Cyber-crime and insuring your business
“Prevention is better than cure,” says Phil Thorpe, Client Director at Alan Boswell Group. “And there is a plentiful supply of information out there regarding the ever-increasing risks and how to minimise them by continually upgrading computer systems.”
You’ll probably remember the full page adverts British Airways placed in newspapers to apologise for the data breach that affected about 380,000 transactions – it compromised personal and financial details of passengers who made bookings over a particular 15-day window.
As cyber-attacks and data breaches make the headlines, Phil Thorpe stresses the importance of Cyber Liability Insurance and the risks your business may be facing.
Safeguard your business with the right software
First and foremost, it’s about getting appropriate safeguards such as encryption, password protection and firewalls in place; installing anti-virus software from a trusted provider; and regularly updating operating systems and software to avoid vulnerabilities. It’s worth maintaining secure data back-ups as well, just in case the worst should happen.
For businesses, it’s also important to keep an eye on passwords, permissions and data access to staff members who change department or leave the company. Education is also key, to help employees stay up to date with this ever-changing cyber-landscape, and to be alert to tactics such as impersonation fraud and phishing. It may even be worth introducing specialist roles to bring IT, data and software experts into the business, or finding a reliable consultancy firm.
46% of all businesses in the UK had suffered at least one cyber breach
“Engaging appropriate IT support is key, and implementing their advice even more so,” Phil affirms. “And this shouldn’t stop with your own business – it should also extend to your supply chain.”
If the cyber-criminals still manage to infiltrate, then a cyber liability insurance policy can step in to cover such aspects as data restoration, business interruption, third-party liability and reputational repair.
With technology, attacks and cyber intelligence constantly evolving, it’s unlikely we’ll ever achieve ‘total cyber-security’; but by taking the time to acquaint yourself with the threats and implement the highest standards of protection available, you can keep risks to a minimum – and avoid the vast majority of attacks.
The Cyber Security Breaches Survey 2017 found that 46% of all businesses in the UK had suffered at least one cyber breach or attack in the 12 months leading up to the survey – and yet only 58% had taken action on five or more of the government’s 10 Steps to Cyber Security. Read more: A-Z of cybersecurity
Cyber risks your business should know about
Ransomware
Ransomware does what it says on the tin – it allows cyber-criminals to hold your data hostage by locking or encrypting your devices and files, usually until a ransom fee is paid. However, there is now an increasing emphasis on so-called ‘pseudo-ransomware’. This is where the criminals’ objectives are unclear, or their aim seems to be to cause disruption or destroy data, rather than to make large financial gains.
Hacking
This will continue to be a big area of focus for 2018, with hackers developing ingenious new ways to steal or compromise your data, either for their own use or to sell on to third parties. Their two key tactics are: malware, which is software designed to disrupt, damage or gain access to a computer system; and phishing, which involves sending emails that look to be from reputable companies, requesting personal details from recipients and/or encouraging them to click on links to fake websites or to open files that will expose them to malware.
Business email compromise (BEC)
These attacks are a form of highly targeted phishing, where fraudsters contact a specific individual at a company and pretend to be a fellow employee, usually in order to gain access to (and, consequently, use of) that person’s email inbox. They’re then able to steal data and conduct fraudulent activity, such as requesting funds transfers from the company’s finance department.
Distributed denial-of-service (DDoS)
This type of cyber-attack temporarily or indefinitely disables computer systems, networks and wirelessly connected devices by disrupting the services of an internet-based host. This is usually achieved by flooding the targeted system with traffic, often from many different sources, to try to overwhelm it. A DDoS attack tends to come as a result of phishing or malware exposure.
Internet of things
You’ve probably heard of this term, which refers to the interconnectedness of today’s technology. So many of our devices, appliances, everyday objects and even vehicles are now linked to each other and to central data hubs, constantly exchanging information wirelessly via the internet, and that makes them vulnerable to data interception, hacking and DDoS attacks. This is especially true of wireless devices whose systems and cyber-security measures aren’t kept up to date.
Contact us on 01603 218000 to discuss the right level of cover and insurance needs of your business.
Read more: Guide to cyber security incident response planning