Checklist: Is your business safeguarded against cyber crime?

What we know:

• In Australia, 43% of cyber attacks target small to medium businesses, with a ransomware attack occurring every 7 seconds
• Cyber security incidents in Australia experienced an 81% increase between July 2021 and June 2022
• Australian businesses lost $33 billion dollars to cybercrime in 2021.

Without adequate safeguards, experiencing a cyber event is less a matter of if, and rather, more a matter of when. A single cyber attack could seriously damage your business and its reputation.

Use this checklist to see how many safeguards you already have in place in your business.

• Daily backups of data and business-critical information with regular testing of backup
• Using Password Manager programs
• Enabling multi-factor authentication
• Tested Business Continuity Plan (BCP) and/or Disaster Recovery Plan (DRP)
• Antivirus software (updated daily or upon release)
• Firewalls
• Intrusion Prevention / Detection Systems (IPS / IDS)
• Limiting access to sensitive data to those who need it only
• Data security policies
• Annual security awareness and training

If you answered no to any of these items, your business could be at risk.

We recommend using the Australian Government Cyber Security Assessment Tool for a comprehensive list of resources to help you improve your security posture.

Exploiting humans to achieve the same outcome

One of the most common cybercrimes is the practice of using non-technical methods to trick people into doing something they wouldn’t normally do such as performing actions or divulging confidential information.

These attacks continue to increase each year and can be very sophisticated. Many businesses only realise they’ve been caught out once it’s too late. Here are four easy ways to protect yourself from a social engineering attack:

• Think before you click
  A good rule of thumb is that if it doesn’t seem right, don’t open it! This applies not only to attachments but if there are certain links in an email asking you to click to go somewhere. Check the URL and use a search engine to determine its validity and if in doubt, don’t click.
• Use secure websites
  Only make financial transactions that are known to you and are on secure websites (e.g. URL beginning with “https” and/or look for the padlock symbol).
• Confirm with your bank without acting
  Changes to financial/banking details need to be re-confirmed. Pick up the phone and call the contact (from your existing details). When calling, whoever you’re speaking with to confirm any details that have been changed.

Slow down
In our fast-paced world, everything appears urgent. Ensure you still take the necessary time to review what exactly you are being asked to do or complete. This will help to reduce the likelihood of you being time pressured into making errors. Remember, a cyber criminal will try and make you act quickly and this should be a red flag.

Build a human firewall

Employees can be an organisation’s most important defence in blocking cyber threats, and as more people work remotely, having vigilant and well-prepared employees who can identify and act on cyber threats becomes increasingly important.

Before sharing information

Ask your employees to always think first before sharing sensitive information. And help them understand what is sensitive.

Activate Multi-factor Authentication (MFA)

Turn on MFA for important tools such as remote access systems and resources (including cloud services).

Call out suspicious messages

Let employees know what to do if their device is lost or stolen, or if they observe anything suspicious.

Keep your systems updated

Ensure systems including phones, laptops, servers, virtual private networks and firewalls are updated with the most recent security patches.

Protecting your business from the financial impact of a cyber attack with cyber insurance

Cyber insurance is designed to help protect your business from the financial impact of computer hacking, ransomware or data theft.

Depending on the situation, you may be up for the cost of ransom or IT remediation to repair your systems. You could also be liable for the costs of reporting the breach, legal claims, and remediating any losses suffered by your customers or clients. In Australia, if you spot a security breach, you’re also legally required to report it to the Office of the Australian Information Commissioner. You’ll also need to notify the people whose information has been affected.

Having a sufficient cyber insurance policy is an essential part of being prepared to respond to a cyber attack. It’s important to make sure your cyber insurance policy provides your business with adequate cover, which will depend on the nature of the business.

We know how to protect your business with cyber insurance. Let us help you.

Talk to us or request a callback.

Important notice – NewSure Insurance Brokers Pty Ltd

This article provides information rather than financial product or other advice. The content of this article, including any information contained in it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.

Information is current as at the date the article is written as specified within it but is subject to change. NewSure Insurance Brokers Pty Ltd make no representation as to the accuracy or completeness of the information. Various third parties have contributed to the production of this content. All information is subject to copyright and may not be reproduced without the prior written consent of NewSure Insurance Brokers Pty Ltd.