The Australian Financial Review recently reported how a fake Zoom invite led to the demise of Sydney-based hedge fund Levitas Capital.
It was reported that after one of the fund’s co-founders opened the Zoom link, a hacker was able to send off a series of fake invoices on behalf of the firm.
Levitas Capital, which managed about $75 million before these events, closed its doors after one of its largest clients, Australian Catholic Super, withdrew its funds after hearing of the cyber attack.
If you think this is an isolated case, think again.
According to the Australian Competition and Consumer Commission’s (ACCC’s) June 2020 scams report, Australians lost $132 million in 2019 due to business email compromise scams.
It is apparent that no matter the size of business, anyone is susceptible to a cyber attack. The question is: do you have the right safeguards in place to prevent such attacks?
If you are the victim of a cyber attack, you could be facing legal costs, regulatory fines, extortion and emotional costs, as well as numerous other losses that could be associated with a direct cyber attack.
In our experience in the Cyber Insurance space, there are several, basic and cost-effective steps you can take to minimise these potentially destructive risks.
How to prevent cyber attacks:
1. Invest in the right Cyber Insurance
If a company as large as eBay can be a victim to a cyber attack, so can you. If all cyber security safeguards fail, you can have the peace of mind that your insurer can have you covered for specific incidents.
For example, a good Cyber Insurance policy can cover you for financial losses arising from cyber theft, hacking attacks, ransomware, identity or data theft, fines or penalties for breaching privacy laws and more.
The nominal investment required for a Cyber Insurance Policy can help build a robust and well protected foundation for your business well into the future. Don’t hesitate to contact me for information on a tailored Cyber Insurance plan for your business.
2. Two-factor authentication
You may have seen the emergence of this type of authentication recently through popular apps and platforms such as Google.
Two-factor Authentication (2FA) provides significantly more security than a one-password login. 2FA works by requiring two checks of authorisation before logging into your online profile, rather than the traditional one.
For example, the first login screen may require your username and password, and the next screen will require you to input a code sent to you via text message.
3. Backup data
A cyber attack can be devastating. As a victim of a cyber attack, you run the risk of permanently losing key data – whether it be classified data, personal information, important documents, a website or anything else stored digitally.
Some IT professionals recommend having backups of your data in three different locations, and stored in at least two different formats (such as in the cloud and in a local server).
Using offsite encrypted backups can also be a safety net should damage occur in your main premises.
4. Install relevant anti-virus and spyware software on all work devices
Having up-to-date and reputable anti-virus and spyware software on all devices is crucial. As there will always be new and evolving cyber threats, anti-virus and spyware software can constantly monitor your existing data, as well as new data coming in, and protect you against cyber crime.
It is also ideal to periodically review your security systems and protocols to identify which aspects need to be replaced or improved.
5. Regularly conduct privacy training
With concerns about data privacy on the rise, it’s important that your employees are regularly trained on both the importance of data management and how to handle it correctly. The mismanagement of even the simplest of data, such as information from a contact form, or not being upfront about how you use your client’s data, can lead to severe financial consequences.
Make privacy training a regular action point in your company, starting from the induction process.
6. Require verbal or in person verification when changing client or supplier bank details
In the case of Levitas capital, numerous fake invoices were authorised via a hacked email address.
Similar to Two-Factor Authentication (above), requiring verbal or in-person verification when changing client or supplier bank details adds another layer of security to your business process and can prevent large, unauthorised online transfers.
7. Encrypt data
One way businesses can protect confidential data such as names, contact details, medical data, private messages and credit card information is through data encryption.
In essence, what data encryption does is it translates, or ‘encrypts’, data into a form that only select users with access to a decryption key are able to understand. Data encryption is a particularly useful process in preventing
8. Keep apps, plugins, websites and devices up to date
This is a simple step that could help you avoid potentially disastrous situations. Keeping your company’s website, plugins, apps and devices up to date ensures that they are equipped with their latest security settings.
For example, if your website was constructed on WordPress, there’s a high chance that it was built with numerous plugins that were developed by different companies. Because they were developed by different third parties, each of those plugins increase the risk of your website falling victim to a cyber attack. Thus it is essential to ask your web developer to regularly keep your website and associated plugins up to date.
9. Start improving your cyber security today
These are just a few steps you could take to minimise your chances of a cyber attack. It is advisable to speak to your IT specialists or relevant IT consultants about ways you can secure your business digitally and to develop systems that keep your team informed about the most appropriate ways to manage data.
Although we at Crucial Insurance are not a cyber security firm, we are highly experienced business insurance brokers, especially when it comes to Cyber Insurance. We pride ourselves in helping companies all over Australia source the right Cyber Insurance cover should events turn for the worse. If you’d like to know how to start, don’t hesitate to get in touch.
This article was written by Tony Venning,
Managing Director at Crucial Insurance and Risk Advisors.
For further information or comment please email info@crucialinsurance.com.au.
Important Disclaimer – Crucial Insurance and Risk Advisors Pty Ltd ABN 93 166 630 511 . This article provides information rather than financial product or other advice. The content of this article, including any information contained on it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.
Information is current as at the date articles are written as specified within them but is subject to change. Crucial Insurance, its subsidiaries and its associates make no representation as to the accuracy or completeness of the information. All information is subject to copyright and may not be reproduced without the prior written consent of Crucial Insurance.