Search for insurance help

Ransomware: 5 Ways to Protect Your Business

Ransomware is a common threat for organisations across Australia. However, there are steps you can take to safeguard your business before it’s too late.

The Facts About Ransomware

The latest stats from the Australian Cyber Security Centre (ACSC) Annual Cyber Threat Report: July 2021 to June 2022 paint a worrying trend. The report shows:

  • A cybercrime is reported every 7 minutes on average.
  • The average cost per cybercrime report is over $39,000 for small businesses, $88,000 for medium businesses and over $62,000 for large businesses. That’s a 14% increase on last financial year!
  • Over 76,000 cybercrime reports. That’s a 13% increase on last financial year.
  • Financial losses due to business email compromise of over $98m, that’s an average of $64,000 per self-reported loss.

Nevertheless, many business leaders firmly believe their data is safe because it is stored in the cloud. Similarly, their IT service provider looks after data security, so it’s not an issue.

However, ransomware usually find its way into businesses through seemingly genuine links or documents sent directly to staff via a Phishing email.

Importantly, criminals are known to impersonate representatives using familiar names, website domains or pretend to be a trusted co-worker.

So, it’s easier than you think for staff to be caught off-guard.


Here are 5 ways to protect your business from ransomware:

 
1. Safeguard Your Devices
It’s best practice for businesses to have systems that stop unwanted data access and security software to protect devices. At a minimum, it should include antivirus software, firewalls, spam filters and security patches, which must be kept up to date.

Equally important are regular back-ups of business data with another copy stored securely off-site.

Therefore, run a test to ensure you can restore the data easily should you experience a data breach.

2.  Cyber Security Training
Employees can unwittingly expose businesses to ransomware. For example, they may click on a link or open a seemingly genuine attachment, such as an invoice, that invites in ransomware.

A good starting point is to talk to staff about phishing emails and ransomware. Look at what they are, their impact and what they can do to help. Perhaps, include cyber training for all new starters and train staff annually to ensure cyber security stays front of mind.

Management Liability insurance is designed to provide protection to both the business and its directors or officers for claims of wrongful acts in the management of the business.

A business insurance pack can provide cover for your business premises and contents, against loss, damage, theft or financial loss from an insured interruption to the business.

Purchase up to six products under one Business Insurance Package. 

A good starting point is to talk to staff about phishing emails and ransomware. Look at what they are, their impact and what they can do to help. Perhaps, include cyber training for all new starters and train staff annually to ensure cyber security stays front of mind.

Your insurance adviser can point you to effective cyber training tools, such as the Australian Cyber Security Centre (ACSC). Additionally, the ACSC website provides simple to follow advice and videos on many aspects of cybercrime including ransomware.


3.  Share Real-World Examples of Ransomware
One of the most effective ways to train staff is to show them real world examples of phishing emails that may include links to ransomware. That way you help staff to understand the warning signs and what to do if they receive suspicious emails.

Even if a team member receives a ransom warning message on the screen, let them know it’s okay to report it to management and to seek help. The earlier the company detects the breach, the quicker and cheaper it is to resolve.

CASE STUDY:

Event: Employee turns on the computer and finds a ransom note on the screen after clicking on a link in an email.

Effect: Four of the company’s systems are encrypted and the encryption passwords ransomed. After negotiation with the hacker the password is provided. However, the company must rebuild their entire IT Infrastructure due to the breach.

Outcome: The company is insured. The total cost of the claim is $146,000, which includes the ransom fee of $17,000, the cyber response costs of $18,000 and a business interruption payout of $111,000.  

Real-world claim example from Emergence.

4. Seek Staff Feedback on Internal Systems
Employees may bypass the company firewall, download unapproved applications, or turn to less secure methods if the company’s systems are too restrictive or slow, opening the door to infected links.

They may save sensitive files to personal USB drives because they are unable to access the company server from home. In that case, they may unknowingly transfer a virus from their home computer onto the company server on their return.

Therefore, it’s a good idea to encourage feedback from your team to find safe, secure solutions that work for staff and your business.


5. Check Your Insurance Cover
Companies without cyber insurance put their cash flow at risk. So, with the average cost of a cybercrime event rising yearly, it’s a good time to check your insurance cover.

It’s worth noting that cyber is often a separate policy and excluded from other types of business insurance.

 
Need advice on cyber insurance?
Clear Insurance helps business leaders to identify, understand and manage business risk, including cyber risk. Our risk and insurance review will assess your current insurance cover and provide the advice you need to move forward confidently.

We work with you and our insurer partners to ensure you have the most appropriate insurance solutions for your business needs, regardless of complexity.

Importantly, we can direct you to effective cyber training programs to help minimise the risk of a cyber event affecting your business and cash flow.

General Advice Warning: This advice is general and does not take into account your objectives, financial situation or needs. You should consider whether the advice is appropriate for you and your personal circumstances. Before you make any decision about whether to acquire a certain product, you should obtain and read the relevant product disclosure statement.

All information above has been provided by the author.


Clear Insurance, ABN 41601916689, AFSL 548953

This article originally appeared on Clear Insurance In The News and has been published here with permission.

Related articles

Comments (0)

Related insurance brokers

Review rating
58 reviews

Featured Featured

Laura Meyer

MeyerInsure

  • Typically replies within
    a few hours
  • Review rating
    16 reviews
    Review rating
    8 reviews

    Featured Featured

    Madeline Ollett

    Evergreen Insurance Solutions Pty Ltd

  • Typically replies within
    a day