In today’s digital world, cybercrimes and claims against businesses relating to privacy breaches are on the rise. 59% of Australian organisations have their businesses interrupted due to a cyber breach each month.
Conservative estimates indicate cybercrime costs the Australian economy in excess of $1 billion AUD per year with figures expected to increase.
Protect your business
Protecting your business involves taking actions to prevent attacks including keeping technology up to date, educating staff and investing in security. You should also be working to minimise your losses should an attack occur, by doing things like creating a cyber-attack response plan or considering a cyber insurance policy.
Some of the key steps you can take to protect your business are outlined below.
Keep your Network and Devices Secure
Ensure your Antivirus and Malware protection is up to date and consider enabling two (2) factor authentication on all devices and online accounts you use – particularly those that allow payments to be made.
Two-factor authentication involves a two (2) step process to log in to a technological device. This will include a password and an additional step such as a code sent to a mobile device in order to gain access. This can improve security significantly.
You should also periodically review your business’ security systems and protocols to look for any security gaps and vulnerabilities. Depending on the technical expertise you have, it may be beneficial to engage an expert to carry out this review.
Maintain your Technology
Keep your technology up to date with the latest versions and patches. Outdated software, operating systems and applications can have security vulnerabilities that can leave your business open to cyber-attacks.
Backup Company Data
Backup your business’ important data such as client information, website files, accounting records and correspondence. Carry out backups using at least two (2) different mediums (eg. hard drives/cloud storage/USB) and keep one offsite. Test your backups regularly.
Educate and Stay Aware
Create a cyber security policy and educate your staff on common cyber threats. Ensure all employees undertake regular privacy training and understand your business’ personal information handling procedures. It is important that you maintain written training materials for all employees.
Keep up to date with emerging threats and scams. A great way of doing this is to subscribe to the Governments free alert service: https://www.staysmartonline.gov.au/alert-service
Use Strong Passwords
Strong passwords that are regularly changed prevent criminals from accessing critical information that can be used for fraud or to extort your business. Strong passwords or if possible two-factor authentication should be required for all fixed and mobile devices, systems and online accounts. Employees should not share passwords.
Create a Cyber Attack Response Plan
A Cyber Attack Response plan outlines the steps to manage a cyber security incident. The plan should help you and your employees respond to a variety of incidents quickly and methodically, lessen any impact/losses and return your business to regular operations as soon as possible.
Get Insured
Consider taking out suitable insurance cover. There are two (2) main policy types/extensions that Resilium recommend to businesses looking to arrange cyber insurance. These are:
- Cyber Crime Insurance (or Cyber Crime Policy Extension) – A typical policy will provide cover for theft of money as a result of a cybercrime event. For example social engineering fraud, phishing, phreaking or other forms of cyber fraud involving loss of money.
- Cyber Liability and Privacy Protection Insurance – A typical policy will provide cover for the following when incurred as a result of a cyber event, or breach of privacy as defined by the insurer’s policy wording: first party (own) costs and expenses. Cover for theft of money is excluded.
We note that the above suggestions are not meant to be advice and do not take account of your personal business situation.
What to do in the event of a Cyber-Attack
If your business has experienced a cyber-attack, remove yourself from the internet and follow the steps below.
Report the attack
- Contact your IT technician
- Contact your Cyber Insurer
- Contact Resilium INSIGHT IT support on 02 9137 8691 (option 2)
- Visit https://www.acorn.gov.au/ to report the attack. Reporting attacks helps develop a better picture of the cybercrime affecting Australian businesses and can in some cases, lead to your matter being resolved.
Please Note: Resilium may lock or force password resets on all systems until the breach has been remedied.
Improve Security and ensure Passwords are changed
- Contact your IT technician
- Improve your security before going back online
- Ensure client data or systems have not been compromised
- Change your password for the following systems:
- INSIGHT
- Adviser Gateway
- Sales Report Centre
Where to get further information
There is a wealth of information available online and from professional service providers to assist you in protecting your business against cyber threats.
A great place to start for guides and information is https://www.staysmartonline.gov.au
For security concerns, try contacting your IT service provider.
