COVID-19 has led to new cyber threats, with figures from the Australian Competition and Consumer Commission showing Australians have lost $309,108 to phishing scams since the start of the pandemic in 2020. This year to date, the commission has received more than 10,000 scam reports.
The explosion in online fraud has come about in part due to new vulnerabilities emerging as people have shifted to working from home. This means firms must be especially vigilant when it comes to protecting their operations and their staff from cyber threats.
Gerry Power is the national head of sales for cyber specialists Emergence Insurance. He explains cyber risks have heightened due to so many staff now working from home who have never before worked this way, and because this transition happened so quickly.
“People are using home computers that don’t have the same security controls as the business they work for, making it easier for hackers to access IT systems,” he explains. So the onus is on firms to take action to protect their networks and their staff from criminal exploitation.
It’s vital businesses have in place a process so all on- and off-premise systems, virtual private networks and firewalls are continually updated with the latest security requirements.
“Cyber risks have heightened due to so many staff now working from home who have never before worked this way”
“This is important as we’re seeing a rise in claims related to ‘remote desktop portable hacks’.
These occur when an employee working remotely, who is linked to the business’ IT system, is using technology that has not been updated with the latest security patches. If your business has staff working from home, make sure the virtual private network has the latest security software.
This allows information to be encrypted as it goes over the internet,” Power explains. Also ensure the business’ security system has multi-factor authentication in place. This means staff need to use a code of up to six digits to access the system, in addition to their password.
“This means to get into the network, criminals need to get a username and password and also access the staff member’s phone. That makes remote access much more secure,” he adds.
These protocols should remain in place as many people are likely to continue to work from home into the future.
Multiple mitigation measures
Cyber insurance must, however, be part of a suite of protections, that include regular, automatic daily data backups. Says Power “Our incident response experience shows claims from companies that only back up their data on a weekly or monthly basis costs three times the claims of companies that back-up daily.” Finally, speed is of the utmost importance when it comes to cyber security.
If there is a breach, the sooner it’s rectified and remediated, the more damage can be contained, resulting in reduced damage to the business. Cyber criminals and their techniques will only become more sophisticated over time.
Which means it’s essential for every business to have clearly articulated and communicated cyber security policies and procedures. That’s the best way to prevent threats and reduce the potential damage fraudsters can cause in what is already a fragile business environment.
This information is provided to assist you in understanding some of the common considerations in buying cyber insurance policies. It is not complete, so please request full details from ARMA Insurance Brokers CQ. Deductibles, exclusions and limits apply to most insurance policies. Insurance policies issued by various insurers can differ.