Businesses need to understand the importance of being cyber safe. Cyber criminals are exploiting the global focus on COVID-19 and the new normal of working from home, to infiltrate networks and extort money.

And in Australia too, the Australian Cyber Security Centre (ACSC) warned of a significant increase in attacks on businesses with COVID-19 themed email ‘phishing’ attacks.

Cybercrime costs Australian businesses $29b each year

Abigail Bradshaw of the ACSC said that “Small businesses can be big targets for cyber criminals”. Attacks often involve cleverly disguised emails that make unsuspecting business owners and employees open malicious files. These scams and other cyber activity have cost Australian businesses an estimated $29 billion each year[1]. One reason small to medium-sized businesses are under great threat is because they do not have the sophisticated security systems and IT departments of bigger operations.

The Privacy Act requires businesses to take “reasonable steps to protect the sensitive and personal information they hold from misuse, interference and loss, as well as unauthorised access, modification or disclosure” (APP 11.1). The consequences of not doing so can be significant.

Scammers use a variety of approaches, from setting up fake online stores selling protective gear like face masks etc and stealing the victim’s credit card details to taking control of a victim’s computer system and locking data until a ransom is paid. This type of extorsion is becoming more targeted and costly and recovery times can be long.

Five potential threats businesses need to be aware of:

1. Business email compromise, also called CEO fraud, where threat actors interject into email streams to divert funds by exploiting technological and human vulnerabilities.
2. Ransomware, where threat actors take control of systems and lock data until a ransom is paid.
3. Cloud security – the increase in organisations outsourcing data storage to cloud-based infrastructure has increased security risks.
4. Internet of Things (IoT) risks come from a range of products, like printers, smart TVs, and automated home assistants, many of which have poor security.
5. Mobile devices and Bring Your Own Device (BYOD) which connect to corporate systems may be insecure.

Six things businesses can do to help them stay cyber safe:

1. Awareness: Promote a ‘stop and think before you click’ message amongst their staff.
2. Passphrases: Ensure that they and their staff use Passphrases rather than passwords e.g. lyrics to a song. They should be at least 12 characters long and include upper and lowercase letters, numbers and symbols for extra strength. Better still use two-factor authentication which typically requires the user to provide a secret only the user knows (like a passphrase or PIN).
3. Updating: Ensure all operating systems and application software update automatically where possible
4. Anti-virus software: Installing anti-virus software and an ad-blocking browser plugin on staff computers to help prevent malware from compromising business computers.
5. Backup: Keep frequent backups of all critical information and systems, ensuring that backups are stored securely off-site and not connected to the network to prevent their loss due to fire, theft or malware.
6. Subscribe to alerts published by: Stay Smart Online: staysmartonline.gov.au/alert-service

Scam watch: www.scamwatch.gov.au/news

Have financial protection should an attack slip through

In the event of an attack slipping through, it’s important for businesses to have the financial security to handle and remediate the situation – which may include a ransom, data and application restoration, legal advice, data breach investigation and public relations, to name just a few. The financial impacts of cybercrime can be extensive and not always obvious.

Like COVID-19, there is no cure for cybercrime, just preventative measures and having the means to remediate the situation once it has taken place. To speak to a broker about cyber insurance, contact us today.

[1] Source: cyber.gov.au- ACSA small business survey report July 2020  www.cyber.gov.au/acsc/view-all-content/news/announcing-acsc-small-business-survey-report