Is Your Business Prepared for a Cyber Attack?
In today's digital world, cyber crimes and claims against businesses relating to privacy breaches are on the rise. 59% of Australian organisations have their businesses interrupted due to a cyber breach each month¹.
Conservative estimates indicate cyber crime costs the Australian economy in excess of $1 billion AUD per year² with figures expected to increase.
Cybercrime is a big issue for small business
Businesses of all sizes are affected by Cybercrime. Small businesses are particularly vulnerable. Consider these statistics from the Australian Small Business and Family Enterprise Ombudsman (ASBFEO) Cyber Security Guide³.
- 43% of cybercrime targets are smaller businesses;
- 22% of small businesses breached by 2017 Ransomware attacks were so badly affected they could not continue operating; and
- 60% of small businesses that experience a significant cyber breach go out of business within the next six (6) months
Steve Ingram, cybercrime expert from PwC, warns "A lot of organisations, individuals as well, think this will happen to someone else and that it won't happen to them." He adds, "While there's a cost [for preparedness], the cost of doing nothing is even greater."
Most prevelant cyber attacks
Symantec's 'Norton SMB Cyber Security Survey', conducted late 2017, revealed that email or phishing scams (54%) were the most prevalent Cyber Attacks that Australian small to medium businesses had fallen victim to. Hacking attempts and ransomware attacks were the next most prevalent.
|Type of Cyber Attack||Prevalence in 2017|
|Email or Phishing Scam||54%|
|Online Identity Fraud||12%|
|Privacy or Data Breach||11%|
|Employee posting confidential information on social networking site||5%|
|An accidental loss of a laptop or well-meaning employee distributing confidential data unintentionally||5%|
|An internal threat such as an employee stealing data on a USB key or leaking information to competitors||4%|
How can you protect your business
Protecting your business involves taking actions to prevent attacks including keeping technology up to date, educating staff and investing in security. You should also be working to minimise your losses should an attack occur, by doing things like creating a cyber attack response plan or considering a cyber insurance policy.
Some of the key steps you can take to protect your business are outlined below. We note that the below list is not meant to be comprehensive and does not take account of your individual business situation.
Keep your Network and Devices Secure
Ensure your Antivirus & Malware protection is up to date and consider enabling two (2) factor authentication on all devices and online accounts you use - particularly those that allow payments to be made.
Two-factor authentication involves a two (2) step process to log in to a technological device. This will include a password and an additional step such as a code sent to a mobile device in order to gain access. This can improve security significantly.
You should also periodically review your business' security systems and protocols to look for any security gaps and vulnerabilities. Depending on the technical expertise you have it may be beneficial to engage an expert to carry out this review.
Maintain your Technology
Keep your technology up to date with the latest versions and patches. Out dated software, operating systems and applications can have security vulnerabilities that can leave your business open to cyber-attacks.
Backup Company Data
Backup your business' important data such as client information, website files, accounting records and correspondence. Carry out backups using at least two (2) different mediums (eg. hard drives/cloud storage/USB) and keep one offsite. Test your backups regularly.
Educate and Stay Aware
Create a Cyber Security policy and educate your staff on common cyber threats.
Ensure all employees undertake regular privacy training and understand your business' personal information handling procedures. It is important that you maintain written training materials for all employees.
Keep up to date with emerging threats and scams. A great way of doing this is to subscribe to the Governments free alert service https://www.staysmartonline.gov.au/alert-service
Use strong passwords
Strong passwords that are regularly changed prevent criminals from accessing critical information that can be used for fraud or to extort your business.
Strong passwords or if possible two-factor authentication should be required for all fixed and mobile devices, systems and online accounts. Employees should not share passwords.
Create a Cyber Attack Response Plan
A Cyber Attack Response Plan outlines the steps to manage a cyber security incident. The plan should help you and your employees respond to a variety of incidents quickly and methodically, lessen any impact/losses and return your business to regular operations as soon as possible.
Consider taking out suitable insurance cover. There are two (2) main policy types/extensions that Coverforce recommend to businesses looking to arrange cyber insurance. These are:
- Cyber Crime Insurance (or Cyber Crime Policy Extension)
A typical policy will provide cover for theft of money as a result of a cyber crime event. For example social engineering fraud, phishing, phreaking or other forms of cyber fraud involving loss of money.
- Cyber Liability and Privacy Protection Insurance
A typical policy will provide cover for the following when incurred as a result of a cyber event, or breach of privacy as defined by the insurer's policy wording: first party (own) costs and expenses. Cover for theft of money is excluded.
We note that the above suggestions are not meant to be advice and do not take account of your personal business situation.
If you would like cyber advice that is tailored to your individual circumstances, please contact your nearest Coverforce Office.
If your business has experienced a cyber attack, visit https://www.acorn.gov.au/ to report the attack. Reporting attacks helps develop a better picture of the cyber crime affecting Australian businesses, and can in some cases lead to your matter being resolved.
Where to get further information
There is a wealth of information available online and from professional service providers to assist you in protecting your business against cyber threats.
A great place to start for guides and information is https://www.staysmartonline.gov.au
For security concerns, try contacting your IT service provider, and in the case of arranging insurance, a reputable insurance broker, such as Coverforce, can assist.
To find out more about getting reliable insurance cover for your cyber risks, contact Coverforce and speak to one of our experienced insurance brokers today.