Understanding cyber risk
As the world has become more digitally enabled, so too has the risk of compromise for businesses via digital entry points.
The various forms of cybercrime are a critical business risk, and research from the Australian Small Business and Family Enterprise Ombudsman paints a grim picture. One report, The Small Business Cyber Security Best Practice Guide indicated small businesses represented 43 per cent of all cyber attacks in 2017. In the spate of ransomware attacks that occurred in 2017, 22 percent of affected businesses could not continue operating for a period of time.
Cyber attacks come in many forms, including:
Email phishing: Phishing attacks are hoax emails, designed and worded to appear as if they’re received from a trustworthy source, such as a bank or other financial institution. They aim to entice you to click on a malicious link that can lead to a viral infection of your systems, or ask you to input data — such as your login credentials for your bank — which is then taken and used illegally.
The risk of compromise is not limited to a single errant transaction. There are cases where a system has been compromised and the aggressor monitors communications moving in and out of a business, and creates imitation emails regularly, damaging the business in small ways each time.
Malware: Malware is software sent to you that, if opened or run, infects your computer, device or network. This can then be used to skim information from keyboards as keys are pressed, or provide external access to an unauthorised user in a remote location.
Ransomware: This software is similar to malware in its delivery, but it locks your system or network down until a ransom is paid to restore access.
DDoS: A direct denial of service attack bombards your network with requests and locks up your system from functioning normally. This is often used by groups such as the hacker group Anonymous to shut down targeted websites.
What precautions can you take?
According to the Australian Small Business and Family Enterprise Ombudsman data, fewer than one in three business with less than 100 employees take active preventative measures against cyber security breaches, and 87 percent of small businesses believe antivirus software alone is enough to protect them from the above. This is often not the case.
The first thing to examine is the potential entry points for attacks into your system and this can include point of sale systems, mobile devices used by staff, or allowing people to dial into your systems using a virtual private network (VPN). Once you are aware of where your business may be exposed, you can take appropriate action to protect systems.
The goal for most cyber attacks is the collection of data, so make sure you have offsite copies of all your critical records. Running data backups daily, or throughout the day, will allow you to restore your system should it become compromised.
If your employees are using mobile devices provided by the company, you can set up network restrictions that don’t allow them to access services like online banking, or your network. This will prevent accidental loss of a device potentially opening a route to your information.
Provide employee training to increase awareness on the types of cyber attacks and the need to implement strong system password controls. Consider implementing two-step security on your devices or network, meaning that both a password and a code, sent via email or SMS, will be required to access the network.
Impacts beyond data loss
There is an incorrect assumption that a cyber-attacks will cause damage to systems, and only technology will be affected, but the impacts can be far greater.
A cyber-attack could compromise your data, your premises, your clients’ data and your ability to operate, harm your reputation and brand and introduce you to the regulator. There may be significant financial implications such as fines or penalties from the regulator or ongoing costs associated with data restoration and repairing your systems and network. Downtime may inhibit your ability to trade resulting in lost income putting pressure on your cash flow.
Protect your business with cyber insurance
Cyber insurance can help minimise the loss caused by a cyber incident by covering the costs associated with restoring your business systems and incident management, including technical experts, forensic investigations and legal representation.
Business’ cyber insurance needs vary depending on their reliance on technology and the internet and the type of data they hold. Cyber insurance policies also vary. Your risk and insurance adviser can help you understand your cyber risks and help you navigate the complex cyber insurance market by tailoring an insurance solution for your business.
Speak to one of our experienced risk and insurance advisers to see how we can help tailor insurance cover that’s right for your business. Call AB Phillips on 1300 242 136 or email info@abphillips.com.au
The information provided in this flyer is factual information only and not intended to be advice about which financial products are suitable for your circumstances. Before you make any decisions about whether to acquire an insurance product we recommend you obtain advice by contacting an AB Phillips risk adviser.