The latest Cyber Crime statistics from the Australian Cyber Security Centre (ACSC) show that there was a cybercrime reported every 10 minutes, totalling 60,000 in the past 12 months. The most common type of cybercrime reported is Fraud (40%) which includes online romance and investment scams, Identity theft and misuse of personal information (32%), followed by cyber related abuse (22%). The biggest threat was ransomware, as it requires minimal technical expertise, is low cost and can cause businesses significant problems, including crippling core business functions. Worryingly, from a recent survey it was found that 70% of organisations are not protected by a cyber insurance policy, which can offer immediate help in dealing with hackers, ransom demands and Privacy Breaches.
In June 2020 and in an attempt to combat the growth in cybercrime, the government announced their commitment to spend more than $1.35 billion over the next 10 years to enhance Australia’s cyber security capabilities and provide assistance to business and people impacted. Whilst this is a significant financial investment, what can SMEs do today to reduce their risk of being a cybercrime victim?
How to reduce your risk of email phishing
Email phishing is one of the most frequently used strategies to commit wire transfer fraud. This generally means that someone in your business receives a fake email supposedly from a trusted supplier, lawyer or company executive, requesting payment of an attached invoice. Another common strategy is for an executive’s email account to be hacked, sending an email to an employee requesting a wire transfer. In the first example, the email is fake and sent from an account held by the cybercriminal, however, in the second, the email is actually sent from a company email account. Both strategies work very well and pose a significant threat to businesses.
The best way to prevent phishing from becoming a problem in your business is to ensue your staff always confirm any requests for wire transfer requests verbally. This includes verbally checking changes to vendor payment details or when setting up new vendor accounts.
How to reduce your risk of a malware attack
Malware attacks (malicious software) include viruses, ransomware, worms and trojans. The goal is to hold individuals or companies to ransom by stealing their personal data or financial information, even locking up their computer. Some malware is undetectable to your virus software, whilst others disable your software so the malware not detected.
Most malware infections spread via infected emails or websites where the user downloads free software or a banner on an infected website loads a virus into their computer. Hackers also bypass virus software by accessing Windows RDP (Remote Desktop Protocol) to log into a remote worker’s computer (using login details stolen via a phishing email) to install malware.
The best ways to protect your business from malicious software is to keep all operating systems, browsers, plugins and antivirus and malware software updated. Also, only use secure networks, don’t click on links in emails, backup all data regularly, use strong passwords, install a firewall, block all pop-ups, and use encryption software. Of course, educating your employees on how to protect themselves and your business against malware is also essential.
Agile CyberCare covers small businesses against cyber threats and data breaches, including 24/7 emergency response for incidents.
Cyber Liability Insurance is designed to help protect you from claims and support your profitability in the event of a cyber breach or attack.
Agile CyberSelect is aimed at mid-market to corporate clients and is a comprehensive Cyber Insurance policy with 16 policy benefits and 24/7 incident response.
The best ways to protect your business from malicious software is to keep all operating systems, browsers, plugins and antivirus and malware software updated. Also, only use secure networks, don’t click on links in emails, backup all data regularly, use strong passwords, install a firewall, block all pop-ups, and use encryption software. Of course, educating your employees on how to protect themselves and your business against malware is also essential.
How can insurance products protect SMEs?
Some insurers offer limited cybercrime cover within a package type policy, which provides only small amounts of cover, in a limited number of situations. This can be confusing to business owners, so insurers have also introduced stand-alone cyber insurance policies that offer wider cover and greater benefits, defining what is and is not covered (IA has a comprehensive cybercrime insurance policy). This helps reduce any uncertainty held by business owners around these products and means your business is protected, with the policy covering the provision of expert engineers to track down the malware, dealing with Privacy breaches, and paying for any loss of business income.
One of the first steps in protecting your business against cybercrime is to talk to your insurance adviser and find a policy that covers your needs. Find your local adviser today.