Any business, no matter if it’s large or small, is at risk of a cyber-attack if it has an online presence.
According to the Australian Cyber Security Centre, a business can expect at least one attack a year, and the threat is ever growing. But what steps should you be taking to cyber protect your business? Keep reading to find out more.
Larger organisations are more like to spend money on security from cyber threats, but SMEs may lack the budget for adequate protection; they think an anti-virus package is enough. They also don’t consider that their online information is important enough to warrant interest. This makes them an easy target for cyber criminals and hackers.
Email is a common point of entry for hackers for SMEs. They send seemingly legitimate emails with invitations to open attachments. Once these are clicked on then they’re in. Australians, in particular, are vulnerable to email attacks because we tend to be trusting in nature and don’t give these things a second thought. Make sure your staff are aware of such emails and ask them to report them to management if they receive one.
Some previous attacks using emails include:
- ones ‘apparently’ sent from Australia Post regarding the online tracking of a package in transit,
- from Department of Transport that look like speeding fines, and even
- from utility companies such as AGL about overdue bills.
A big problem at the moment is these types of legitimate looking emails contain nasty software called ransomware. This software, once in your computer system, allows hackers to gain access to people’s hard drives, lock them down and demand payment to unlock it and get their data back.
As an example, a couple of months ago 10,000 Australians were sent a fake email from their energy company with an attached bill. Once they clicked on it a .zip file was saved on their computer and the hard drive encrypted. The victim was then prompted to pay $A880 to unlock it.
Which assets need protecting?
It’s a good idea to start thinking about what information your business holds that might be valuable on the black market. This isn’t always financial information either. Names, addresses, client data, intellectual property, just about everything has value if criminals can sell it.
If you can identify your assets then this makes it easier to start talking to your insurance broker about cyber insurance cover. An expert and quality broker discuss cover for a range of financial loss scenarios such as, system damage, interruption to business or breach of privacy legal action.
Is your data secure and who has access?
Cyber criminals are always finding new ways to hack into systems so regular testing of your system is sensible. If there is a hole in it you can be sure a hacker will find it. Ensure that laptops have strong password protection, not just the name of the user’s cat. If data is being carried around on USB sticks, are they encrypted to make them secure? If you’re using cloud storage and email systems, good cyber security is essential so hackers don’t gain access.
Staff don’t always need to have full access to databases, so vary the levels of access based on what they need. You may need to provide training on what information is important to your business so everyone is aware of how to play their part in cyber security.
Do you have a question about cyber insurance? At Western Insurance Brokers, we help business owners understand their industry-specific risks and find cost-effective solutions to protect them. To learn more, get in touch today!