Protect Yourself Against Cyber Bullies
Our previous newsletter talked about the growing need for businesses to implement safeguards to mitigate cyber-attacks in the work place. We want to follow on from that and discuss further how business’ can help protect themselves against cyber threats.
Over the past few years, there has been a sharp rise is cyber-crimes. In Q1 of 2015 cyber threats related to ransomware virus CryptoLocker almost tripled. This increase sounds alarming, however, as Australia’s reliance on technology grows and the technology landscape continues to evolve faster than the law, the cost and frequency of cyber-crime is expected to increase.
Cyber-attacks are becoming more sophisticated and harder to recognize. Common threats are delivered via email from what looks to be an official source such as the ATO or Australian Federal Police. Disguised as a HTML link, the threat is written in such a way that it causes an emotional response and you don’t think twice before clicking on the link, which activates the virus.
Cyber-attacks are often aimed at financial gain but the greatest fallout can be a business’ reputation. Cyber-attacks go after data such as Intellectual Property, sensitive personal information and account information or they can simply destroy a network of information. Your client’s personal information can be hacked, violating privacy laws with little you can do. Cyber-crime damages trust within the business, causing ill sentiment to ricochet into the marketplace very quickly, depending on the extent of the attack.
More recently, a cyber-crime aimed at exploiting the privacy of an individual rather than chasing financial gain was that of a Canadian-based online extramarital dating and social networking service called Ashley Madison. The situation: A cyber-crime syndicate known as “The Impact Team” leaked sensitive documents of more than 36 million names from around the world, exposing member profiles including personal information. The fall out included divorces, loss of jobs, resignations, damaged reputations and in the most extreme case; suicide.
Individuals, businesses and governments may not be able to completely stop cyber-crime but prevention is sometimes easier than a cure.
London Australia Underwriting (LAUW) recommends implementing the following first level requirements, a given for all business’ to help safeguard against cyber attacks
- Renew and update your multi-level security platform, as recommended by your IT partners
- Maintain good Windows patching policies on servers and workstations
- Ensure your website and web services all use SSL encryption and HTTPS
- Introduce a password policy across the business
- Ensure you have network folder-level security
- Have formal backups
- Educate your staff on the risks of opening unsolicited emails and browsing the internet
Second level requirements vary from business to business but may include;
- Check your security policies and rules annually
- Organise a vulnerability scan and external penetration test
- If you keep any personal or credit card information, organise a PCI compliance scan
- Develop a breach notification plan
- Develop disaster recovery and business continuity plans
- Buy a LAUW cyber insurance policy
What else is being done?
In 2014 the Australian Privacy Act was amended increasing fines up to $1.7 million for businesses and $340,000 for individuals for serious breaches and repeats invasions of privacy.
The Insurance industry is also evolving. As the technology landscape changes it is important for businesses to protect themselves against cyber threats to help minimize risk. It not only provides reassurance for the business, but also protects employees, clients and suppliers.
What is Cyber Insurance? LAUW describes it as ‘insurance to protect your balance sheet, typically based on a pick and choose model that can be tailored to your risks and price point.’
Cyber Insurance typically covers:
- Technology & Professional Services
- Multimedia Liability
- Security and Privacy Liability
- Customer Support and Reputational Expenses
- Data Recovery and Business Interruption
- Privacy Regulatory Defence and Penalties
- Cyber Extortion
Is it time your business invested in Cyber Insurance? For more information contact us on (07) 3217 9015 or send us an email at firstname.lastname@example.org
This information and any accompanying material does not consider your personal circumstances as it is of a general nature only. You should not act on the information provided without first obtaining professional financial advice specific to your circumstances and considering the Product Disclosure Statement.