There are some very simple steps that you can implement in your day to day life and in your business that can help deter cyber criminals, minimise the impact of breaches on your business and help your business get back up on its feet once a cyber breach has occurred.
Use strong passwords and change them often. Don’t use obvious information in in your passwords such as pets or children’s names or birthdays, your favourite sports team name or any of the top ten passwords commonly used that cyber criminals are aware of. Encourage staff to change passwords regularly and educate them on the importance of such measures. Don’t write password information down and leave it in obvious places. Your computer has no protection if you have written the password on a post-it note and stuck it to the side of the monitor.
Educate yourself and staff about the risks. Regularly remind staff to not open emails that they are not expecting and do not click on links in emails unless they are aware of what the link is for.
Exercise safe cyber practices yourself and teach your staff to double check information. If you receive a legitimate looking email from a client or business associate asking to change bank details, call the third party and confirm the email and changes to be made and then send them an email confirming the phone conversation where they instructed you regarding the change of information.
Check the email address of the sender of any emails and encourage this as a practice in your business.
By keeping the cyber security software updated you are less likely to appear as a soft target to criminals. While some may simply see this as an added challenge it does act as a deterrent to many. You are also more likely to become aware of a breach earlier if you have up-to-date security systems in place.
If you are not an expert on what cyber security measures you require in your business, employ the services of someone who does. While hiring the services of a third party to install the appropriate software and provide continued monitoring of your systems, it is a preventative measure that businesses can no longer afford to not implement.
Once a cyber breach has occurred having a plan on how to address the incident can make the difference between whether your business is able to survive or not. A vital part of this plan should be cyber insurance. Cyber insurance policies are specifically tailored to react to the fallout from a breach. This may include paying ransoms, bringing in third party experts to help salvage data and protect further data leakages and assisting business to navigate the possible legal liabilities that may arise as a result of your business losing other people’s information.
Also, changes to the Privacy Act mean that businesses with an annual turnover in excess of $3 Million are now required to notify their customers and the Office of the Australian Information Commissioner within 30 days should they suspect or experience a serious data breach. This could result in a major PR disaster for any business that they have to inform all their clients that they have possibly lost their private information. A good cyber insurance policy should include coverage to assist in mitigating any public fallout from this.
Under a comprehensive Cyber Insurance policy business interruption cover should be included. Business Interruption Insurance is designed to cover the shortfall in gross profits of a business should an event happen that stops the business being able to continue to operate as usual. Business Interruption Insurance can help keep your business afloat while your computer systems are unencrypted, cover advertising costs to let your clients know that you are proactive in dealing with the cyber-attack and help cover the running costs of the business.