On top of the considerations you have already made regarding your business and insurance due to the implications of COVID-19, now unfortunately you have increasing cyber risk to manage as well.
Cyber attacks have always been intentionally engineered to prey on people’s fears, concerns, and ultimately, their bank accounts. In the wake of the COVID-19 era, attacks remain as malicious as ever, with themed tactics tailored to the worries of today’s society. 43% of all cyberattacks target small businesses, taking various forms such as web-based attacks, phishing attacks and malicious codes. It’s a disappointing reality that there are those who would take advantage of people during a global pandemic, but that doesn’t mean there’s nothing you can do to protect yourself and your business.
Where is your cyber risk coming from?
On average, 92% of all the malware is delivered by email. Although you may not have complete control of what messages land in your inbox you can still regulate which communications, attachments and information you share and open.
Recently, Australia Post has made people aware of fraudulent emails being sent using their branding and prompting customers to click on a link. The emails incorrectly claim a package has failed to be delivered and includes a link to click to ‘Pay fee’ or seek ‘Further information.’
SMS remains the second most common delivery method. The Australian Cyber Security Centre reported on a COVID-19 themed scam via text message, appearing to originate from ‘GOV’ as the sender and including a link to find out when to ‘get tested in your geographical area’ for the virus. The link is not legitimate and may install malicious software on your device, designed to steal your banking details.
And traditional phone scams are also making a reappearance. We’ve recently been notified about scammers calling individuals and pretending to be the ATO, asking for bank account and other personal details, implying that this is in respect of JobKeeper payments. Please do not provide the requested information as JobKeeper payments are only made to employers so there is no necessity for the ATO to be calling employees as the required bank account details were already provided to the ATO during the enrolment process.
Additionally, we’ve heard reports of scammers calling individuals and pretending to be from Microsoft – they will allege that there has been a security breach on your Office 365 account and ask for your 2 factor credentials so they can log in and ‘secure’ your account.
These phishing campaigns are often sophisticated, with cybercriminals aligning malicious activities with government announcements such as relief payments or health guidance and advice.
Tips for protecting your business from cyber risk
- Do not click on hyperlinks in text, social media messages or emails, even if it appears to come from a trusted source.
- Instead, go directly to the website through your internet browser to verify the legitimacy of a contact.
- Never respond to unsolicited messages or calls that ask for personal or financial details. Even if a source claims to be a from a respectable organisation – just press delete or hang up.
- NEVER give anyone your 2 factor credentials – they should be treated as highly confidential and no provider would be asking for this information.
- Keep the security on your network and devices tight and up to date, with a good firewall to protect your data.
- Stay up to date on the latest types of scams by subscribing to the government alert service here: https://www.staysmartonline.gov.au/alert-service
Be sure to remember that no matter how official and sophisticated they may sound, your bank, government, healthcare provider or any other contactor will never ring you to ask for personal details over the phone. This also translates to email; no official source should include a log in link.
The Scam Watch website provides information on the latest scams, tips and alerts. You can subscribe for the latest email alerts on current scams, as well as visiting its social media pages for information
Initiatives you can take include updating your systems with the most current security patches, reviewing your business continuity plans, implementing two-factor authentication to log into systems and platforms, most importantly, educate and remind your team about best practice cyber security practices.
Cyber insurance acts as a safety net should your business be impacted by a cyber-attack or data breach. Having an appropriate cyber insurance solution is no longer a ‘nice to have’ but a ‘need to have’ for many businesses to have adequate protection. Acacia Insurance provides specialist solutions to work as your safety net should your business be targeted by a cyber-attack or experience a data breach.
Contact us to discuss your situation or for a free, no obligation quotation.
Please note that this should be regarded as general advice only, and we would strongly encourage you to call us to discuss your specific situation before making any decisions about your insurance solution or risk management programme.