Many SME businesses could be at risk of losing money and customers because they don’t have cyber insurance or a cyber security plan, according to this AAP article published by SBS.
Only 13% of small businesses have a plan to protect their money and valuable client data, according to a monthly survey of 400 small business owners by online business management solutions provider MYOB Group.
All types and sizes of business may be susceptible to cyber attack, but attackers may consider smaller businesses more vulnerable because they are unlikely to be as well prepared as larger enterprises.
What are the most common types of cyber attacks?
Cyber attacks can involve individuals in a business being tricked into clicking on a download, email or attachment that may contain a virus or ransomware. If the attack is successful your business may be blackmailed, threatened or held to ransom. Should you pay this kind of ransom to get your business back up and running? According to this Huffpost article, no, not unless someone’s life is in danger, as there’s no guarantee the hackers will keep up their end of the bargain, and it only serves to further reinforce their behaviour.
A cyber attack may also involve a false invoice being sent to a business and money being paid to a fraudulent party.
The Australian Cybercrime Online Reporting Network (ACORN) received nearly 12,000 reports of cyber crime in the quarter leading up to June 2017, 51% of which related to scams or fraud and 19% to purchases or sales.
Last week the Australian government’s StaySmartOnline service, which provides information on how home internet users and small businesses can protect themselves from cyber security threats, warned of scam emails under the guise of “E-toll Account statement” or “AusPost Delivery”.
These scam emails invited email users to click on a “View in OneDrive” link which could lead to the installation of malware onto the user’s computer.
Earlier in September, a fake email circulated claiming to be an invoice for an eBay purchase, and another email claiming to be “Voice Message from 017234512978 – name unavailable” aimed to download ransomware onto the user’s computer.
Cyber attackers are typically after money already in a business’s bank account or looking to divert money that should be flowing into that account. Also, cyber attackers seek client information which can be used in identity fraud.
According to the Privacy Act, businesses that turn over more than $3 million a year are obliged to protect information and if you’ve taken no measures to protect your business and your customers, you may be liable for prosecution.
Also, clients who have personal information stolen may have a case to take legal action against the business that was attacked.
What can you do to protect your business from cyber attack?
Clearly cyber attacks have some big downsides. But remember that prevention is truly the best medicine. Risk mitigation is really about doing the basics (but ACTUALLY doing them – how many of us are guilty of having a favourite password for everything?!)
Complex, difficult to guess passwords, keeping off public wifi, ensuring your antivirus protection is up to date… most of us are aware of the common sense steps to manage our cyber risks, but we need to set aside time to ensure we’re maintaining a good basic level of hygiene. Despite that, your business could still be impacted by a cyber attack, and that’s where cyber insurance can come into play as your safety net.
Talk to us about what a right-size cyber insurance solution could look like for your business.