Every 10 minutes on average, another Australian small business reports a cyber crime, according to the Australian Cyber Security Centre. And more than four in 10 cyber crimes committed in Australia target small businesses, says Business Australia.
Scams and victim numbers are increasing. The government’s Scamwatch website reports $211M lost through scams from 1 January to 19 September last year [2021]. This was an 89% jump on the same period the previous year.
Globally, there’s a ransomware attack on a business every 11 seconds, with losses tipped to hit $28B+, according to the Federal Government’s Ransomware Action Plan, released last October.
So how can your business minimise its risks from cyber crimes, and if attacked, reduce the negative impacts?
Protection from growing threats
Businesses have become increasingly vulnerable to cyber attacks during the pandemic lockdowns over the last two years. This is due to staff working from home using less secure Wi-Fi than would be the case on your premises. Whether your staff work onsite or remotely, the same security principles apply:
- Review your business continuity plans and processes, ideally quarterly
- Make multi-factor authentication compulsory for remotely accessed systems and resources, including cloud services
- Regularly train your staff and update your contractors about cyber security practices, especially to thwart Distributed Denial of Service threats and socially engineered messages
- Make sure your staff working remotely have physical security measures – as well as cyber ones – to protect their devices from being stolen
- Continuously update your systems, such as Virtual Private Networks and firewalls, with security patches.
‘Bad actors’ can also infiltrate through video conferencing (meeting bombing, malicious links in chats, etc) or even Bluetooth headphones, called ‘Bluesnarfing’. It allows hackers to steal data from Bluetooth-compatible devices. That data may include information from contact lists, calendars, text messages, or emails, and usually happens without the user’s knowledge. Be sure to inform your employees to deactivate the ‘discovery’ mode on their headphones to stop this.
You can transfer some cyber crime risks to your business by investing in a cyber insurance policy. It can help minimise disruption or damage from attacks and, depending on the policy limits, protect you should legal action and government penalties arise. This article will detail the peace of mind such cover can give your business.
Forensic support
Cyber insurance also covers you for forensic investigations. Usually, the policy gives you access to an around-the-clock incident response team to help you deal with cyber incidents and data breaches.
You’ll have that support from the initial notification until the issue has been resolved. The team includes IT forensic specialists, lawyers, credit monitoring experts, crisis management consults, call-centre and mail-house services. This could save your business thousands of dollars.
Business interruption & reimbursing for loss
While that team is at work, there may be disruptions to your business. We’d advise you consider taking out a cyber crime policy that includes cover for business interruption and will reimburse you for any losses.
This cover anticipates the fallout to you of a breach. You’ll need to:
- Promptly notify customers
- Spend time with us to sort out your data breach claim
- Have input into a crisis communications campaign to rebuild your business reputation
- Ensure higher security for your computer systems before you go back online.
Business interruption coverage within a cyber crime insurance policy activates even if your e-commerce website, for example, is offline for as short as eight hours. The cover can help pay for your lost revenue and ongoing business expenses.
You might think if you already have traditional business interruption insurance, you won’t need a cyber crime insurance policy, but there are key differences. They relate to the period of measures, restoration time frame, number of staff involved, geographic constraints, and reputational risks. We can demystify each of these for you – feel free to get in touch.
Cyber extortion defence
Should cyber hackers hold your data, website, computer systems, or other sensitive information to ransom, it’s good to know cyber crime insurance is there to support you. Hackers can get in by tricking one of your staff into clicking on a file or link within an email message, which inadvertently activates the ransomware throughout your network. Invariably, that program triggers a distributed denial-of-service attack, which paralyses your business – you’re locked out of applications and files. Pay the hacker the sum they’re demanding and you may get the encryption key to regain access.
To get the encryption key to regain access, pay the hacker the sum they’re demanding, but the Federal Cyber Security Industry Advisory Committee advises against doing so. In fact, it may be illegal in some circumstances.
Don’t expect the hacker to make you aware of the extortion or activate the ransomware as soon as they’re in. They could lurk in there for 11 days before you get receive the ransom, or your IT experts spot them. That gives cyber criminals a whopping 264 hours to install their ransomware or banking trojans, steal data, data wipe, or use penetration testing tools such as Cobalt Strike, says Zdnet e-zine.
In the event of such extortion, cyber liability insurance offers financial support to:
- Pay the ransom
- Cover extortion-related expenses, including hiring a consultant to remediate an attack, and
- Revive your damaged computer hardware and databases.
Data breach coverage
IBM’s Cost of a Data Breach Report 2021 shows the average cost of such breaches last year was the highest for 17 years. Remote work due to COVID-19 increased costs and most breaches were due to compromised credentials.
As well, the Australian Government will raise penalties for companies and organisations for serious privacy risks, such as through data breaches. Under the draft bill, for serious or repeated privacy breaches, the maximum penalty will be $10M or 3x the value of benefit gained through information misuse. You can find out more about notifiable data breaches from the Australian Information Commissioner.
Cyber crime insurance will protect you against privacy/data breach claims as long as they weren’t intentional, among other conditions. As a guide, if a data breach exposed 20,000 of your customer records, on average, the total claim would cost your business almost $3M.
A cyber crime insurance policy can cover you for a range of risks, including those above and more. Have a chat with us so we can suggest a tailored policy for your unique business needs.