By: Byron McPherson, Reliance Partners

Newspaper headlines this week of a property transaction intercepted by hackers - with $250,000 stolen - make for unsettling reading. In the small business world it should be setting off alarm bells, as the theft took place allegedly whilst under the conveyancers’ management. In all of our lives, more frequent and sophisticated cyber scams nudge us constantly to heighten our vigilance. In small business, cybercrime is also on the rise, and they are often easy targets with lax security.

Cyber criminals continue to have success, with statistics from the global Verizon Data Breach Investigation Report (DBIR), compiled after Verizon investigated more than 50,000 claims, show hacking was involved in 48% of breaches and malicious software in 30% of breaches. Errors caused 17% of breaches and 12% were from privilege misuse. Ransomware made up 39% of claims. Cyber criminals commonly use a mixture of methods, for example, phishing (disguising as a trustworthy entity) to obtain access to insert malware, with 15% of staff still clicking on phishing emails.

For small businesses, complacency can be the enemy, with many businesses not able to imagine how cyber security might affect them. The complexity of the risk often leads to brushing it over, only thinking that losing data or files is the biggest risk. That in itself is enough, but loss of client data, financial information, theft, inability to trade and loss of reputation and trust are events that can have devastating consequences for small business. These risks are as real and serious as a physical break in. Prevention is better than a cure, with the cost of cyber event remediation likely to increase now that Australia’s notifiable data breaches (NDB) scheme is in place.

A few recent case studies are worthy of consideration:

1. A regional Queensland boat dealer suffered a ransomware attack which was “a new breed” of encryption not previously seen. With IT assistance, files were restored from back-ups, no ransom was paid, and there was no business interruption because the dealer was operational again within 24 hours.

2. An accountancy firm was hacked after a patch was not installed and 10,000 records were affected. The insured did not know personal information was stored in its website. Notification to the Office of the Australian Information Commissioner (OAIC) and affected clients was required under the NDB scheme.

3. A large advisory firm’s phones were hacked (phreaking) via decoding a simple password and expensive international calls made. The Cyber Insurance policy covered the additional phone costs and IT experts to install better firewalls.

All small businesses should have at least a basic plan in place, with Cyber Insurance policies giving 24/7/365 access to an incident response team of experts who understand the importance of immediately mitigating potential threats to businesses. Insurers can also manage reporting data breaches to OAIC, subsequent regulatory investigations, and costs associated with communicating data breaches to affected individuals. A cyber insurance policy is part of every successful business’s risk management framework. Cyber insurance is not the first line of defence; it is designed to protect a business when it's IT security, policies and procedures fail to stop an attack. A well negotiated Cyber Insurance Protection package, generally starts around $1,000 giving clients financial support and incident response expertise to recover from adverse events, including ransomware attacks, point-of-sale intrusions, denial-of-service attacks and cyber espionage.

For further information and a quote for your business contact Byron McPherson at Reliance Partners on 0488 080 065 or email bmcpherson@reliancepartners.com.au.