Why have Cyber Insurance?
Why have Cyber Insurance?
Cyber Protection Insurance – Why you need this now
Does your business in the Tech and IT sector have the right insurance cover in place?
You may have worked in Tech and IT sector for many years so you know the industry inside out. But do insurers understand your industry? Or do they lump you in with other companies that have nothing in common with yours?
It’s likely you took out an insurance policy in the early days because, of course, you want to protect your business and you need certain cover in place to allow the running of it. The renewal period for your insurance policy comes and goes and you pay your premium, knowing that you’ll be covered for any worst-case scenario.
But are you certain that you have the correct cyber protection insurance for your business now? How does your insurance policy respond to attacks via crypto ransomware? Or claims for your and your client’s Business Interruption, in the aftermath of a cyber-attack?
We get it. Insurance policy wording does not make for light bedtime reading. But did you know that during the last financial year, cybercrime accounted for an average reported loss of nearly $9,000 for small businesses? So it’s important that you review your insurance to check you have the right cover in place for your unique business.
What are common examples of cybercrime?
With cyber-attacks on the rise, it’s important to keep up-to-date with the latest information on how to protect your business, such as that outlined by the ACSC.
Malware means malicious software. It’s a blanket term for programs or files that intend to inflict harm on the computer and/or user. While there are many different kinds of malware (and new versions being developed all the time) here are 5 common types:
Viruses – self-replicate by modifying other computer programs and inserting their own code, thereby ‘infecting’ the areas where the virus has been executed.
Spyware – gathers information (think credit card details or other PII (Personally Identifiable Information), usually unbeknownst to the victim and sends this information back to the attacker.
Trojans – are disguised as a legitimate program but when opened, the trojan is installed, usually to allow access to PII or for Ransomware. Worms – are similar to viruses in that they self-replicate; the primary purpose of a worm is to infect other computers (by duplicating itself), using vulnerabilities in computer networks to spread.
Ransomware – is designed to lock down your computer and files and demand a ransom to restore access, which is typically payable using cryptocurrency, like Bitcoin. (Important tip – don’t ever pay the ransom! Call the ACSC’s 24/7 Hotline on 1300 CYBER1 if you experience a ransomware incident)
But how does malware gain access to your computer?
Popular delivery systems for malware can be via phishing and social engineering, with the end goal being to access and steal confidential information from your computer.
Phishing – tends to be in the form of scam emails which mimic branding from companies you think are legitimate. They can also be sent as an attachment (designed to look genuine), with malware inside. Social engineering – also uses deception to convince individuals into giving their personal information online. But social engineering is more manipulative; it exploits a person's willingness to be helpful. For example, an attacker may pose as a contact from a company known to an employee, with an urgent email chasing up a fake invoice.
What can your business do to mitigate cyber-attacks?
As always, prevention is better than cure and many cyber liability insurers require cyber hygiene practices to be in place before they will offer cover. Here are some ways you can deter criminal hackers from making your business an attractive target.:
Updates – your operating system is the most important piece of software on your computer. It manages your computer’s hardware and all its programs, and therefore needs to be updated regularly. Updated software is a safer version of its predecessor, so set updates to automatic where possible. Data backup – this enables the creation of a digital copy of your business’ important information, such as, customer details and sales figures. A backup can be made to an external, disconnected hard drive or to the Cloud. Ensure you have regular, automated backups in place too. MFA – this stands for multi-factor authentication and is a security measure that requires two or more proofs of identity for access to be granted. This deterrent creates more hoops for criminals to jump through, making it harder and more time-consuming to hack. Access control – if you regulate permissions within your business’ operating system, then you limit sensitive information getting into the wrong hands. Employee training – putting in place a cyber security incident response plan can help to change the habits and behaviours of your employees and create a sense of shared accountability in keeping your small business safe. Passphrases – these are longer and more complex than a single password, which means they are harder to decipher, yet often easier for the user to remember. Firewall – this helps protect your network by filtering traffic and blocking outsiders from gaining unauthorised access to the private data on your computer. (Note – firewalls will not protect your system from malware). Anti-virus software – a non-negotiable software which prevents, scans, detects and deletes viruses from your computer.
When you’ve established all of the above, the last piece in the cyber protection puzzle is finding the right Cyber Protection Insurance for your business. Avoid the risk of having to shut down your business by having the correct cover in place.
Get in touch with SherpaTech today, for all your cyber protection insurance and IT liability insurance needs.