While excellent service and friendly staff are often essential to the success of your business, what really matters is the trust your customers have in your business. Unfortunately, that trust can sometimes be destroyed by cybercriminals. These bad actors will stop at nothing and have become more focused on small and medium businesses located in Australia.
The general public has started to realise that cybercriminals are real people doing this damage. Regrettably, they’re not just some made-up villain from the movies, usually they’re ordinary people who are hacking into Australian businesses and causing real problems.
No business is immune to this crime, they are often prime targets for hackers because of the private client data that companies may collect. Without the proper security measures in place, you might find that your business is particularly susceptible to online attacks from cybercriminals.
Criminals increasingly targeting small businesses online
When you use a computer, iPad, or any other device to access the internet you become a potential target. Hackers target private information such as client data, intellectual property, banking information and more. The size of your business doesn’t matter; every business is vulnerable.
Businesses will inevitably have to hold sensitive information. The SME industry has been subject to most of the online attacks because active security measures aren’t in place like those adopted by larger companies. Small businesses in turn become easy targets because of their unsophisticated security measures.
Being vigilant and prepared
To keep you and your online customers safe, it is crucial that you review your cybersecurity measures and educate your employees. Evaluate your current plan and determine what your business is doing to stop cybercrime and how you can improve it.
There are several things you should consider. It is important to review the valuable data you hold and the security measures you have in place to keep that data and your IT infrastructure secure. Create a plan of action that details steps you would take if a breach were to occur so you can respond quickly. By testing the plan and having your staff undergo training, you can be more proactive in spotting online threats.
Types of threats
In the media, there has been a multitude of reports on high-profile malware attacks, including “WannaCry” and Petya”, which have shown us how easy it is for systems to be infiltrated and how much damage can be caused.
One example of a threat that is running rampant today is the ransomware attack. A cybercriminal takes over a computer and demands money or cryptocurrency in exchange for them to relinquish their hold on the computer. However, sometimes the criminals refuse to restore functionality and return everything to normal once the ransom has been paid. In addition, paying that money doesn’t guarantee that you won’t be attacked again in the future. It might even make you a marked target because you have been identified as compliant and willing to pay to get your computer access back.
Other types of attacks include phishing, DDoS, cross-site scripting, session hijacking and key-logging. All these activities are used to steal data and the attacks are becoming more sophisticated.
Regardless of the size and type of business, cybercrime can have devastating effects. When sensitive client data and operational capabilities are compromised, it can be an expensive problem to fix and can interrupt the flow of business. Not only can it be a costly problem, but it can also ruin your reputation in the community.
What can you do?
Luckily, there are some things you can do help prevent a cyber-attack overtaking your business.
Passwords – Passwords should always be unique and be something that isn’t easy to guess. If you have a hard time remembering your passwords, use a password manager application such as RoboForm, Last Pass or Keeper.
Backups – If you are attacked, having recent backups can make recovering the security and control of your site much more manageable. Backup your data regularly and keep a separate hard drive where it cannot be reached by internal or external interfering actors.
Update and Lockdown – Keeping your software updated can be time-consuming and quickly forgotten, but it is vital to keep it up to date. If this is not regularly maintained, you won’t get access to patches that fix known vulnerabilities. You should accept notifications when you see there is an update available. Also make sure that you shut down your laptop or PC when not in use.
What is Cyber Liability insurance and what does it cover?
Prevention is the best way to minimise the possibilities of cyber-attacks. However, you can also choose to purchase Cyber Liability insurance* which helps to protect you from claims and supports your profitability in the event of a cyber breach or attack.
If you are hacked, you might experience a loss of sensitive client data, which could have severe consequences for your businesses. While purchasing Cyber Liability insurance won’t stop an attack from occurring, it can help businesses to manage and recover from the breach.
Benefits that are typically included in Cyber Liability insurance are:
- Extortion costs
- Business interruption costs
- Penalties and fines
- PR & crisis management costs
- Mandatory notification costs and other legal expenses
- Data recovery and forensic investigation costs
Things that are generally NOT included in Cyber Liability insurance are:
- Losses from power outages from utility services
- Damage to property
- Prior known facts and/or instances
- Replacement of equipment
- Intentional acts
One last thing to note about Cyber Liability insurance, if the breach occurs accidentally, perhaps due to someone sending an email to the wrong person or losing a device, this type of insurance will still cover you*.
Start with awareness
Unfortunately, the reality is that cyber-attacks do occur more and more regularly and cyber criminals are adept at finding novel ways to infiltrate computer systems. It’s almost impossible to protect you and your business from every attempted breach, but by having an increased awareness of threats, utilising security software and taking out insurance, you can help keep your business safe from cybercriminals.
*As with any insurance, cover will be subject to the terms, conditions and exclusions contained in the policy wording. The information contained on this web page is general only and should not be relied upon as advice.