For insurance buyers, insurance agents and insurance wholesalers!For insurance buyers, insurance agents and insurance wholesalers!

Being Safe Online

Overview

Web sites are common targets for attackers who seek to copy, alter, or delete files and disrupt services. A basic but effective defensive measure is a properly configured firewall on the web server to control incoming and outgoing traffic and block unauthorized access.

Beyond a firewall, secure hosting, development practices, monitoring, and recovery planning reduce the chance that an intrusion will become a costly business interruption or data breach.

Key takeaways

  • Install and configure a firewall on the server to limit unauthorized access.
  • Use secure development practices and choose a reputable hosting provider.
  • Maintain backups and monitoring so you can detect and recover from incidents quickly.

How it works

A firewall filters traffic based on rules you define, allowing legitimate requests and blocking suspicious activity. It can operate at different layers—network, transport, and application—to provide a layered defense.

Complementary controls include strong authentication, up-to-date server software, encrypted connections (HTTPS), and intrusion-detection systems that alert administrators to abnormal behavior.

For organizations that sell online or handle payments, consider specialized coverage and guidance such as e-Commerce Security Insurance that addresses common cyber exposures for storefronts.

What it may cover (and what it may not)

Technical protections like firewalls and secure coding help prevent unauthorized access, but they do not eliminate all risk. Coverage and protections vary by provider and plan.

  • Typical protections: firewall rules, patch management, encrypted transport, and access controls that reduce exploitability.
  • Potential gaps: misconfigured services, weak passwords, unpatched applications, and third-party integrations.
  • For broader cyber liability concerns, organizations can review options such as Internet Security Insurance to understand what financial protections are available following a breach or service disruption.

Common mistakes to avoid

Relying on default firewall settings or assuming a hosting provider has configured everything correctly are frequent errors. Default rules are often permissive.

Another common mistake is neglecting secure development: poorly validated inputs, unsecured file uploads, and exposed admin interfaces create easy paths for attackers.

Failing to maintain backups and not testing recovery procedures turn an incident into a prolonged outage; plan and practice restores regularly.

Questions to ask an agent

Ask whether any insurance you buy includes coverage for cyber incidents that originate from a compromised website and whether it covers incident response costs, notification, and business interruption.

Request clarity on exclusions, required security controls, and whether third-party hosted services are treated differently—for example, services tailored to sensitive environments such as childcare may have specific considerations covered under policies like Day Care Center Cyber Liability - Children/Childcare.

Next steps

Begin with a technical audit: review firewall configuration, ensure TLS is enforced, verify server and application patches are current, and enable logging and alerting. Address high-risk findings first.

Document an incident response plan and perform periodic backups stored separately from your primary hosting environment. Test restores to confirm you can recover within acceptable timeframes.

If you need help evaluating coverage or want an insurance quote, reach out and talk to an agent who can explain options and requirements.

Frequently Asked Questions

Will a firewall stop every type of web attack?

A properly configured firewall blocks many common attack vectors, but it cannot stop all threats; vulnerabilities in code, misconfigurations, and social engineering still pose risks.

How often should I update my web server and software?

Install critical patches as soon as practical and perform routine updates on a scheduled basis, balancing stability with security needs.

Do I still need backups if I have a firewall?

Yes. Backups are essential for recovery from data loss, ransomware, or other incidents where prevention controls fail.

Should my small business buy cyber insurance?

Many small businesses benefit from cyber coverage to help with response costs and liability, but evaluate policy terms, limits, and required security controls before purchasing.
Need insurance for You, Your Family or Your Business?
We can match you to a qualified, local insurance expert!
Get A Quote
Further Reading
Overview Every time employees search online, advertisers and other third parties can collect data that builds profiles used for targeted ads and, in some cases, for more intrusive monitoring. Organizations that care about employee privacy and basic ...
Overview Websites face ongoing threats from attackers who can copy, modify, or delete files, disrupt services, or impersonate users. Small business sites and single-page storefronts are common targets because their security is often overlooked. Bas...
Overview Many teenagers hold part-time jobs in industries such as restaurants, retail and agriculture, where routine tasks can involve real safety hazards. Employers and young workers both benefit when job-related risks are identified and addressed...
You know you need auto and home insurance, but should you look online for a policy or talk to an agent? Consider your personal preferences and several pros and cons of each method before you decide where to purchase your insurance policies. Learn mo...
Overview Social media can be a low-cost way for small businesses to reach customers, but it also creates risks for reputational damage, copyright infringement, and employee conduct that reflects on the company. A clear, written social media policy a...