What are 5 cybersecurity risks that can impact your business

The need to be cyber safe both at home and at work is vitally important. The risks from cybercrime increase year on year as cyber criminals become more active and inventive in their opportunistic attacks.

Cyber criminals continue to exploit the global focus on COVID-19 and the new normal of working remotely online to infiltrate computers, networks, platforms, communications and even mobile devices to extort money and steal personal information.

This increasingly prevalent risk is one that more business owners are protecting themselves against by implementing cyber security solutions and purchasing cyber insurance. Like any other first-time purchase, what do you need to know before purchasing cyber insurance? What does cyber insurance actually cover you for? And just like the physical security and protection at your practice, what is your contribution to protecting your systems and information?

Small businesses can be attractive targets for cyber criminals as they may not have the level of and focus on cyber security that larger businesses may have. Attacks including cleverly disguised emails and text messages which can trick unsuspecting business owners and their employees into opening malicious files are on the rise. A major reason small to medium sized businesses are under great threat is because, in the main, they do not have the sophisticated security systems and IT departments of bigger businesses.

5 potential threats to be aware of:

  1. Business email compromise, also called phishing or CEO fraud, where hackers interject into email streams to divert funds by exploiting technological and human vulnerabilities.
  2. Ransomware, where hackers take control of systems and lock data until a ransom is paid.
  3. Cloud security – the increase in organisations outsourcing data storage to cloud-based infrastructure has increased security risks.
  4. Internet of Things (IoT) risks come from a range of products, like printers, smart TVs, and automated home assistants, many of which have poor security.

Mobile devices and Bring Your Own Device (BYOD) which connect to corporate systems

The Privacy Act requires that health service providers take “reasonable steps to protect the sensitive and personal information they hold from misuse, interference and loss, as well as unauthorised access, modification or disclosure” (APP 11.1).

7 things you can do to help you stay cyber safe:

  1. Awareness: Promote a 'stop and think before you click' message among staff to help raise awareness of online security risks.
  2. Passphrases: Ensure that you and your staff use Passphrases rather than passwords e.g. lyrics to a song. They should contain at least 12 characters and include upper and lowercase letters, numbers and symbols for extra strength. Better still use two factor authentication which typically requires the user to provide a one off code or pin number in addition to their password.
  3. Updating: Ensure all operating systems and application software update automatically where possible. Why? Software vendors regularly update their software to improve performance and also reduce its vulnerability to attacks.
  4. Anti-virus software: Install anti-virus software and an ad-blocking browser plugin on staff computers to help prevent malware compromising business computers.
  5. Public Wi-Fi: If you need to use public Wi-Fi, at the very least, make sure it requires password access.
  6. Backup: Keep frequent backups of all critical information and systems, ensuring that backups are stored securely off site and not connected to the network to prevent their loss due to fire, theft or malware.

Prevention is an important part of protection, however if a cyber-attack is successful, having cyber insurance is essential, just as building insurance is in the case of fire. Here are just some of the risks covered:

  • Coverage for a wide range of events including - Cyber Extortion, Denial of Service, Hacking, Privacy Errors & Point of Sale Intrusion
  • Business Interruption – for loss of revenue  
  • Incident management costs – Legal expenses, Defence Costs, Settlements, Awards, Damages
  • Cyber Event Response Costs - Data Restoration Costs, Data Securing Costs, External Management Costs (Crisis Management, Public Relations Costs, Virus Extraction Costs, Cyber Extortion Costs, Identity Theft Response Costs includes threats against data held in your systems or exfiltrated.