follow us
Planning your next holiday? Find an ATAS accredited agent here » ATAS Logo

Register

If you're a new user and do not yet have a username/login.


Register Now

Participant Zone

Accredited ATAS participants click here for access to the secure business support area.

My AFTA

Returning users log in to commence or access your ATAS application.

My AFTA Login

News Hub

« Back

Cyber Attacks lost in the News Cycle

By Gow Gates Insurance Brokers


Prime Minister Scott Morrison held a press conference on 19 June 2020 to advise that Australia was “under attack” – there had been a large number of Cyber Attacks on Australian businesses and government agencies to the point where Mr Morrison took the step of informing the country. For someone who has been learning about the damage these attacks can cause, what happened next was even more alarming. Within 48 hours, this announcement had been lost in the midst of the next news cycle. Granted, the current news cycle is reporting on a Virus overtaking the globe, but it appeared as if the country had just moved on to the next story or scandal.

So what happened? The Australian Cyber Security Centre (ACSC) advised:

“The Australian Government is currently aware of, and responding to, a sustained targeting of Australian governments and companies by a sophisticated state-based actor.

A range of tactics, techniques and procedures are being used to target multiple Australian networks. It’s important that Australian companies are alert to this threat and take steps to enhance the resilience of their networks. Cyber security is everyone’s responsibility.“

This is serious. We have been warned, so what should we do?

The ACSC did provide detailed information for IT Managers, but again, what should you do?

Their advice provided some pro-active steps that you can follow to protect yourself, your systems and your devices:

1. Prompt patching of internet-facing software, operating systems and devices

Organisations should ensure that security patches or mitigations are applied to internet-facing infrastructure within 48 hours. Additionally organisations, where possible, should use the latest versions of software and operating systems.

2. Use of multi-factor authentication across all remote access services

Multi-factor authentication should be applied to all internet-accessible remote access
services, including:

• web and cloud-based email
• collaboration platforms
• virtual private network connections
• remote desktop services.

This government organisation has put together an “Essential Eight” which provides basic protection and can be viewed at this link: https://www.cyber.gov.au/acsc/view-all-content/essential-eight/essential-eight-explained

The Government website, www.staysmartonline.gov.au is transferring to www.cyber.gov.au and you can sign up for an email that send you alerts with simple, easy to understand information on the latest scams, developments, protections etc. It is an easy way to keep informed about threats to your business and how to avoid them.

What else can be done?

Previously we have suggested that for travel companies, it is crucial that they heed the call for better risk management around cyber as ransomware can often be easily defended against.

Whilst Cyber Insurance is an important consideration for all businesses now, it only transfers the risk, and the main aim should be to ensure your IT systems have the best security protection available. It’s crucial that business owners understand they have a responsibility at all times to be vigilant in how they manage information, protect their data, and their clients private data which they would be liable for should it be invaded.

Important steps in protecting your business

  1. Understand the evolving risks - It all begins by having an understanding of the internal and external vulnerabilities that can affect your business – how hackers can gain entry, including their different methods and motives, and how to identify points of weakness in your systems.
  2. Develop a security policy that is ingrained into your business culture - It’s crucial to have protocols that all employees follow. Do you regularly update your staff on dangers of opening unfamiliar emails and instruct them not to click on links that may be included? Do staff know about the latest phishing scams and how they target staff to trick them into putting in passwords or going to dangerous sites all in a hurried click? Educating staff is the best defence against these types of scams and attacks.
    The Australian Government’s website Scamwatch has many useful tips and reports on the latest scams affecting business – from phishing scams, false invoicing and ransomware. The website address is www.scamwatch.gov.au.
  3. Pick up the phone - Verify financial requests and confirm details by phone instead of relying on email to initiate or complete any financial transaction – whether you are dealing with your bank, vendors, clients, or employees.
    Use a two-step verification process to add another layer of security for approving outgoing funds. This will help protect you from a loss.
  4. Keep your software up to date - Don’t delay updating your anti-virus software or other security applications. Up-to-date software will help you guard against the latest threats and keep your infrastructure secure.
  5. Have an incident response plan and practice it - Just like a fire drill, having a plan of action for responding to a cyber incident is crucial. Even more important, it should be practiced so that all your employees know exactly what to do in the event of a breach.
  6. Back-up, back-up, back-up!!! - Back-up all of your data on a regular basis – whether it be a hard drive off-site, or to the cloud – speak to your IT consultant to determine the safest method for your particular business.
    Don’t forget, if your server hard-drive fails due to a breakdown, you may lose all your data. It doesn’t even need to be related to a cyber attack!
  7. Consider taking out a Cyber Insurance policy - Whilst best that you avoid an attack all together, scams and hacks are evolving so quickly that even the most sophisticated systems can be defeated.
Cyber Insurance should be part of every organisation’s risk management strategy and should be tailored to bridge the gaps that exist within traditional insurance policies, including:

  • Privacy breach customer notification costs;
  • Data recovery;
  • Network business interruption; and
  • Crisis management such as public relations, call centre, and legal costs.

As well as legal liabilities that arise due to:
  • Privacy breach regulatory investigation;
  • Defamation, libel, slander, infringement of any copyright or trademark; and
  • Security and privacy breaches such as unauthorised disclosure of personal information or breach of confidentiality agreements.

If you would like further information or an obligation free Cyber Insurance quote, please contact Rebecca Fleming, Manager of our Travel Division at Gow-Gates Insurance Brokers on (02) 8267 9919 or rfleming@gowgates.com.au to discuss your circumstances or to obtain a quotation.

General Advice Warning – the information in the above article is intended as a guide only and should not be relied upon without consulting your relevant insurance policy wording and conditions or conversely seeking professional advice from either your insurance broker or insurer regarding a claim or potential loss. Failure to adhere to this warning could result in a denial of a claim or potential loss or a reduction in settlement of a claim or potential loss.