Is Your Business Prepared for a Cyber Attack?

In today's digital world, cyber crimes and claims against businesses relating to privacy breaches are on the rise. 59% of Australian organisations have their businesses interrupted due to a cyber breach each month¹.

Conservative estimates indicate cyber crime costs the Australian economy in excess of $1 billion AUD per year² with figures expected to increase.

Cybercrime is a big issue for small business

Businesses of all sizes are affected by Cybercrime. Small businesses are particularly vulnerable. Consider these statistics from the Australian Small Business and Family Enterprise Ombudsman (ASBFEO) Cyber Security Guide³.

43% of cybercrime targets are smaller businesses;
22% of small businesses breached by 2017 Ransomware attacks were so badly affected they could not continue operating; and
60% of small businesses that experience a significant cyber breach go out of business within the next six (6) months

Steve Ingram, cybercrime expert from PwC, warns "A lot of organisations, individuals as well, think this will happen to someone else and that it won't happen to them." He adds, "While there's a cost [for preparedness], the cost of doing nothing is even greater."

Most prevelant cyber attacks

Symantec's 'Norton SMB Cyber Security Survey', conducted late 2017, revealed that email or phishing scams (54%) were the most prevalent Cyber Attacks that Australian small to medium businesses had fallen victim to. Hacking attempts and ransomware attacks were the next most prevalent.

Type of Cyber Attack	Prevalence in 2017
Email or Phishing Scam	54%
Hacking Attempt	36%
Ransomware Scam	28%
Online Identity Fraud	12%
Privacy or Data Breach	11%
Employee posting confidential information on social networking site	5%
An accidental loss of a laptop or well-meaning employee distributing confidential data unintentionally	5%
An internal threat such as an employee stealing data on a USB key or leaking information to competitors	4%

How can you protect your business

Protecting your business involves taking actions to prevent attacks including keeping technology up to date, educating staff and investing in security. You should also be working to minimise your losses should an attack occur, by doing things like creating a cyber attack response plan or considering a cyber insurance policy.

Some of the key steps you can take to protect your business are outlined below. We note that the below list is not meant to be comprehensive and does not take account of your individual business situation.

Keep your Network and Devices secure

It is essential to keep your Antivirus and Malware protection up to date and consider enabling 2 Factor Authentication (2FA) on all devices and online accounts that you and your employees use.

Two-factor authentication involves a two (2) step process to log in to a technological device. This will include a password and an additional step such as a code sent to a mobile device in order to gain access.

Periodically review your business' security systems and protocols to look for any security gaps and or exposures that need to be rectified.

Automatically update your operating systems, software and apps

If you receive a prompt to update your operating system or other software, you should install the update as soon as possible. Setting a convenient time for automatic updates can help to avoid unnecessary disruptions to your business.

Backup Company Data

Perform regular data back-ups (3 sets of backups, 2 different mediums eg. hard drives/tapes), one offsite with regular testing for your business' important data such as client information, website files, accounting records and correspondance.

Educate and Stay Aware

Ensure all employees undertake regular privacy and cyber security training and understand your business' personal information handling procedures. It is important that you maintain writtern training materials for all employees.

Keep up to date with emerging threats and scams. A great way of doing this is to subscribe to the Governments free Cyber alert service.

Use passphrases to protect accounts and devices

Passphrases are a more secure version of a password and should be used if MFA is not available. Passphrases use four or more random words as your password.

Passphrases provide the best security when they are long, unpredictable and unique. This will make it harder for cyber criminals to crack.

For more advice on creating passphrases, you can view ACSC Creating Strong Passphrases guide.

Create a Cyber Response Plan

This outlines the steps to manage a cyber security incident and should help you and your employees respond to a variety of incidents quickly and methodically, lessen any impact/losses and return your business to regular operations as soon as possible.

Report Cyber Attacks

Report cyber-attacks by visiting https://www.cyber.gov.au/acsc/report to report the attack. This helps develop a better picture of the cyber crime affecting Australian businesses and can in some cases lead to your matter being resolved.

Get Insured

Consider taking out suitable insurance cover. There are two (2) main policy types/extensions that Coverforce recommend to businesses looking to arrange cyber insurance. These are:

Cyber Crime Insurance (or Cyber Crime Policy Extension)

A typical policy will provide cover for theft of money as a result of a cyber crime event. For example social engineering fraud, phishing, phreaking or other forms of cyber fraud involving loss of money.

Cyber Liability and Privacy Protection Insurance

A typical policy will provide cover for the following when incurred as a result of a cyber event, or breach of privacy as defined by the insurer's policy wording: first party (own) costs and expenses. Cover for theft of money is excluded.

We note that the above suggestions are not meant to be advice and do not take account of your personal business situation. If you would like cyber advice that is tailored to your individual circumstances, please contact us.

Where to get further information

There is a wealth of information available online and from professional service providers to assist you in protecting your business against cyber threats.

A great place to start for guides and information is https://www.staysmartonline.gov.au

For security concerns, try contacting your IT service provider, and in the case of arranging insurance, a reputable insurance broker, such as Coverforce, can assist.

To find out more about getting reliable insurance cover for your cyber risks, contact Coverforce and speak to one of our experienced insurance brokers today.