Understand and prevent cyber risk at your business

Added January 26, 2021
Someone typing on a keyboard

As someone in the horticultural business, your focus is on the natural world. But if your company is like most, you still rely on technology to help your business succeed. Technology brings many benefits to businesses, but it also brings risk.

One of the primary risks of using technology at your business is cybercrime. You’ve likely heard of large-scale cyberattacks against major corporations; however, large businesses aren’t the only targets. According to Cybersecurity Ventures, more than half of all cyberattacks are committed against small to midsized businesses. Even more concerning is 60 percent of those companies go out of business within six months of experiencing a data breach or hack.

Any business that relies on technology should be prepared for cyberattacks. This guide provides information about some common types of cybercrime and how you can help prevent them.


Phishing is one of the most well-known types of cybercrime. Phishing is when cyber criminals send fraudulent emails or messages—usually disguised as legitimate communications—with the intent to gain personal information, money, or access to a device. Oftentimes, the messages are written to make the reader feel a sense of urgency to click a link or send information.

Educating yourself and your employees is one of the best ways to avoid falling victim to phishing emails. Here are a few things to look out for when checking your emails:

  • Check the sender: Verify the email address the message is coming from and if the message matches what you’d typically expect from that sender. Be aware that the name in the “From” field can easily be changed to get through spam filters.
  • Evaluate the message:
    • Watch for strange prompts. Legitimate businesses won’t ask you for personal information—such as banking numbers or Social Security numbers—via email.
    • Look out for typos or other grammatical errors. Legitimate emails should be clean and well-written.
    • Offers that sound too good to be true, probably are.
  • Don’t open attachments or links: If an email is suspicious, the only thing you should do with it is delete it.


Ransomware is software that restricts access to files and demands a ransom payment in exchange for whatever is needed to unlock the ransomed data. Cyber criminals will typically threaten to delete the data or share it publicly if the victim doesn’t pay the ransom. However, a given attacker may not hold up their end of the deal. It’s possible that you’ll never recover your data.

Any device that connects to the internet can be affected by ransomware. Here are a few tips to protect against ransomware:

  • Monitor your email for odd sender email addresses and typos— don’t open attachments or click links in a suspicious email. Additionally, use the same methods listed in the phishing section of this resource.
  • Adjust online settings to disable pop-up windows and prompt you before running a plugin.
  • Back up your data regularly. Your IT team—whether internal or external—can help you determine the method.
  • Keep your software updated, including your antivirus protection.

Fraudulent impersonation

Fraudulent impersonation occurs when a cyber attacker impersonates someone—such as an authority figure or a vendor—to gain data or money. For example, an attacker may disguise themselves as one of the vendors your business works with and ask your employee to pay an invoice or share customer information.

In addition to the prevention methods we listed earlier, here are some additional security tips to help avoid fraudulent impersonation:

  • Implement a procedure for transferring money or data to vendors. For example, you could require employees to get approval for money transfers over a certain dollar limit.
  • Authenticate vendor identities. If you receive an unexpected invoice or request, call your vendor directly to verify it came from them.
  • Educate your employees about fraudulent impersonation. The more they know, the more likely they’ll be able to detect it.

What to do if you think you’ve been affected by cybercrime

We’ve all encountered technical problems and know they’re frustrating. But falling victim to cybercrime is frightening. And like most other crimes, addressing it as soon as possible will lead to the best results.

Disconnect your devices

Data encryption can take a long time. If you suspect your files are being encrypted, disconnect your devices from any network and disconnect the power source.

Contact IT professionals

In the event of a cybercrime, contact your IT team or vendor—they’ll know the appropriate next steps. If you don’t have an IT team, consider hiring a third-party vendor. Not only can they help address a possible data breach or other cybercrime, they can help prevent them from happening in the first place.

Contact your cyber liability insurance provider

Contact your insurance provider as soon as possible following an attack. If you don’t currently have cyber liability coverage, consider adding it to your existing policy. Like most insurance, prices vary but will likely cost much less than a claim.

Here are some of the costs cyber liability coverage can help cover:

  • Cyber extortion
  • Data recreation
  • Business interruption
  • Security and privacy liability

Additionally, some insurers will include additional resources—from prevention resources to lower rates for IT services—to help you prevent a cyber-related claim.

We want to help you protect your business by providing the information and resources you need to help prevent losses before they happen. Contact your Hortica representative and we’ll have a conversation about protecting your critical data.


The general information contained in this article is for informational or entertainment purposes only. The information in this article is provided “as is” and without any warranties of any kind. Florists’ Mutual Insurance Company, its subsidiaries, or affiliates (Companies) does not accept any responsibility related to the content or accuracy of the information contained in this article. The information contained in this article should not be mistaken for professional or legal advice. Any use of this article or any third-party website linked to this article is at the risk of the user. The Companies are not liable to any person or entity for any direct, indirect, or consequential damages arising out of the use or inability to use this article or any third-party website linked to this article. The views and opinions contained in third-party websites referenced in this article are the views and opinions of third-party authors and may not represent the opinions or policies of the Companies.
Loading...please wait