We’ve all read of major IT security breaches affecting large organisations – resulting in bad publicity, loss of revenues and massive costs to recover data and reassure or compensate customers whose financial or private information has been stolen.
The bad news is, 60% of smaller Australian businesses suffered from cybersecurity incidents in 2017/18, according to research by Chubb, and 67% believe they are not aware of all the cyber threats they face.
Here are three ways your own IT systems can be attacked – at a considerable cost to you in terms of lost productivity, revenues and professional reputation.
1. Insider errors
A large proportion of cybersecurity incidents – around 18% according to Chubb’s research – are due to errors made by your own staff, contractors or even yourself. These can include mistakes in keying information into your systems which introduce data errors or even data corruption. Of greater concern, 45% of the SME organisations Chubb surveyed in 2018 are not confident that all employees with access to sensitive data are fully aware of their data privacy responsibilities.
Forgetting to perform back-ups and storing files off-site and (importantly) testing procedures to ensure you can recover lost data when your IT systems fail, are damaged or stolen, is also a risk factor. Lost or corrupted data is often difficult to restore, and time delays can threaten the efficiency of your operations – resulting in lost revenues and angry clients.
‘Social engineering’ is a term used by security experts to describe theft of passwords or other secure information. It can result from someone within your organisation innocently providing security information to someone purporting to represent one of your technology suppliers, such as a telco, computer contractor or Microsoft.
Worse, an inadvertent staff error – such as opening a file or email containing a virus or other cybersecurity ‘exploit’ – can result in the theft of data by hackers, or even your computer systems being held to ransom!
Ransom attacks are becoming increasingly common. In 2018, the British National Health System was among a massive number of global organisations that suffered catastrophic disruption when staff inadvertently downloaded the WannaCry hack, believed to have originated from North Korea. It paralysed 200,000 systems, resulting in 19,000 patient appointments and treatment being cancelled and an estimated cost of £92 million.
2. Malicious attacks
Your computer systems can be attacked by malicious ‘actors’ as they are called in security circles. These could be ex-staff members of your business or those of your technology suppliers who want revenge on their former employer.
Threats can also come from competitors, who want to disrupt your business or steal your customer lists or intellectual property.
Other malicious threats include ‘kiddy-hackers’ seeking to test their skills with the wealth of security-cracking tools available on the Dark Web, or even foreign governments wanting to disrupt Australian industries and delivery of services.
3. Supplier breaches
If your business is reliant on software or services from technology or other providers, cybersecurity breaches or system failure can impact on staff productivity and the delivery of services to your customers.
Many professionals rely on external systems to conduct their business – from appointment portals to accounting, time management and payment systems. Even some of the largest and most reliable Software as a Service (SaaS) and e-commerce systems accessed via the internet or even direct links are subject to breaches – and this can involve theft of your valuable customer or business information.
One worst-case scenario that received press in 2018 involved the Property Exchange Australia (PEXA) platform set up by the Australian Federal and State governments, several large financial institutions and private investors. Designed to become a compulsory system for conducting financial transactions between property sellers, buyers and their mortgage and financial institutions, the IT systems of a small conveyancing firm were hacked during the trial phase. The result was the theft of significant funds and failure of property exchanges, incurring financial and massive personal inconvenience to Australian homeowners, as this article outlines.
Be proactive and reduce your vulnerability to loss
The best course is to secure your own systems with adequate security technology such as firewalls and virus protection, imposing strong password systems and implementing (and testing) a reliable and frequent back-up system.
You should also choose your technology providers carefully and educate your staff on the importance of watching out for ‘social engineering’ – such as disclosing security information by email or over the phone, or leaving visitors alone where computer equipment is on.
However, as no technology system is ever 100% secure, one option to help mitigate your risk is taking out cyber liability insurance cover which can provide expert advice if and when you need it, as well as assisting you with out-of-pocket costs.
Find out more about the potential costs to your business in our article, 3 ways cybersecurity risks can impact your professional business. The Australian Government has also published a simple guide on how to develop a cyber incident response plan for your business, you can view the guide here.
To learn more about cyber liability insurance contact the Insurance House team on 1300 305 834 or email us at firstname.lastname@example.org
Our advice is general in nature to read the full General Advice Warning click here.