A ‘she’ll be right attitude’ to cyber threats simply doesn’t make sense

A ‘she’ll be right attitude’ to cyber threats simply doesn’t make sense

Did you know that 56% of Kiwi businesses experience some form of cyber-attack once a year?

But only approximately 5% of New Zealand businesses have purchased Cyber insurance cover.

There are several forms of cyber threat that are insurable, and most claims made to date on local insurers are from Ransomware attacks.

A description of some of the forms of cyber threat and practical steps you can take to protect your business are provided below.

In addition to those practical steps there are many cyber products available in the insurance market to give you cover in the event of an attack. It makes sense to be protected and to choose the right cover for your business circumstances. As a Steadfast broker in partnership with NZI, we can offer you basic cover costing as little as $285 a year (probably the equivalent of around 2-3 hours of a senior IT contractor’s time.) Contact us to discuss your requirements in more detail or click here for more information.

Ransomware

Ransomware is a type of malicious software that threatens to publish your data or block access to your systems unless a ransom is paid. It is digital extortion and it’s the fastest growing cyber threat for businesses of all sizes.

Cyber criminals hide ransom software in emails and websites – once opened, your files are encrypted with a “key” that only the attacker has access to. Ransomware is especially dangerous as it can spread rapidly and evolve to avoid security measures.

Some of the practical first steps you can take towards being protected against ransomware include:

• Keep your software and operating system up-to-date as new ransomware variants appear on a regular basis
• Be wary of unexpected or suspicious emails that contain links or attachments
• Backup important data and protect it appropriately (or offline) so you still have access to information in the event of a cyber attack
• Educate staff and instruct them not to open emails or links that look suspicious

Malware

Malware is malicious software designed to access your systems or steal data such as financial information, credit card numbers, passwords, and other sensitive information from you and your customers.

Malware can be installed unknowingly by opening affected emails, clicking links or it can be attached in software.

Some of the practical first steps you can take towards being protected against malware include:

• Don’t open attachments or links in suspicious emails or unknown sources
• Educate staff to recognise signs of phishing emails and how to browse online responsibly
• Update your software regularly and install firewall, anti-spyware and anti-virus software across your network

Denial-of-service

Denial-of-service (Dos) attacks can flood servers, systems and websites with malicious traffic in order to crash them and make it difficult, or even impossible, for your customers and your staff to access them.

When the attack comes from multiple sources at once, it’s referred to as a distributed denial-of-service attack (DDoS). Unlike other cyber-attacks, many DDoS attacks aren’t designed for financial gain, but simply to harm your business by causing inconvenience to your customers and staff.

Some of the practical first steps you can take towards being protected against denial-of service attacks include:

• Educate your staff to recognise early signs of a DoS attack, such as slow network performance (opening files or accessing websites), an inability to access websites, or a dramatic increase in spam
• Update your software regularly and install firewalls and anti-virus software
• Contact your IT provider as soon as you notice signs of an attack

Data Breach

If your business stores or collects information from customers, suppliers, partners or employees, there is a chance of that data falling into the wrong hands.

A data breach can be when a cybercriminal accesses your systems through hacking, phishing and malware to steal data like business records, intellectual property or financial information. But a breach can also occur through simple oversight, such as employees sending data to the wrong person.

Data breaches can damage customer trust and business reputation, incur costs to patch and restore systems, result in loss of intellectual property and may result in fines or penalties to your business for breaching customers’ privacy.

Some of the practical first steps you can take towards being protected against data breaches include:

• Have an incident response plan which maps all of your data risks. Know what data you have and where it is stored
• Educate staff to recognise the signs of phishing emails and malware
• Instruct staff on the importance of good data management, for example encrypting data before it’s shared
• Don’t forget about physical data, like paperwork and USB sticks. Securely dispose of personal data you no longer need
• Use strong and complex passwords or multi-factor authentication
• Update your software regularly and install firewalls and anti-virus software

Colmar Brunton Cyber Security NZ SME Landscape 2014