Recently the Prime Minister announced to Australia that we were the target of a large scale, sophisticated, cyber attack. The attack targeted both government and private enterprise and was perpetrated by a foreign state.
It was an alarming announcement, and an extreme threat to our borders during what is already a trying time with the world buckled by COVID-19. The attack calls us all to appreciate the dangers alongside the benefits of using the vast network that is the internet.
Are you prepared for an attack on your networks?
Or are you cautious of who you share your own, or your client’s personal data with? Even if we are not personally the targets of these large-scale attacks it may be that the third-parties that store our data, and whom we interact with every day, might be the target for a cyber attack.
Moreover, the number of cyber attacks across the business community has also increased, with ransomware attacks becoming increasingly common as hackers target the vulnerability of individuals and systems during COVID-19. Knowing that employees are currently at home, attackers are taking advantage of the reduction of technical protections that their corporate networks often provide.
Furthermore, many employees are working from their personal computers, often shared with family members, processing sensitive and potentially personally identifiable information (PII) without the advantage of managed endpoint protection or even regular patching schedules that are also managed by the typical IT team. Examples include scam government emails purporting to provide COVID-19 information or scam logistic emails which falsely provide delivery details of online purchases.
So how can we prepare for the every increasing threat of cyber attack?
Minimising the chance of an attack.
To minimise the risk of an attack it is important to have security measures in place that will protect your systems from being attacked. Five key considerations are:
- Ensuring you have a firewall and virus detection software
- Updating your programs as updates become available
- Ensuring your devices are password protected
- Encrypting data
- Conduct security awareness training. Train employees on how to recognise common threats and scams and how to report any suspicious security incident.
Mitigating the damage caused by an attack
As important as reducing the risk of an attack in the first place is reducing the potential damage that an attack may cause. Three key considerations are:
- Having on and offsite data backups of your IT systems that are updated daily
- Segregating access to important data
- Purchasing a cyber insurance policy
The decision of purchasing Cyber insurance must be considered by business owners and boards alike as a key financial tool in transferring this financial and reputational risk and providing expert advice when critical decisions must be made within a high pressured environment. The Cyber policy can help mitigate the damage caused by a cyber-attack with several key benefits including:
- Liability protection against claims made by third parties, regulators, employees and customers that relate to cyber events
- Rectification costs, for the repair of your cyber network
- Legal expenses to guide a business through Privacy legislation obligations
- Business interruption costs for that will provide your lost income while your IT systems are returned
- Public Relations and Crisis management support
A cyber policy will include access to an insurers cyber crisis response unit, these teams are highly trained and will respond quickly to a cyber event giving you confidence that your systems are secured quickly and restoring your access so business can continue.
If you would like more details on the benefits of a cyber insurance policy please book your contact ARA Insurance on 03 9602 3402 we are ready to assist.
Written by Nick Harvey, Ardrossan Insurance