Stories of cyber security breaches are so commonplace that many of us now switch off when we hear them. But if you’re a business owner, switching off is the last thing you can afford to do, as a recent series of unprecedented cyber attacks continues to leave businesses around the world reeling.
Starting in May 2017, cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other seemingly legitimate files. Dubbed WannaCry, the ransomware exploits a Microsoft Windows vulnerability, encrypting data on the infected computer and demanding payment to restore access. Wreaking havoc across the globe, the attack has stopped factories, brought health care services to a halt, affected telco networks and impacted government infrastructure in more than 150 countries.
Less than a week later, reports of another malicious software attack started to filter through. A variant of WannaCry, the Adylkuzz attack targets the same Windows vulnerabilities – but rather than freezing files, it aims to use the hundreds of thousands of computers believed to be infected by WannaCry to mine the virtual currency Bitcoin.
Then in June came Petya, a ransomware attack that encrypts important files after a user clicks on an infected email attachment and then demands a Bitcoin ransom to restore access. From a single infected computer, Petya has the ability to spread rapidly across a business by taking advantage of a number of Windows vulnerabilities. Big and small businesses across the world again fell victim to this latest cyber security attack.
As businesses everywhere scramble to takes steps to insulate themselves from the threat of these attacks, far too many have failed to heed the warning.
Not just a ‘big end of town’ problem
The majority of cyber security related incidents being reported by the media involve large organisations. But the impact of these breaches can be felt as heavily, if not even more so, by small to medium businesses. They’re the victims that don’t make the news.
It’s dangerous for SMEs to be complacent and adopt an “it will never happen to me” attitude. When it comes to your business experiencing a data breach, the 2017 Cost of Data Breach Study shows the odds are as high as 1 in 4.
Australia’s relative wealth makes us an attractive target for cybercrime. Our high use of technology also leaves us exposed. It plays a significant role in how businesses operate and falling victim to a cyber attack can have significant ramifications including financial loss, reputational damage, loss of intellectual property and business disruption.
Staying on top of all the risks and latest threats is no easy feat, but there are some simple things you can do to minimise the risk of your business falling victim to a cyber attack:
1. Update your operating system
The WannaCry and Adylkuzz attacks all targeted a known Windows vulnerability, one easily defended by installing a patch issued by Microsoft prior to the attacks. The disheartening reality is if users had stayed on top of security updates, their machines wouldn’t have been infected.
And while Mac users were able to breathe a sigh of relief this time around, they’re not off the hook. Other breeds of malware may infect different operating systems – so no matter what device you’re using, updates are a must!
2. Install antivirus software
Antivirus software can prevent malware from infecting your computer. Cyber criminals are always looking for holes and vulnerabilities they can exploit to create new and more powerful viruses and malware. That’s why it’s important to not only install antivirus software, but keep it up to date. If you don’t, you’re leaving yourself open to a cyber attack.
3. Beware of email attachments
The devastating effects of WannaCry, Adylkuzz and Petya were the result of users clicking on email attachments. The lesson? Avoid clicking links and attachments containing suspicious emails.
You can spot dodgy emails by looking carefully at the sender’s email address to see if it’s legitimate. Also look for obvious typos and grammatical errors in the body of the email itself. If the email appears to come from your bank, a credit provider or internet service provider, keep in mind they’ll never ask for sensitive information via email.
4. Create data backups
In the event a hacker successfully infects your computer, all isn’t lost. If you have a backup of your data, you’ll be able to restore everything with minimal fuss.
Online data backup is a popular choice for many businesses, as there’s no need to purchase specific hardware or software. But don’t forget to test your backup – after all, a backup is useless if it can’t be restored correctly.
5. Have cyber insurance
While it won’t protect your business from an attack, cyber insurance could be the difference between keeping the doors open or shutting up shop for good. While some business insurances cover cybercrime, many don’t – so take the time to check.
If you’re unsure about the level coverage you need, talk to an insurance broker. They can help you understand your business’s cyber risks and identify the best cyber insurance product to suit your needs.
Don’t make the mistake of thinking it can’t happen to you. Having adequate cyber insurance in place should be part of your business strategy to mitigate the risk of a cyber security breach. At Emjay Insurance Brokers, we have a deep understanding of the cyber crime risks your business may face and access to the leading cyber insurance policies on the market. Contact us today to discuss your needs on (02) 9796 0400.