While cyber breaches in the retail industry tend to grab headlines, the wholesale industry is not immune to the threat. In fact, according to the 2022 Travelers Risk Index, almost one-in-four (24%) wholesale companies have been victims of a data breach or cyber event.
However, with business challenges like supply chain disruptions and energy costs taking center stage, cyber threats are lower on the list of top concerns facing wholesale business decision makers. Survey respondents for the 2022 Travelers Risk Index ranked cyber-related breaches and risks sixth, tied with workforce concerns.
Wholesale Industry Lacking in Cyber Protection
“While businesses overall are taking some actions to help manage and prevent cyber events, there is still room for improvement. In fact, our survey showed that the wholesale industry is lagging behind most of the other industries when it comes to taking preventative steps,” Tim Francis, Enterprise Cyber Lead at Travelers, said.
The takeaway is that there is an opportunity for wholesale organizations to take steps that can help mitigate their exposure to loss, such as conducting a cyber risk assessment on their business, running internal IT audits, implementing hacker intrusion detection software, and simulating a cyber break to identify areas of system vulnerability, according to Francis.
Here are six steps your business can take to help prevent cyberattacks:
- Frequently Update Computer Passwords
- Use Firewall & Virus Protections
- Make Backup Copies of Important Data & Information
- Conduct Background Checks on Employees
- Have a Cyber Incident Response Plan in Place
- Invest in Cyber Insurance
1. Frequently Update Computer Passwords
According to the Travelers index, 76 percent of wholesale companies frequently update their computer passwords to help prevent cyberattacks. This is a great free option to give your business extra protection.
According to the Federal Communications Commission (FCC), businesses should require employees to use unique passwords and change them every three months. Consider implementing multi-factor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multi-factor authentication for your account.
2. Use Firewall & Virus Protections
The Travelers index also reported that 66 percent of wholesalers have firewall and virus protections to keep all of their data safe. A firewall is a security paradigm that comes in and regulates what comes in and out of your internet connection and protects your computer and your network from possibly malicious and unnecessary traffic, according to Startup.Info.
To get the most out of this protection, make sure the operating system’s firewall is enabled or install free firewall software available online. If employees work from home, ensure that their home system(s) are protected by a firewall.
3. Make Backup Copies of Important Data & Information
Sixty percent of wholesale businesses utilize data backup processes to help prevent a cyberattack, according to the Travelers index. The FCC advises wholesalers to regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly, and store the copies either offsite or in the cloud.
4. Conduct Background Checks on Employees
To manage and prevent insider threats on the company, the Travelers index found that 55 percent of wholesale companies conduct background checks on all of their employees. A study conducted by BetterCloud said the biggest security threat to a business likely is not a cybercriminal or hacktivist, but someone already in your organization. The vast majority (91%) of the 500 IT and security professionals surveyed said they feel vulnerable to insider threats, whether their acts are malicious or accidental.
According to Sterling RISQ, wholesalers can minimize employee risk by undertaking the right level of due diligence. A thorough background screen can reveal red flags such as dubious qualifications or termination from a previous employer due to misconduct.
5. Have a Cyber Incident Response Plan in Place
Joanna DiPallo, Wholesale Practice Lead, at Travelers, said their index found that one-in-four businesses have been the victim of a data breach or cyber event. As the wholesale industry continues to incorporate technologies that can help drive efficiencies, cyber criminals have more access points to exploit. To help combat this risk, it is important for wholesalers to consider conducting a risk assessment and creating an asset inventory, identifying critical points in the internal network that may be vulnerable.
“Having a cyber incident response plan in place can make a difference. Have a written plan to turn to, with step-by-step instructions of initial actions: who to call inside the company, what notifications, if any, are required outside the company, among other things,” Francis said.
6. Invest in Cyber Insurance
It is very important for wholesale businesses to consider cyber insurance, according to DiPallo. While some may think that only larger companies are targeted, the reality is that many cyber criminals see significant opportunity in smaller companies because they often do not properly cover their exposures. Many cyber insurance policies also provide pre breach services to help businesses avoid a cyber incident, such as cybersecurity assessments and employee awareness training.
“A cyber insurance policy can help protect a business from losses relating to its computer systems or data, which can include costs to respond to a data breach or expenses in recovering from a ransomware attack, as well as third-party risks, such as lawsuits or regulatory fines and penalties after a data breach,” DiPallo said.
“The results from the Travelers Risk Index highlight that some wholesale businesses may not be focusing on cybersecurity as much as they could be,” DiPallo said. “Perhaps it is because the possibility of an event seems remote — however, the financial, operational, and reputational ramifications of a cyber event can be devastating. Understanding that cyber threats will continue to persist and evolve, and that no organization is immune, is critical for all industries, including wholesale.”