The world is changing at a rapid pace and businesses are struggling to keep up. According to a recent Allianz survey of businesses, Cyber Loss ranks as the third biggest risk facing all businesses.
In the past 6 months alone, our clients have had multiple instances where they have fallen victim to Ransomware attacks. Whilst each is a successful business, there is nothing ‘special’ or ‘unique’ about their operations that would be of interest to a potential ‘hacker’. They don’t have a large e-commerce presence on the internet, nor do they store any ‘valuable’ information.
Valuable information includes customer names, dates of birth, Medicare numbers, tax file numbers, financial information and/or credit card details.
There has been a significant increase in activity from hackers all over the world and local businesses are starting to feel the impact. In the first half of 2016, Trend Micro alone detected and blocked almost 80 million Ransomware threats!
So why were these businesses targeted?
The concept behind Ransomware is that someone takes control of your systems and requests a ‘ransom’. The ransom amount can range from a couple of hundred dollars to tens or hundreds of thousands of dollars.
Australia is very popular…. but with the wrong kind of people. Typically, hackers target Australian businesses because of our quality of life, disposable income and laid back attitude. How often do you say or think the term ‘she’ll be right?’
Unfortunately, this is the attitude that too many people take, especially when dealing with their IT Systems. With the increase in sophistication from a hacker, it’s easy money when dealing with SME businesses.
What’s in it for the Hacker?
To put it simply, financial reward. Whether it be cash, Bitcoins or even iTunes gift cards, a hacker does this for the money.
According to the FBI, in the first half of 2016, Ransomware payments topped USD$209 million.
What can I do to protect my business today from Cyber Loss?
Ransomware attacks usually start in two ways:
- a booby-trapped email with a malicious attachment; or
- via an already compromised website.
The virus will make its way through your network and ultimately into your server.
There are many things that you can do to protect your business from Ransomware. Your IT provider should have already provided these recommendations to you;
1. Back up your data to a service that is not connected to your devices or networks.
We have seen instances where a server has been attacked and rendered useless. There was a backup in place, however, this was still connected to the server and ended up being compromised as well. Connecting to a cloud backup can remove the requirements of daily disk swaps which will mitigate this type of scenario
2. Check your backups on a regular basis
Without checking your backups, how do you know they’re working? Imagine losing your system only to find out that your backups had also been corrupted. Make sure you have checks in place to ensure that your backups can be relied upon. Once again, consider a cloud based backup option.
3. Move critical functions to the cloud
Whilst it is a major job to change an accounting system or move thousands of emails, it will provide your business with another layer of protection. Running cloud versions of Xero or MYOB in place of local software will ensure the safe storage of data if your local environment is compromised. Similarly, with emails, migrate your data to Office 365 rather than relying on your Exchange server.
4. Keep ALL software up to date
Hackers rely on businesses not updating their software regularly. Whether it be Windows, Office, your Internet browser or anything else, make sure that your business is always using the latest versions. If you are still operating Windows XP on any machines, did you know that Microsoft stopped providing security updates in 2014?!
5. Use a quality Security Software Package
Investing in good quality security and anti-malware software is important as it identifies threats or suspicious activities on a machine. It protects users from certain websites and programs that are being downloaded. Further to this, ensure that the software you use can also sit behind your email system and provide a firewall to prevent harmful emails getting through.
If you want to take this a step further, you’ll find a more comprehensive list on this page.
6. Encrypt all devices
All businesses today are mobile. Whether it’s a mobile phone, an iPad or a Laptop, it is critical that these devices are encrypted. Encryption is important to secure information on your devices that you don’t have want anyone else to have access to.
To see how to encrypt your devices check out this great link.
But what is it and how can it help my business?
Cyber Insurance is a relatively new insurance cover available in Australia. Initially the cover was taken up by larger businesses, however, the product is now available and recommended to all business owners. The cost and coverage options are now much more suitable to SME’s.
Cyber Insurance can provide coverage for both First Party claims (damage to your business) and Third Party claims (damage or loss to customers).
There are a range of different ways that a hacker can cause damage to a business or a customer including:
First Party Examples
- Computer and network hacking
- Denial of Service Attack
- Client Identity Theft
- Use of Malware & Ransomware
- Use of Viruses & Trojans
- Phishing & Email Scams
- Cyber Extortion
- Human Error leading to Data Loss
Third Party Examples
- Breach of Privacy
- Information & Data Theft
- Defamation of Slander
- Transmission of Malicious Content
These acts can lead to costs being incurred by a business that are traditionally uninsured. A Cyber Insurance policy can provide assistance and payment for:
First Party (Claims against your business)
- Repairing servers, networks and/or websites from damage caused by a hacker
- Reinstating or replacing lost data
- Loss of income due to reduction in trade from damage to business systems
Third Party (Claims for your customer’s loss)
- Costs to defend claims against you for failing to secure or misusing your client’s data
- Costs to rectify the transmission of viruses, worms or Trojan horses to a third party
- Forensic Investigation and Privacy Breach Notification Costs
- Public Relations Costs
It is important to remember that taking out a Cyber Insurance policy is not a magic pill that can make all the bad stuff go away. Cyber Insurance is meant to be used as a funding mechanism to help your business implement their Emergency Response Plan.
To arrange a quote today or to find out more information about Cyber Insurance, please visit the Cyber Insurance page.