Once upon a time, protecting your businesses computer systems simply meant installing virus protecting software.
Well, as shown by the world-wide events of the past week, those days are long gone.
Late last week, a worldwide hack resulted in the computer systems of government agencies and businesses being infiltrated in more than 49 countries – including Australia. Affected organisations ranged from the UK Department of Health down to corporations and small, family-owned businesses.
The hack resulted in software being uploaded onto the affected computer systems that prevented access to critical operational data unless a ransom was paid to the hacker.
Referred to as a Ransomware attack, incidences of these types of ‘hacks’ are growing fast and creating a genuine commercial risk for businesses around the world.
With many of these attacks being advanced by organised crime syndicates, they are becoming increasingly sophisticated and have the capacity to threaten mid-cap businesses to the point of forcing their financial collapse unless a ransom is paid.
“Given the large sums of money transferred between businesses in our industry, we are unfortunately one of the target industries for ransomware attacks”, said ACAPMA CEO Mark McKenzie.
“We are aware of numerous fuel businesses in Australia that have been the victims of these attacks in the past 18 months, with the majority occurring over the Christmas/New Year break when a halt to business does the most damage to sales revenues”, said Mark.
“In short, cybersecurity needs as much attention of the business owner as traditionally paid to physical security of business assets”, Mark continued.
We are now living in a world of virtual thieves – not just physical thieves.
The good news is that there are practical steps that businesses can take to minimise the risk of a cyberthreats such as ransomware attacks. These steps include:
- Ensuring that software upgrades are regularly completed. The genuine manufacturers of business software are continually improving their systems to prevent the risk of hackers. These improvements are typically the reason why software updates are issued and it is important that they are regularly completed for all computers in the business.
- Train staff in email procedures. Many threats are ‘invited’ into the business because of poor email discipline where a staff member opens an email from a source that is not known – or masking as a business employee. These messages can be readily detected by simply checking the email address before opening the email and quarantining any emails from people that are not known or look a little strange.
- Daily back-up of business critical data. With most businesses using the cloud to store data, it is now easier for hackers to access and block this data as shown by the events of the past week. A good practice is to install a data back-up system in the business (i.e. remote hard drive) that backs up business critical data on a nightly basis. Sure, this is a little inconvenient, but back-up systems are increasingly sophisticated and relatively inexpensive – particularly when compared with the costs of a ransomware attack.
- Ensure all staff have robust passwords. Weak passwords dramatically increase the vulnerability of business systems. Using family names or birth dates is a ‘no no’. It is important that passwords are made as robust as possible by using a combination of letters, numbers and symbols.
“It is not possible to make your business 100% safe, but there are several steps that all business owners must take to reduce the risk of their IT systems being compromised”, said Mark.
Further information about what can be done to protect your business can be found in the Australian Government information booklet called “Protect your business in 5 minutes” (https://www.staysmartonline.gov.au/sites/g/files/net1731/f/Stay-Smart-Online-Small-Business-Guide.pdf). The booklet is a must read for all business owners and senior managers.
If you need advice on your company’s cyber exposures, including your obligations as a business owner and exploring business insurance options, contact AJG’s Fuel and Convenience Stores team on firstname.lastname@example.org or visit www.ajg.com.au/acapma or for an understanding of your legal obligations, contact HWL Ebsworth on 03 8644 3500.