Australian businesses have been urged to recognise the significant level of ransomware threat from cyber adversaries. Scamwatch has received over 3,900 scam reports mentioning the coronavirus with over $3.1 million in reported losses since the outbreak of COVID-19. Ransomware acts as a method of extortion, locking a computer’s content and displaying a message requiring victims to pay a ransom in order for them to regain access. The emails delivering ransomware to victims often mirror the branding of trusted and reputable corporations as part of their techniques.
Why are businesses vulnerable now more than ever?
With lockdown restrictions, Australians are relying on the internet more than ever before. Residents are compelled to shop online, while employees have adopted a new way of working, from home. Cybercriminals are using the pandemic to their advantage by preying on the fears and susceptibility of the population. As people begin to use new online services, there’s a learning curve as they may be unfamiliar with different privacy settings, leaving themselves unprotected to an attacker. With screen time increasing during the lockdown period, so does the size of information available to cybercriminals.
How to reduce the cybercrime risk to your company
- Train your employees on security measures: It’s essential to implement the right security protocols that mitigate most of the risk. Employee training in this area should be a key priority for business owners. Well-informed workers make it difficult for scammers to gain unauthorized access to networks, files and information.
- Update your company’s operating systems and software regularly: Necessary remote work security practices include two-factor authentication, implementing a zero-trust network strategy and using an operating system that is secure by design. Each employee’s operating systems and software should be updated as frequently as possible.
- Use encryption for sensitive data and information: With the rise in employees working away from the office, communication of sensitive information is frequently occurring through email and phone. Companies should use full-disk encryption to protect computers, tablets, and smartphones of employees, saving a copy of the encryption password in a secure location separate from stored backups. A crucial note is that email recipients typically need the same encryption password in order to decrypt and access the information. You should never send the password or key in the same email as the encrypted document. Instead, give this to employees via a phone call or some other method.
Staying up to date with recent scams
You can access the most recent scams impacting business through the Scamwatch website. Businesses can also sign up to the ACCC’s Small Business Information Network to receive emails about new or updated resources and scams relevant to the small business sector. You can find more information on what to keep an eye out for and how to prevent cyber security threats here.
Cyber insurance acts as a safety net should your business be impacted by a cyber-attack or data breach. Western General Insurance has access to policies that can include business interruption loss due to a network security failure or attack, human errors, or programming errors, as well as liability arising from failure to maintain confidentiality of data.
To find out more or get a quote, contact us.