Cloud computing continues to transform the way businesses use, store and share data, applications and workloads. It’s also introduced a host of new security threats and challenges. With so much data going into the cloud, these resources have become natural targets for hackers.
Do you use any cloud-based solutions, such as Microsoft’s Office 365, in your business? Beware! Cloud-based office solutions are increasingly coming under attack.
Specialist insurer Beazley has reported that the number of email compromises is accelerating, particularly for those businesses using Office 365. These hack and malware breaches accounted for 13 per cent of incidents reported to the Beazley Breach Response Services team during the first quarter of 2018. The three sectors most affected were financial services, health care and professional services.
SMEs are vulnerable
It’s an unfortunate fact that far too many SMEs take a “she’ll be right” attitude when it comes to cyber security. Smaller businesses, in particular, tend to believe “no one’s going to bother to hack us because we’re too small”. But it’s not true.
SME’s are easy targets. Hackers often don’t bother with the bigger end of town where there are dedicated cyber security resources in place. Why would they when they can more easily attack a smaller business with weaker defences? While larger businesses are potentially more lucrative targets, they’re better protected. Smaller businesses tend to be more exposed.
Take a moment to think about the sheer bulk of personal information held by your business. Databases and CRMs are a veritable treasure trove of details that hackers can potentially exploit for their own advantage. It’s not hard to imagine the potential fallout a cyber breach might have on your business, including the damage it would wreak on your reputation if your customers’ details were compromised.
5 ways to reduce your risk
Here are five cyber security risks for SMEs and tips about how to effectively respond to them.
- Users
Even the most heavily fortified environments can be penetrated by a well-crafted phishing email. SMEs should invest in awareness training to educate staff about common types of attacks to ensure they understand the latest threats.
- Passwords
Strong password usage should be implemented by agencies, with regular password changes enforced and filters applied to prevent easily guessed passwords. Internet facing systems (such as VPN’s, Outlook Web Access and other web portals) should have multi-factor authentication.
- IT
All too often, IT teams provide too much open access, fail to apply the necessary security controls, misconfigure systems and don’t implement intrusion prevention and detection measures. SMEs should ask their IT team what security controls they have in place to protect the business.
- Penetration testing
Penetration tests assess and report on risks, threats and vulnerabilities and the overall security profile of a business, and detail what remedial steps need to be taken. Regular testing is one of the best ways to mitigate against security breaches.
- Incident response
SMEs must assume their business will be breached at some point and need to have a documented incident response plan in place to ensure they can detect, recover and communicate with clients should a breach occur.
Insurance matters
Given the pace and complexity of the cyber space and the pervasive nature of technology, cyber liability insurance is a necessary safeguard for businesses to transact securely with their clients.
Cyber liability insurance provides essential cover for business interruption, as well as support with data recovery and the management of any resulting reputational crisis. From a customer perspective, the cost of monitoring the impact of a data breach can be significant. Cyber cover can include support with notification and monitoring costs, as well as managing the legal costs resulting from any litigation.
One of the broader benefits of cyber liability insurance is also the peace of mind it brings. As a business owner, you can rest easy that appropriate safeguards are in place to help your business keep moving forward, while at the same time ensuring you have adequate security strategies in place to resolve any issues and appropriately mitigate any concerns regarding data security.
But the strength of cyber liability insurance also lies in the breadth and quality of its pre and post-incident response service. The typical SME doesn’t have anyone to turn to if their computer screen suddenly freezes and a ransom message appears. This is where a quality cyber liability insurance policy can assist.
Made up of IT security and forensics, legal, credit monitoring, public relations and communications professionals, an incident response team will help from the moment a business becomes aware of an incident through to the resolution, helping to mitigate potential loss and exposure.
Call Emjay about cyber cover
Don’t make the mistake of thinking it can’t happen to you. Having the right cyber insurance in place should be part of your business strategy to mitigate the risk of a cyber security breach.
At Emjay Insurance Brokers, we have a deep understanding of the cyber risks your business may face and access to the leading cyber insurance policies on the market. Contact us today to discuss your needs on (02) 9796 0400.
