Every successful business aims to protect their assets, whether they are tangible or intangible assets. For many businesses this is achieved through appropriate insurance cover for their business and its assets.
Recently, software and data information has become the biggest and most important intangible asset of many business entities and this is continually growing.
Data protection has also become the weakest link in the security systems of many business enterprises. Almost daily we hear about cyber attacks or hacking attempts on business and government data systems
There has been a significant increase in the number of cyber threats and cyber security breaches. Protecting your business from these threats has become a major task for many businesses and is almost impossible for small business to manage by themselves.
Companies are starting to look for ways and means to mitigate their potential losses against cyber risks.
The threat is global and cannot just be ignored. A recent 2016 report from Symantec on Internet Security, listed the top countries most vulnerable to cyber-attacks. Of particular concern, Australia was listed as the fifth most targeted country in the world.
Major insurance companies now offer cyber insurance, as a component of their business insurance policies.
Mitigate your business risk from cyber threat with cyber protection insurance
Cyber threat is a malicious intent to damage, steal or disrupt digital data. Cyber threats come in the form of computer viruses, denial of service, and data breaches.
With everything going digital and computerised, cyber threats have become a potential paralysing phenomenon to all businesses in this connected world.
The threats have the potential to cripple not just a business but also an entire country and this has extended globally.
Cyber threats have increased tenfold and are growing at a fast rate and importantly from a business perspective it is becoming more serious.
The main intent is to disrupt, gain financially and/or steal. Companies are scrambling to find armour to protect their online assets from this threat of attack.
Cyber security refers to the processes, technologies, and controls created and designed to protect your business network systems and data against the various cyber threats.
An effective cyber security program can reduce the risk of cyber threats, including unauthorised breaches, and the exploitation of data and business network systems.
Cyber security should involve the following:
- People –
Everyone working in your business should be aware of their role in reducing and preventing cyber attacks or breaches. Employees handling your internet/network security should stay up to date with the latest skills to mitigate and handle these threats.
- Technology –
Once you have Identified the various cyber risks that your business faces, you can then implement, update your controls and technology deployed to help reduce the impact of a cyber attack or threat.
- Process –
Cyber threats are constantly changing and continue to change at a fast rate and it is important to review your business processes and security to adapt and maintain the necessary security for your business.
More than the software your company invested in, the most important thing you need to protect is the data or information stored on or in your system.
Data breaches can cost you and your company more than just money. It could also cost you your company’s reputation and loss of your customers’ trust.
It can disrupt an entire operation and could potentially cost your business through litigation and/or regulatory fines.
The strength of your business cyber security depends on a systematic and comprehensive approach on the following elements:
- Continuity plans.
This involves preparation for any potential disruption. Identify threats and prepare continuity plans of day-to-day operations.
- Continuous education of end users.
Educate end users about potential threats and sharing information such as passwords or accessing unsecure networks.Update your employees with the latest information about security and threat they are likely to encounter.
- Business applications security.
Secure web applications against intrusion to protect your stakeholders and their assets. Web applications are the most vulnerable entry point for cyber attacks.
- Securing your network.
Conduct tests to ensure accessibility of your servers, hosts, and network services. Network security is a big issue with the increased use of cloud computing.
- Securing data information.
Data information is the cornerstone of your company. It has all your database records from personal to financial records. It is best that you follow ISO 27001 or the international standard for Information Security Management System or ISMS.
- SOP Security.
Your standard operating procedures or SOP should include tracking system of all information and assets to protect your company’s core functions.
- Management commitment.
Management’s commitment is key to successfully implementing all security elements. Without that commitment, it will be impossible to maintain an effective process. Management willingness to invest on proper cyber security should be a top most priority to be able to invest in more technology skills and resources.
These are emails sent out requesting for sensitive information like passwords and log in information. These emails look like genuine emails unless you know how to spot the difference.
Phishing emails often try to pass themselves off as emails from legitimate corporations. The appearance, including logo is the same but it would often give telltale signs of irregularities like:
- Incorrect spellings and grammar,
- Email is sent from public email address despite having a website of their own,
- Non-personalised greetings,
- Misspelt domain name,
- Portrays a sense of urgency in the message, and
- Contact details is different from the registered details.
Malware or malicious software is a program designed to penetrate and damage your programs and hardware without consent.
Malware comes in the form of Trojans, viruses, spyware, bots, worms and other threats. It usually comes hidden when you download unsecured programs and applications.
This is one of the most prevalent forms of malware. This cyber threat makes it impossible for you to access your files by encrypting your data.
The perpetrator then demands payment in exchange for access.
Paying the ransom though does not guarantee that you can access all the encrypted data.
Cyber threats will not go away but you can take preventive measures to protect yourself and your company against these threats.
- Install and use anti-virus, anti-spyware on all your computers.
Regularly update your anti-virus and other software as they become available. Download updates from original software developers and not from third party sources.
- End User Agreements
Read developer EULA (End User License Agreement) before clicking the “I agree” button. Some applications indicate in their EULA that they will be installing adware and bots for monitoring purposes.
- Avoid “freebies”
Avoid clicking links and other downloadable links promising you freebies. Most often, these links contains bots and spyware that can infiltrate your security.
- Use a firewall for your internet connection.
- Limit access and authority
Limit the employees’ access to information based on their job description. Your IT department should have sole access in installing new software, updates and physical access on the networks and computers. They should also have sole jurisdiction over physical access to your networks and server.
- Password changes and hard to decode passwords
Change passwords regularly and use hard-to-decode passwords.
A combination of numbers, characters, letters and make some letters caps. Example: TroJ@n123 is much harder to decode than putting trojan123 as password.
- Two set authentication
Use a password and a code sent to your smartphone to open your account. This double security ensures a safer measure against threats.
- Avoid ‘admin’ as your user id
Most software have the admin user id by default. If you are administrator, it is advisable to change admin password, as this is usually the first log in information hackers breach.
- Back-up your data.
In case of infiltration, you will not lose so much data if you have an updated back-up copy of your data. This will also ensure minimal disruption of your operations.
- Regular audits of security
Conduct regular audits of your security measures. Double check passwords, firewalls and software updates. Conduct system check and tests to see how well your security is holding up.
- Cyber Protection Insurance
Get your company insured against cyber crimes and attacks. The number of insurance companies that provide cyber protection insurance has increased significantly with the escalation of these online cyber threats and associated security breaches.
Safeguard Your Business Today With Cyber Protection Insurance
Cyber Security Threats For Small And Medium Business
The most vulnerable business entities to cyber threats are small and medium enterprises (SME).
Cyber security measures require an investment in terms of hardware, software and security measures. However, most SME’s have not done enough to protect themselves against hackers and cyber terrorists. This leaves them exposed to the risk of a cyber attack.
Many small businesses find it more difficult to keep up as hackers and cyber criminals become more advance and sophisticated.
Majority of SME’s rely mostly on web-based tools and social apps to enhance their efficiency. Their dependence on external security measures continues to expose them to data breach and attacks.
To reduce overhead, some SME’s allow their employees to work using external devices such as personal laptops. This creates a bigger risk because the company has no control over unknown applications installed on these personal devices.
Though SME’s do not have the benefit of in-house IT experts, they can turn to IT specialists who can help advise them on how to deal with security threats and breach, how to prevent incidents, and how to rise from these incidents.
SME’s can implement other security measures without incurring additional costs such as:
- Risk assessments to help improve internal security controls
- Limit employee authority and access.
- Data encrypting especially with the prevalent use of personal devices
- Providing mirror servers to ensure continuity of operations in case of attacks
- Mobile Device Management to segregate business data from personal data particularly with the use of personal devices
- Cyber Protection Insurance. Many insurance policies now include cyber insurance as an option for your Business Insurance Policy.
Cyber insurance is provided by insurance companies to protect your company against cyber security breach and attacks.
Cyber threats can cost millions of dollars.
Why does your business need Cyber Protection Insurance?
Cyber security breaches are a very real threat to many businesses. The potential losses you could possibly incur are huge.
Aside from the possible loss of data, you could suffer financial loss due to litigation, penalties, and other crisis management expenses.
With cyber security insurance, you are covered in the event of a cyber attack.
Other benefits that you could get from having cyber insurance include:
- Protect your suppliers and customers so they are not affected by any cyber incidents
- Give your investors and partners confidence that the company is stable and will not collapse in the event of successful claims
- Have the necessary funds to deal with litigation costs and technical costs of resolving major cyber incidents
- Assure potential stakeholders that the company is in line with all government requirements and regulations
What is the covered by cyber protection insurance?
Cyber insurance coverage varies from one policy to another, but most cyber insurance policies cover first party and third party loss.
First party loss includes:
- Financial losses incurred as a result of the cyber attack
- The cost of public relations and communications in informing your customers and suppliers about the breach
- Cost of data recovery
- Investigation as to how the threat occurred and what steps you should take. This also includes hiring negotiators in the case of ransomware.
Third party loss includes:
- Legal costs against claims
- Damage reputation
- Fines and Penalties
- Damage to third party confidentiality
There are two primary ways to obtain cyber protection insurance for your business.
Firstly you can go to an insurance company agent or contact an insurance company directly.
Secondly you can go through an insurance broker to obtain the insurance cover that you are after. The advantage of using an insurance broker is they will research the various policies available from a number of insurance companies. They will then recommend the insurance policies that most effectively meet your needs and those of your business.
Taking preventive measures to protect your company against cyber threats is a smart business move, and having cyber protection insurance is a key part to protecting your business.
Cyber Protection Insurance policies, allow you to recover some of the costs that might be incurred during the incident.
Although each policy varies, you can claim losses from:
- your data recovery,
- loss business opportunities during disruption, and
- crisis management expenses you may incur.
Fleurieu and Hills Insurance, your local insurance brokers covering the Adelaide Hills and Fleurieu Peninsula are able to discuss your cyber insurance needs with you. They take the hard work out of locating a cyber insurance policy that will cover the needs of your business
The advantage of using an insurance broker over an insurance company agent is that the broker is able to assess insurance policies from a number of different companies to find the policy that is appropriate for you and your business