In early 2021, a ransomware attack disabled the IT system of the Northern Territory’s government. It was down for three weeks.
Many business owners looked on, seeing the obvious sophistication of such an attack and wondering what this could mean for them. There is always a level of risk from fraudsters, but there are steps you can take to lower your exposure to serious damage.
It’s not only the frequency of ransomware attacks that’s increasing – ransom amounts are also getting higher and even exceeding $250,000.
The way fraudsters attack has also changed. Many used to take control of data and give it back once a ransom was paid. But now criminals are extorting their victims, threatening to leak data on the dark web if the ransom isn’t paid.
In one case, hackers had been in a business’ system for long enough to know they had cyber insurance and would be able to pay the demanded ransom.
And it’s not just large organisations that are at risk. Cyber criminals will often look to exploit smaller businesses instead, as they typically have less advanced cyber security capabilities and rely on third party providers.
How to protect against a ransomware attack
While cyber insurance can help if you run into trouble, there are also preventative measures you can take to lower risks and minimise the likelihood of an attack.
Criminals will often gain access to a business’ systems through employee error, such as clicking on a suspicious link in an email. Improved training and awareness is the key to minimising the likelihood of this happening.
At the moment, employees need to be particularly vigilant with COVID-19 themed emails. They are often made to look as though they’re coming from a government source. Emails where hackers pose as the tax office are also common around the end of the financial year.
Regular meetings where the risks are discussed and informative signage around the office helps keep cyber security front of mind for all staff members.
Another precaution to take involves how you control your data. Giving employees restricted access – so they can only see information they need – and using a two-stage login process makes data more secure.
Regularly backing up business information is a third step. Whether you outsource IT support or manage this internally, it’s essential to know how often it’s backed up. Having backups makes it far easier to get back to business after a cyber attack.
If you experience a cyber attack, before engaging in negotiations with criminals that could compromise the final outcome, contact your cyber insurance firm. For more information, or if this article has brought up any queries, please don’t hesitate to get in touch with us on 03 9809 1532.
Conditions apply for each policy and the information expected from you for a policy to trigger. Coverage may differ based on specific clauses in individual policies. Please ask your broker to explain the additional benefits and exclusions pertaining to your policy. The information provided is general advice only and does not take account of your personal circumstances or needs. Please refer to our financial services guide which contains details of our services and how we are remunerated.