Avoiding Cyber Attacks
What are the crown jewels of your practice? Where are they stored and how secure are they? Sherren Hepburn from Planned Cover takes a look at the issues around cybersecurity and offers tips on protecting your precious assets.
Human error is actually the key reason why data breaches occur. The Office of the Australian Information Commissioner’s (OAIC) first annual report on the notifiable data breaches (NDB) scheme shows it received 964 notifications for the 12-month period to 31 March 2019, a 712% increase on the previous voluntary scheme.
While malicious or criminal attacks contributed to 60% of the data breach sources, many of these incidents exploited human vulnerabilities, such as clicking on attachments to fake emails or inadvertently disclosing passwords.
The OAIC report highlighted the most common and highly effective methods by which entities were compromised during the 12-month period. These include phishing (when a target is contacted by email or text by someone posing as a legitimate institution to lure people into providing information) and spear phishing (using social engineering to impersonate a trusted senior executive contact to obtain information).
Social engineering is ‘hacking humans’ by deceiving them into paying fake invoices or handing over confidential information. While technology has changed, people have not, and therefore individuals can be psychologically manipulated because of their desire to be helpful and their attitude to authority.
‘Credential stuffing’ is a trending method of hacking that uses stolen credentials to mount large-scale automated login requests. Given that so many people reuse the same passwords across multiple devices, credential stuffing can be a successful hacking process for criminals.
Risk mitigation
Cyber specialists will implement risk mitigation processes within your practices that include: encrypting data; having multiple backups on and off site; disconnecting backups from the network once completed; having business continuity and disaster recovery plans in place which are tested often; and to consider third parties that have access to your network.
If an interconnected third party is hacked, criminals may be able to walk straight into your system. What are your corporate crown jewels? Where are they stored? How secure are they?
It is paramount that practices review their cyber processes and implement robust risk management programs to reduce the likelihood of a cyber incident.
Protecting your business
Cyber insurance is designed to protect a business when its IT security, policies and procedures fail to stop an attack.
The market leading cyber insurer – Emergence Insurance – provides a cyber policy that gives insured businesses and individuals 24/7/365 access to an Australian-based response team of experts, such as forensics investigators, public relations / crisis management consultants and privacy lawyers who understand the importance of immediately mitigating potential threats to insured businesses.
A cyber insurance policy should be part of every successful business’s risk management framework. The Emergence Insurance policy will assist with recovering from hack attacks or data breach incidents including notifying a data breach under the Notifiable Data Breaches (NDB) Scheme which every practice over $3,000,000 in revenue must comply with.
As the ACA preferred partner in the insurance sector, Planned Cover will review your insurance requirements and assist with the implementation of a risk mitigation program for your practice.
Sherren Hepburn is the National Operations Manager of Planned Cover, which is an ACA Corporate Sponsor.
Data source: definitions and statistics provided by Emergence Insurance.