It is critical in today’s environment that businesses understand the importance of being cyber safe.
It is critical in today’s environment that businesses understand the importance of being cyber safe.
According to the World Economic Forum’s (WEF’s) Global Risks Report 2020, cyber-attacks rank as the second greatest risk for business globally over the next decade and the UN has reported a 600% rise in malicious emails during COVID-19.
It’s no different in Australia with the Australian Cyber Security Centre (ACSC) warning of a significant increase in attacks on businesses with COVID-19 themed email ‘phishing’ attacks.
Attacks often involve cleverly disguised emails which make unsuspecting business owners and employees open malicious files. According to the ACSC, these scams and other cyber activity have cost Australian businesses an estimated $29 billion each year. One reason small to medium sized businesses are under great threat is because they do not have the sophisticated security systems and IT departments of bigger operations.
The Privacy Act requires businesses to take “reasonable steps to protect the sensitive and personal information they hold from misuse, interference and loss, as well as unauthorised access, modification or disclosure”. The consequences of not doing so can be significant.
Five potential threats businesses need to be aware of:
1. Business email compromise - also called CEO fraud, where threat actors interject into email streams to divert funds by exploiting technological and human vulnerabilities.
2. Ransomware - where threat actors take control of systems and lock data until a ransom is paid.
3. Cloud security – the increase in organisations outsourcing data storage to cloud-based infrastructure has increased security risks.
4. Internet of Things (IoT) risks come from a range of products, like printers, smart TVs, and automated home assistants, many of which have poor security.
5. Mobile devices and Bring Your Own Device (BYOD) which connect to corporate systems may be insecure.
Six things businesses can do to help them stay cyber safe:
1. Awareness: Promote a 'stop and think before you click' message amongst their staff.
2. Passphrases: Ensure that they and their staff use passphrases rather than passwords e.g. lyrics to a song. They should at least 12 characters long and include upper and lowercase letters, numbers and symbols for extra strength. Better still use two factor authentication which typically requires the user to provide a secret only the user knows (like a passphrase or PIN).
3. Updating: Ensure all operating systems and application software update automatically where possible
4. Anti-virus software: Installing anti-virus software and an ad-blocking browser plugin on staff computers to help prevent malware compromising business computers.
5. Backup: Keep frequent backups of all critical information and systems, ensuring that backups are stored securely off site and not connected to the network to prevent their loss due to fire, theft or malware.
6. Subscribe to alerts published by:
Stay Smart Online: www.staysmartonline.gov.au/alert-service
Scam watch: www.scamwatch.gov.au/news
Have financial protection should an attack slip through
In the event of an attack slipping through, it’s important for businesses to have financial security to handle and remediate the situation - which may include a ransom, data and application restoration, legal advice, data breach investigation and public relations, to name just a few. The financial impacts of cybercrime can be extensive and not always obvious.
Like COVID-19, there is no cure for cybercrime, just preventative measures and having the means to remediate the situation once it has taken place.
Questions? Please contact iMed Insurance for an obligation free discussion.
