A few weeks ago a massive cyber attack hit across the globe. For all businesses this must be a wake-up call to ensure their systems have the most up-to-date security, back-up systems and disaster recovery plans in place.
The most recent attack spread across 150 countries and more than 200,000 computers. According to reports, at least five Australian businesses were confirmed to have fallen victim, so the damage to Australia was quite limited – this time.
There was a vulnerability in Windows’ computers that was exploited in the ransomware attack. In this case, the attack could have been blocked by ensuring computers were up-to-date with security patches. Assistant Minister for cybersecurity Dan Tehan said the attack should be a wake-up call to business owners.
“All businesses should immediately update their Windows operating system with the latest security patches and there are instructions on the ACSC [Australian Cyber Security Centre] website to do this,” Tehan said, according to news.com.au.
“This ransomware attack is a wake-up call to all Australian businesses to regularly backup their data and install the latest security patches.”
For travel companies, it’s crucial that they heed the call for better risk management around cyber as this particular ransomware could easily be defended against.
Whilst Cyber Insurance is an important consideration for all businesses now, it only transfers the risk, and the main aim should be to ensure your IT systems have the best security protection available. It’s crucial that business owners understand they have a responsibility at all times to be vigilant in how they manage information, protect their data, and their clients private data which they would be liable for should it be invaded.
1. Understand the evolving risks
It all begins by having an understanding of the internal and external vulnerabilities that can affect your business – how hackers can gain entry, including their different methods and motives, and how to identify points of weakness in your systems.
2. Develop a security policy that is ingrained into your business culture
It’s crucial to have protocols that all employees follow. Do you regularly update your staff on dangers of opening unfamiliar emails and instruct them not to click on links that may be included? Do staff know about the latest phishing scams and how they target staff to trick them into putting in passwords or going to dangerous sites all in a hurried click? Educating staff is the best defense against these types of scams and attacks.
The Australian Government’s website Scamwatch has many useful tips and reports on the latest scams affecting business – from phishing scams, false invoicing and ransomware. The website address is www.scamwatch.gov.au.
3. Pick up the phone
Verify financial requests and confirm details by phone instead of relying on email to initiate or complete any financial transaction – whether you are dealing with your bank, vendors, clients, or employees.
Use a two-step verification process to add another layer of security for approving outgoing funds. This will help protect you from a loss.
4. Keep your software up to date
Don’t delay updating your anti-virus software or other security applications. Up-to-date software will help you guard against the latest threats and keep your infrastructure secure.
5. Have an incident response plan and practice it
Just like a fire drill, having a plan of action for responding to a cyber incident is crucial. Even more important, it should be practiced so that all your employees know exactly what to do in the event of a breach.
6. Back-up, back-up, back-up!!!
Back-up all of your data on a regular basis – whether it be a hard drive off-site, or to the cloud – speak to your IT consultant to determine the safest method for your particular business.
Don’t forget, if your server hard-drive fails due to a breakdown, you may lose all your data. It doesn’t even need to be related to a cyber attack!
7. Consider taking out a Cyber Insurance policy
Whilst best that you avoid an attack all together, scams and hacks are evolving so quickly that even the most sophisticated systems can be defeated.
Cyber Insurance should be part of every organisation’s risk management strategy and should be tailored to bridge the gaps that exist within traditional insurance policies, including:
-- Privacy breach customer notification costs;
-- Data recovery;
-- Network business interruption; and
-- Crisis management such as public relations, call centre, and legal costs.
As well as legal liabilities that arise due to:
-- Privacy breach regulatory investigation;
-- Defamation, libel, slander, infringement of any copyright or trademark; and
-- Security and privacy breaches such as unauthorised disclosure of personal information or breach of confidentiality agreements.
If you would like further information or an obligation free Cyber Insurance quote, please contact Rebecca Fleming, Manager of our Travel Division at Gow-Gates Insurance Brokers on (02) 8267 9919 or firstname.lastname@example.org to discuss your circumstances or to obtain a quotation.
General Advice Warning – the information in the above article is intended as a guide only and should not be relied upon without consulting your relevant insurance policy wording and conditions or conversely seeking professional advice from either your insurance broker or insurer regarding a claim or potential loss. Failure to adhere to this warning could result in a denial of a claim or potential loss or a reduction in settlement of a claim or potential loss.