Cyber risk continues to be a leading risk for Australian businesses in a post-pandemic world. As Australians continue to work remotely, relying heavily on digital platforms to interact and conduct business transactions – cybercriminals are taking advantage. Understand how you can mitigate the risk of cybercrime and minimise the damage inflicted by a cyber-attack.
Why has the risk increased?
As Australians work remotely and use remote access technology and video conferencing increases, cybercriminals are actively exploiting the situation.
Since the Coronavirus pandemic hit Australia in early March 2020, there has been a significant increase in COVID-19 related malicious cyber activity. The Australian Competition and Consumer Commission’s “Scamwatch” has received over 100 reports of Coronavirus scams in the last three months, and the volumes continue to rise substantially.
CYFIRMA’s threat visibility and intelligence research also unveiled a 600% increase in cyber threat indicators related to the Coronavirus pandemic from February to early March.
Working from home creates further vulnerabilities where malicious actors “can gain additional access points to a network”, Fergus Hanson, the Australian Strategic Policy Institute’s International Cyber Policy Centre director (Sydney Morning Herald).
Measures to mitigate the risk:
Australians must be vigilant about cyber threats. The ACSC stipulates that “good cyber security measures are the best way to address cyber threats”.
Key cyber risk protection recommendations from the ACSC:
- Review your business continuity plans and procedures.
- Ensure your systems, including Virtual Private Networks and firewalls, are updated with the most up-to-date security patches (see guidance for Windows and Apple products).
- Increase cyber security measures in anticipation of the higher demand for remote access technologies, and test them.
- If you use a remote desktop client, ensure it is secure.
- Ensure your work devices are secure , e.g. laptops, and mobile phones.
- Implement multi-factor authentication for remote access systems and resources (including cloud services).
- Ensure that you are protected against Denial of Service (DoS) threats.
- Educate and inform your staff and stakeholders on cyber security practices. Example: detecting socially-engineered messages, recognising a phishing email or SMS.
- Ensure that staff working from home have physical security measures in place. This minimises the risk of accessing, using, modifying, or removing information from the premises without authorisation.
Cyber insurance: more important now than ever
Despite taking the above precautions, no IT security system is 100% secure, and even your most vigilant employees may make a judgement error. If your systems are breached in a cyber-attack, Cyber Insurance is essential to minimise what can be a devastating financial impact on your business.
Key benefits of Cyber Insurance:
Cyber Insurance can include cover for the following exposures:
- Financial compensation to recoup costs of an IT security breach – including business interruption, IT recovery costs, ransom payments, forensic investigations etc.
- Fines and penalties – payment of fines and penalties imposed by government or regulatory authorities. These can amount to $1.7 million.
- Third-party liability – compensation for clients/customers who suffer financially or emotionally due to a data privacy breach/data theft.
- Notification costs – compensation to cover customer notification costs and credit monitoring services for affected parties.
- Legal defence costs – cover for costs associated with legal advice and representation in connection with formal investigations by authorities.
- Reputational damage – cover for the cost of professional consultants to assist in repairing reputational damage to a company’s brand as a result of a cyber-attack.
There are a wide range of suitable covers available for both small-medium enterprises and large organisations.
Whitbread are here to support you with important insurance and risk guidance in this challenging time. To request a Cyber Insurance quote for your business, please get in touch with one of our specialists:
This insight article is not intended to be personal advice and you should not rely on it as a substitute for any form of personal advice. Please contact Whitbread Associates Pty Ltd ABN 69 005 490 228 Licence Number: 229092 trading as Whitbread Insurance Brokers for further information or refer to our website.