The recent ransomware attacks against Channel Nine in March and the meat processing company JBS’s worldwide operations in June are just some examples of an ever-expanding problem making news headlines daily.
The recent Australian Government Annual Cyber Threat Report found Cybercrime cost Australians $29 billion annually, with Cybercrimes occurring every 10 minutes, ranging from denial of service to phishing and malware attacks. Cybercriminals, some of which are said to be encouraged by foreign governments are becoming increasing ruthless, with attacks on hospitals, schools as well as small and large businesses.
Cybercriminals are becoming increasingly sophisticated, and just because you own or manage a small business, doesn’t mean that you will be disregarded by these criminals. In fact, it’s possible that your business could be targeted by cyber threats in the future, as larger businesses increase their cyber defences. Hence, it is necessary to put the correct precautions in place to protect your business, its customers and profits before ransomware, malware or other types of Cybercrime attacks occur.
Why are Small & Medium businesses more vulnerable to cyber-attacks?
Cybercriminals are increasing business-minded and know that small businesses are often not as protected against cyber-attacks like ransomware attacks, which can make them an easier target for a quick profit. Criminals also know that SME’s often lack dedicated internal IT staff to continually maintain software and install the latest security patches and are focussing their efforts on more urgent COVID-19 related issues including supply chain interruptions, lockdown or staffing.
Even if you try and shore up your own security, cybercriminals are now focussing on service providers, enabling them to subsequently attack multiple small businesses.
In addition to the above challenges is the recent accelerated drive to work from home. This has spotlighted a unique set of risks for businesses including unsecured home networks, fake emails sent from co-workers asking to pay invoices (social engineering) and phishing emails that give criminals access to the computer.
How to protect your business against cyber and ransomware attacks
The fact that small and medium businesses are vulnerable to ransomware attacks and that their service providers are now being targeted highlights the need for an urgent review of your risks and implementation of security practices.
There are lots of free resources for SME’s on the Australian Cyber Security Centre website including a Phishing Test, Cyber security tool, and guides on how to get your business up and running after an attack.
Below are ten steps that all small and medium sized businesses can take to help secure their online presence and protect their company from cybercriminal attacks.
- Train all employees in cyber security and how to avoid opening links or acting on information from unknown contacts.
- Ensure policies are in place to automatically update and patch software. Also use well known reputable providers of firewalls that can block malicious emails, as well as check for suspicious and spam emails.
- Restrict data access to only the employees who require specific information.
- Back up all your data on a daily basis to cloud storage and weekly to a dedicated secure server in a separate location.
- Implement data encryption when sending data over the internet and encourage the use of multi-factor authentication when employees access data remotely on mobiles and tablets.
- Avoid public networks, they allow others to see your data and passcodes.
- Ensure there are procedures in place to ensure passwords are changed on a regular basis, also that they are unique, strong and secure.
- Install security software on all computers, laptops and mobile phones accessing the companies’ IT systems, including anti-viral and anti-spyware filters.
- Regularly update user access and remove users that have left the company or have had a change in their IT access.
- Consider cyber insurance to help you manage and recover from a cyber or ransomware attack, including cover for lost income.
For more information on how we can help you insure a better way, please contact us.
This communication including any weblinks or attachments is for information purposes only. It is not a recommendation or opinion, your personal or individual objectives, financial situation or needs have not been taken into account. This communication is not intended to constitute personal advice. This type of insurance product is designed for small and large businesses, who want to be covered against financial loss relating to cyber-attacks and damage to software, data, reputation and interruption to their business.
We strongly recommend that you consider the suitability of this information, in respect of your own personal objectives, financial situation and needs before acting on it. This document is also not a Product Disclosure Statement (PDS) or a policy wording, nor is it a summary of a particular product’s features or terms of any insurance product. If you are interested in discussing this information or acquiring an insurance product, you should contact your insurance adviser to obtain and carefully consider any relevant PDS or policy wording before deciding whether to purchase any insurance product.