It may have taken some time for the reality to hit, but the wider public is now starting to realise that hackers aren’t just fictional brooding movie villains – they’re real people doing real damage across the globe, particularly in Australia and especially to small businesses.
The reality is, no small business is immune and are frequently seen as prime targets for cybercriminals due to a combination of factors. These can be things like the amount of valuable client data the business may hold and a lack of a security measures in place to protect the business from an attack.
Big Attacks on Small Business
As a business, holding sensitive information is inevitable, and the absence of a security culture is slowly being overcome with education. The SME sector is bearing the brunt of cyber-attacks because of the lack of strong security systems and competencies that larger enterprises have easy access to. Unfortunately, this results in small business’ as soft targets with big rewards.
Running rampant are ransomware attacks – This is when criminals take over the control of a computer and demand cash or crypto-currency in exchange for a return to service. The main problem with these viruses is when hackers refuse to restore functionality once the ransom is paid. The other bad news is that paying the fee does not eliminate future threats, with reports of the victim being identified as a compliant target, more likely to be attacked again when a new vulnerability opens up.
Of course, the threat is much greater than just malware (i.e. viruses and ransomware). The original hacker weapons of phishing, DDoS, key-logging, cross-site scripting and session hijacking are still widely used and becoming increasingly sophisticated.
The consequences of cybercrime can be devastating, regardless of the industry in which a business operates. Losing sensitive client data and critical operational capabilities can lead to a whole host of expensive business interruption costs. And if that isn’t bad enough, the damage from an attack could have a harmful impact on your business’ reputation within the community too.
Recent high-profile malware attacks such as the ‘WannaCry’ and ‘Petya’ viruses have highlighted both the ease with which systems can be breached, and the extent of the damage they can cause.
Prevention as Priority
The Australian Government is acutely aware of the danger hacking presents and has provided a 5 minute, easy to follow guide on how small businesses can stay safe online.
Three of the most important things you can do from a prevention standpoint are:
Passwords – Keep them unique and a little bit complicated. If you’re finding it too difficult to remember all your passwords, get onto a password manager application like LastPass, Keeper or RoboForm. LastPass is simple to use and provided on a ‘freemium’ model, whereby basic features are free, and the premium version is available for a small fee (currently $24 per year).
Backups – This is an easy and effective way to mitigate the threat of information hijacking like ransomware. For about $250 electronics retailers will sell you a 5 terabyte external hard drive that holds the equivalent of 1.5 million photos. Back up your data regularly and keep your hard drive off-site in a secure place.
Update & Lockdown – Software and anti-virus updates can be annoying and time-consuming, but they have a vital function; applying patches to known vulnerabilities in the software you’ve installed on your computer or device. Accept them as often as you can and be vigilant with shutting down your PC or laptop when not in use.
Insurance as a Firewall
While prevention is the simplest way to minimise the chance of a cyber-attack occurring, Cyber Liability insurance will help to reduce subsequent damage to your business by covering the expenses and legal costs that are associated with breaches.
Cyber Liability insurance won’t prevent an attack, but it will help businesses to manage the event effectively and be back open for business as soon as possible.
Benefits that are generally included in Cyber Liability insurance are:
- Business interruption costs
- Data recovery and investigation costs
- PR & crisis management costs
- Extortion costs
- Penalties and fines
Things that are typically NOT included in Cyber Liability insurance are:
- Damage to property
- Replacement of equipment
- Prior known facts and/or instances
- Intentional act
- Losses from power outages from utility services
Save this to your memory
Hackers are devoting 100% of their energy and resources towards finding weaknesses in business networks and discovering ways to make money off them.
Of course, there aren’t any magic rules to preventing cybercrime; even the best security systems are vulnerable to breaches. By implementing a few basic preventative measures and robust Cyber Liability insurance, small business’ are ensuring they are able to survive cyber-attacks, now and in the future.
BizCover™ Pty Ltd (ABN 68 127 707 975; AFSL 501769).