The current pandemic wreaking havoc on our world’s healthcare and economy has created an open season of hunting for cybercriminals. With over 80 per cent of companies in Australia encouraging their employees to work from home, cybercriminals have new opportunities to scam their victims.
The Australian Competition and Consumer Commission’s Scam Watch reveals a drastic increase in scams from March 2020 to April 2020, from 11,000 scams to over 17,000. As of late March, 36.5% of businesses in Australia had some sort of data breach when their employees used a third-party cloud service.
The need for cyber insurance has never been greater with the current crisis exposing weaknesses in IT departments. Keep reading to learn about your greatest cyber risks and how you can mitigate them.
What Are Your Cyber Threat Risks?
You may believe you have things covered on your end. After all, you not only have great anti-virus software, but you also are spending extra money for an IT Managed Service Provider. Even if you have an IT Managed Service Provider, you’re at risk.
Research indicates that cybercriminals are working extra hard in what looks like a field that’s ripe for the picking. CYFIRMA’s research reveals a 600% increase in cyber threat indicators because of the pandemic from February to early March. The research goes on to reveal the immense cost of cybercrime in Australia as it is costing individuals and businesses millions of dollars.
Your employees are now working from home through less secure networks. They’re distracted by an environment that is not their office, and their guard is down. Plus, your current IT staff, working both from home and the office, are stretched to the brink.
Plus, when you have more employees at home, your company has now created more access points to a network. This gives cybercriminals an opportunity to capitalize on any vulnerabilities in your system.
Phishing Emails
Most commonly, criminals are using phishing emails.
Picture this: your employee is at home, working diligently. They receive an email with a request to fill out a survey for what looks like a legitimate need, like healthcare. So, they click on it. Once they click on a phishing email, the software opens up in the background and scans their computer. In a matter of seconds, it can find vulnerabilities and download malware.
Most recently in April this year, Service NSW had this exact scenario when an unsuspecting employee opened a phishing email. The net result was an attack that illegally accessed the emails of 47 staff members. Active cyber security teams were able to stop the attack, but not until the personal information of customers had potentially been exposed to the scammers.
The damage had already been done. Now Service NSW is working tirelessly to contact affected customers, but the damage to their reputation will have far reaching consequences.
SMS Scams
Second to phishing emails are SMS scams. The most current SMS scam looks like a Coronavirus text message from the Australian Government.
When you click on the link to access a Coronavirus testing location near you, the link will redirect the phone to a website where cybercriminals download malware or a virus onto the phone. So ironically while you’re looking for a place to be tested for a physical virus, your phone is picking up a digital virus.
If your phone picks up this virus, a criminal can steal your banking credentials whenever you use your phone to log into your account.
What Are Your Cyber Security Weaknesses?
Your businesses’ biggest technical weakness is, unsuspecting, at-home employees. You may believe your biggest weakness lies in your current tech system, but truthfully, your employees are your biggest threat.
You have a two-fold risk with employees.
Employees working remotely pose a bigger technical risk than if they were working at the office.
Covid-19 has forced businesses to send their employees home to use remote desktops and mobile devices. If you have any weaknesses in your network, remote desktops expose them.
Additionally, your IT team, which is already maxed out because of their need to bulk up your security system, will need to run double-time to help remote employees. When an employee cannot connect or make something work from home, they’ll call your help desk, keeping your IT people so busy with putting out fires leaving limited time to focus on identifying other security threats.
Employees working remotely are more prone to distraction and poor decision making.
Your employees are enjoying the benefits of working from home. This means they’re waking up right before they need to go to work. They most likely have children or spouses at home with them, and they may not be as alert or diligent as they would be in the workplace.
Employees working from home find themselves distracted by simple tasks. They leave their computers exposed and vulnerable to attackers. They also online more searching for updates on the current situation and tend to click on interesting emails that they’ might have normally left alone at work.
Research supports the idea that cybercrimes are bumping up in this COVID era. Cybercriminals are working extra hard in what looks like a field that’s ripe for the picking. CYFIRMA’s research reveals a 600% increase in cyber threat indicators because of the pandemic from February to early March. The research goes on to reveal the immense cost of cybercrime in Australia as it is costing individuals and businesses millions of dollars.
How Are These Weaknesses Cyber Security Risks?
It’s odd to think that just sending employees home poses a cybersecurity risk, but it does. The very same people who work for you can unsuspectingly and sometimes purposefully destroy your business.
The Unsuspecting Employee
This is the employee who clicks on the things that look interesting; completely forgetting about their cyber-security training.
A new study has found that Australian employees are the weakest links in the nation’s efforts to fight cyber-attacks. Almost half of all security incidents in 2019, even before the cyberattacks amped up, came through inappropriate IT use.
These mistakes range from sharing inappropriate data across mobile devices, to losing devices with sensitive information. More employees than ever are using mobile devices as they work from home. It’s the quickest way to communicate no matter where you are.
How Can You Minimise Cyber-Attack Risks?
Australian business owners and individuals have options. Being aware of the cyber risks out there is your first step. Having good cyber security measures in place is the second and best way to deal with the criminals who want your data and money.
Continuity Plans and Procedures
Begin by reviewing your business’s continuing plans and procedures. Make sure your plans identify more than just physical harms like fire and natural disaster. They should include cyber-attacks as well.
Make sure your employees understand the procedures in case of such an attack, so they know how to keep business going as usual. This is your first step in cyber defence.
Stay Up to Date
Have your IT team make sure you Virtual Private Networks and firewalls have the most up-to-date security patches in place. Both Windows and Apple will have advice on which patches you need.
As you update your networks, increase your cybersecurity measures. You will have more attacks, and you will have more remote access to technology. Test your security on your remote workers to make sure it works.
Make sure all remote desktop clients are secure. As you prepare to send your employees home with laptops and mobile phones, double-check the hardware to make sure it is secure as well.
Boost Up Your Security
Add extra authentication in for devices attempting to access your system remotely. This may mean your employees working from home have to take extra steps to log in to work, but these measures will keep your company and your employees safe. Compare it to putting on a five-point security harness in a cockpit versus a lap seat belt.
As you beef up authentication, make sure you have protection against Denial of Service (DoS) threats.
Educate Your Team
If you haven’t already educated your team members on cybersecurity, do it now. If your team members are already working from home, hold a webinar led by your IT team. Require all employees to attend, and have them learn about socially engineered messages, phishing, and SMS scams so they can identify and then avoid them.
Make sure all employees working from home have put physical security measures in place. Give them specific ideas on how to keep their devices safe to minimise the risk of anyone accessing, using, modifying, or removing information.
What is Cyber Insurance?
You can protect your business from cyber-attack by having good cyber liability insurance. Contact your business insurance broker to see if you have adequate coverage for your business.
Any business that uses tech is at risk. Now, more than ever, our world needs reliable technology. This environment is open season for cybercriminals.
No IT security system is fool proof. Plus, even your best employees can make mistakes. Cyber insurance will minimise the devastating financial impact a cyber-attack can cause. Cyber criminals choose their victims without discretion, but they look for targets that can be breached, have money and data at their fingertips.
Cyber insurance covers things such as:
• Data breaches
• Ransomware
• Phishing attacks
• Cybercrime
A Healthy Business is a Safe Business
As you focus on keeping yourself and your employees healthy, don’t forget to keep your business healthy. Protect it from cyber-attacks with being proactive with your risk management and a comprehensive cyber insurance policy tailored to suit your businesses’ needs.
For more information call now. 1300 020 148