Data and cyber-security is of growing concern to individuals, business, government and other organisations. We must all maintain the utmost vigilance to protect ourselves and our data, and work hard to ensure we understand how cybersecurity impacts business.
At Eckermanns, our team of commercial lawyers, registered conveyancers and business support experts go to great lengths to ensure that our client data and personal information is stored securely and protected from breach.
- How cybersecurity impacts business?
- Why is cyber security important to businesses?
- Cyber insurance
- Crime insurance
- How to protect my business from cyber attacks?
- How Eckermanns is dealing with cyber crime and security?
How does cybersecurity affect business?
How cybersecurity impacts business can vary from business to business, however, cybercrime and cyber-attacks are often incredibly sinister and almost always relate to someone suffering some kind of loss – or an attempt to have someone suffer a loss.
Cyber criminals will continue to attempt to penetrate systems for gain so it is crucial that large and small businesses maintain their vigilance and keep their clients informed of how to protect themselves. These attacks are becoming very sophisticated and while in the past, these criminal attempts were relatively easy to spot, that is no longer the case.
Why is cyber security important to businesses?
Cyber criminals can and do breach email accounts as part of their cyber attack efforts. This means doing things like ensuring your passwords are secure and that you change them regularly, protecting your accounts with multi-factor authentication and using appropriate software to give even more protection, such as password managers.
The most common breaches start with phishing – where recipients are encouraged to click on links that take them to scam sites, which can then lead to significant data breaches.
A data breach usually refers to systems or records that have been made available to parties outside of the one where the data was stored. If something like this should happen to your business it’s imperative that you seek advice immediately to ensure that you’re covered when it comes to your duty of disclosure. While we hear and read regularly about data breaches, they’re not always related to cybercrime. However, seeking the appropriate legal advice will still be one of the first steps you take.
How to protect your business
Whilst you may not be able to prevent all forms of cyber attacks, by investing in the right insurance you may be able to minimise the damage done to your business.
The best forms of insurance when dealing with cyber attacks are:
Cyber insurance protects individuals and businesses from costs associated with data security breach and/or privacy breach. Policies typically cover the following:
- Incident response and investigation costs, supported by a 24/7/365 multilingual incident reporting hotline and on-demand vendors
- Business interruption loss due to a network security failure or attack, human errors, or programming errors
- Data loss and restoration including decontamination and recovery
- Crisis communications and reputational mitigation expenses
- Liability arising from failure to maintain confidentiality of data and/or unauthorised use
- Network or data extortion / blackmail (where insurable)
- Online media liability
- Regulatory investigations and fines (where insurable)
Crime insurance covers financial loss suffered due to crime. Policies typically cover the following:
- Internal Crime being fraud or dishonesty by employees stealing money, securities or property
- External Crime being third party computer crime, third party forgery, third party counterfeit
- Socially engineered loss including phishing
- Theft, physical Loss or damage
- Client loss where you are responsible for the care, custody and control of clients’ intellectual property, money, securities or physical property and such has been lost
- Fees, costs and expenses including auditor fees, investigation costs, and legal fees in defence of demands or claims resulting from a loss
- Costs to restore computers
It is important to note that socially engineered theft may be included in some cyber insurance policies, but separate crime insurance cover is becoming a more common way to ensure you are adequately protected.
How to protect my business from cyber attacks: 3 tips
Depending on the type of services being provided by your business, there may be cover available under a professional indemnity policy if the business is responsible for storing client data or client funds (e.g. via a trust account). An example could be a bank where their service is to store client data and client funds and loss of either could be viewed as a breach of the bank’s professional duty.
1. Consider getting insurance
If you have a business that has potential to be targeted (and that’s pretty much any business) we would recommend speaking to your insurance broker. If you do not currently have a broker, you might like to contact Will Laundy at Pillar Brokerage
2. Take preventative IT measures
We would also recommend you partner with a trusted IT provider and take as many preventative steps as possible including:
- Implement ASD Essential 8 Controls, including:
- Two (multi) factor authentication
- System and file backups, including offsite backups
- Patching applications and operating systems
- Implement a firewall for corporate environment
- Antivirus solutions
- Force complex passwords, consider using a password manager
- Reviewing best practice setup of cloud security for your online systems such as ERP, Office 365, accounting, and email systems
3. Always be aware
Be vigilant – the loss can be enormous and it is far better to be safe than sorry.