement policies and train employees to protect unstructured data as well.

Trust is everything for insurance companies. When we pick an insurance company, we think about two things. Can I trust them, and can they pay my claims? We look at their ratings. Cyber attacks prey on exactly that. Especially for small businesses, 50% of them that have a cybersecurity attack go out of business within two years. The repercussions are very serious for any small business, and for insurance companies even more so. Therefore it's important to work on technology, policies and employee training. Find a trusted partner to start with.

As technology becomes more sophisticated, so do cyber incidents. What does that mean for defending against them?

AI is already playing an increasing role in making those attacks more sophisticated. Phishing emails are cleaner and harder to recognize because they go through AI for grammar. On the other hand, AI can also be used to create new tools to protect companies. Now those tools are becoming more widely available. More data is available for businesses to embrace and apply, making it easier to protect themselves.

We work with a wide range of partners to build cyber security tools. They are embracing AI and bringing new tools to market every day, with new features, giving control to the small businesses to implement policies. Just in the past year, two partners of ours launched automatic tools that enterprises can deploy to simulate phishing attacks. That wasn't in the market just two years ago.

Can businesses get an edge over cyber attackers at protecting themselves?

I think so, because of the new technology and a phenomena that we're seeing, that people are more open to report a phishing attack. It lost the stigma of something that you have to hide. If we are open about it, talk about it and are out there advertising that there is nothing shameful about flagging a spam email or a phishing attack to your business or industry at large, we can help industry be more sophisticated and come up with solutions faster.