The way businesses use, store and share data, applications and workloads has changed with so many employees now working from home. It’s also introduced a host of new security threats, vulnerabilities and challenges – and scammers are having a field day.
At a time when financial markets are in turmoil, businesses are struggling and people continue to panic buy, it comes as no surprise that cyber criminals are capitalising. Relying on people being distracted, concerned and wanting to find information about COVID-19, scammers are using malicious emails, phony news posts and fake websites to steal money and personal information.
Since the Coronavirus pandemic hit Australia in early March, Scamwatch has received more than 2700 scam reports from consumers mentioning the Coronavirus, totalling over $1,100,000 in losses. Common scams include phishing for personal information, online shopping and superannuation scams.
And these consumer scams are just the tip of the iceberg. From a business perspective, there’s little doubt that digital thieves have escalated their activities since COVID-19 restrictions forced many businesses to send their employees home to work. Emergence Insurance, a specialist in cyber coverage, recently revealed that it made a $350,000 bitcoin payment to release a client’s system from a new strain of ransomware.
The aim of malware is generally to encrypt a business’s data in exchange for a ransom. This software, however, stole the data and then locked down the business’s IT systems before making the extortion demand. While giving in to ransom demands is generally discouraged, in this instance it was the best solution given that the business’s backups weren’t of a standard that would allow them to quickly resume trading.
This type of malware is becoming increasingly common and shows that cyber criminals are changing tack and taking advantage of the vulnerabilities businesses are exposed to because employees are working from home. With so many additional access points to business systems, cyber criminals are becoming more brazen and creative with how they carry out their hacking activities.
So how can you protect your business, particularly while your employees are working from home and the threat of a cyber breach is heightened?
Mitigating risk
The case mentioned above demonstrates why, now more than ever, vigilence is essential when it comes to cyber crime threats. The Australian Cyber Security Centre recommends that businesses implement the following strategies to reduce the risk of falling victim to a cyber security breach.
- Review your business continuity plan and procedures
- Verify that your systems (including Virtual Private Networks and firewalls) are up to date with the most recent security patches
- Increase your cyber security measures to account for the higher demand on remote access technologies
- Make sure your remote desktop client is secure
- Ensure all work devices, such as laptops and mobile phones, are secure
- Implement multi-factor authentication for remote access to systems and resources (including cloud-based systems)
- Make sure that your business is protected against denial of service threats
- Ensure your cyber insurance policy is current and adequate for your business’s exposure.
In addition, when it comes to your employees there are a range of measures you can put in place to minimise the chance of a hack occurring while they are working from home.
- Inform and educate your employees and stakeholders about cyber security practices (for example, how to detect socially-engineered messages)
- Ensure employees avoid free Wi-Fi and only use trusted connections, such as home internet or mobile internet services
- Make sure employees have physical security measures in place to minimise the risk that information may be accessed, used, modified or removed without authorisation
- Prohibit, where possible, the use of portable storage devices (including USB drives) to transfer files and data, and instead implement cloud storage or other collaboration solutions.
Together, these strategies will help to ensure your business is protected from the risk of a cyber attack while your employees are working from home.
Cyber insurance
The world has turned upside down in recent months. Did you ever think that so many of your employees would be working from home? Probably not.
That’s why, given the pace and complexity of the cyber space and the pervasive nature of technology, cyber liability insurance is a necessary safeguard for you to transact securely with your clients.
Cyber liability insurance provides essential cover for business interruption, as well as support with data recovery and the management of any resulting reputational crisis. From a customer perspective, the cost of monitoring the impact of a data breach can be significant. Cyber cover can include support with notification and monitoring costs, as well as managing the legal costs resulting from any litigation.
One of the broader benefits of cyber liability insurance is also the peace of mind it brings. As a business owner, you can rest easy that appropriate safeguards are in place to help your business keep moving forward, while at the same time ensuring you have adequate security strategies in place to resolve any issues and appropriately mitigate any concerns regarding data security.
But the strength of cyber liability insurance also lies in the breadth and quality of its pre and post-incident response service. Lots of businesses don’t have anyone to turn to if their computer screen suddenly freezes and a ransom message appears. This is where a quality cyber liability insurance policy can assist.
Made up of IT security and forensics, legal, credit monitoring, public relations and communications professionals, an incident response team will help from the moment a business becomes aware of an incident through to the resolution, helping to mitigate potential loss and exposure.
Call Emjay about cyber cover
Don’t make the mistake of thinking it can’t happen to you. Having the right cyber insurance in place should be part of your business strategy to mitigate the risk of a cyber security breach.
At Emjay Insurance Brokers, we have a deep understanding of the cyber crime risks your business may face and access to the leading cyber insurance policies on the market. Call us today to discuss your needs on (02) 9796 0400.