Since the COVID-19 Pandemic hit Australia, cybercrime has increased dramatically. As more and more Australians work from home, and rely heavily on digital platforms to interact and conduct business transactions, cyber criminals are taking advantage.
Understand how you can mitigate the risk of cybercrime, and minimise damage inflicted by a cyber-attack.
Why has the risk increased?
As more Australian’s work from home, and the use of remote access technology and video conferencing increases, cyber criminals are actively exploiting the situation.
Since the Coronavirus pandemic hit Australia in early March, there has been a significant increase in COVID-19 related malicious cyber activity. The Australian Competition and Consumer Commission’s “Scamwatch” has received over 100 reports of Coronavirus scams in the last three months, and the volumes continue to rise substantially.
CYFIRMA’s threat visibility and intelligence research also unveiled a 600% increase in cyber threat indicators related to the Coronavirus pandemic from February to early March.
Working from home creates further vulnerabilities where malicious actors “can gain additional access points to a network”, Fergus Hanson, the director of the Australian Strategic Policy Institute's International Cyber Policy Centre stated (Sydney Morning Herald).
COVID-19 malicious threat examples:
Phishing emails – these aim to trick recipients into clicking links in emails that subsequently open up software in the background that scans their computer for vulnerabilities and downloads malware.
SMS scams- there are Coronavirus text messages circulating that purport to be from the Australian Government. These messages encourage people to click the link to access testing locations near them. If the link is clicked, the phone is redirected to a website where cyber criminals will download malware, or a computer virus onto the phone. In this particular scam the criminals attempt to steal banking credentials when the user logs-in, providing access to the user’s money.
For ongoing reports regarding COVID-19 malicious cyber activity from the Australian Cyber Security Centre (ACSC): click here.
Measures to mitigate the risk:
Australians must be vigilant about cyber threats. The ACSC stipulates that “good cyber security measures are the best way to address cyber threats”.
Key cyber risk protection recommendations from the ACSC:
- Review your business continuity plans and procedures.
- Ensure your systems, including Virtual Private Networks and firewalls, are up to date with the most up-to-date security patches (see guidance for Windows and Apple products).
- Increase cyber security measures in anticipation of the higher demand on remote access technologies, and test them.
- If you use a remote desktop client, ensure it is secure.
- Ensure your work devices are secure e.g. laptops, mobile phones.
- Implement multi-factor authentication for remote access systems and resources (including cloud services).
- Ensure that you are protected against Denial of Service (DoS) threats.
- Educate and inform your staff and stakeholders on cyber security practices. Example: detecting socially-engineered messages, recognising a phishing email or SMS.
- Ensure that staff working from home have physical security measures in place. This minimises the risk that information may be accessed, used, modified or removed from the premises without authorisation.
More important resources from the Australian Cyber security Centre:
Cyber insurance: more important now than ever
Despite taking the above risk precautions, no IT security system is 100% secure, and even your most vigilant employees may make a judgement error. If your systems are breached in a cyber-attack, Cyber Insurance is essential to minimise what can be a devastating financial impact on your business.
Key benefits of Cyber Insurance:
Cyber Insurance can include cover for the following exposures:
- Financial compensation to recoup costs of an IT security breach – including business interruption, IT recovery costs, ransom payments, forensic investigations etc.
- Fines and penalties – payment of fines and penalties imposed by government or regulatory authorities. These can amount to $1.7 million.
- Third party liability - compensation for clients / customers who suffer financially or emotionally as a result of a data privacy breach / data theft.
- Notification costs – compensation to cover the costs of customer notification, and credit monitoring services for affected parties.
- Legal defence costs – cover for costs associated with legal advice and representation in connection with formal investigations by authorities.
- Reputational damage - cover for the cost of professional consultants to assist in repairing reputational damage to a company’s brand as a result of a cyber-attack.
There are a wide range of suitable covers available for both small-medium enterprises and large organisations.
Whitbread are here to support you with important insurance and risk guidance in this challenging time. To request a Cyber Insurance quote for your business, please get in touch with one of our specialists:
E firstname.lastname@example.org T 1300 424 627
This insight article is not intended to be personal advice and you should not rely on it as a substitute for any form of personal advice. Please contact Whitbread Associates Pty Ltd ABN 69 005 490 228 Licence Number: 229092 trading as Whitbread Insurance Brokers for further information or refer to our website.