Cyber security is vital when working from home

Cybersecurity

In the wake of the pandemic outbreak, cyber insurance Emergence has released some details on how to manage cybersecurity for people working at home

On 11 March 2020, the World Health Organisation declared the outbreak of COVID-19 a pandemic, and the emergency has continued to escalate.

Businesses around Australia are seeking ways to protect their staff from COVID-19.

Working from home

Instructing staff to work remotely may be one way of minimising the spread of the virus. However, remote work arrangements can have security implications and cybercriminals may attempt to take advantage of that. We are already seeing COVID-19 scams being transmitted via text messages.

See Emergence’s LinkedIn for more information.

The cyber risks of flexible work arrangements could include malware infection, unauthorised access, data security, and insecure devices used by staff.

It’s important that businesses and their staff ensure remote access to business networks is secure, so they aren’t vulnerable and business information isn’t exposed.

How do I stay safe?

Ensuring good cyber security measures now is the best way to address the cyber threat.

Consider implementing these proactive strategies:

•    Review your business continuity plans and procedures
•    Ensure your systems, including virtual private networks and firewalls, are up to date with the most recent security patches
•    Implement multi-factor authentication for remote access systems and resources (including cloud services)
•    Ensure your staff and stakeholders are informed and educated in safe cyber security practices, such as identifying socially engineered emails and messages
•    Ensure your data is backed up daily and automatically
•    Increase your cyber security measures in anticipation of the higher demand on remote access technologies by your staff, and test them ahead of time
•    If you use a remote desktop solution, ensure it is secure
•    Ensure staff working from home have physical security measures in place. That minimises the risk of information being accessed, used, modified or removed from the premises without authorisation
•    Ensure your work devices, such as laptops and mobile phones, are secure
•    Ensure you are protected against Denial of Service threats.

Need more help?

The Australian Signals Directorate’s Australian Cyber Security Centre has produced some excellent advice to help businesses stay secure from cyber threats while managing remote workforces. Click here for more information or go to:
www.cyber.gov.au/news/cyber-security-essential-when-preparing-covid-19.

Coverage under Emergence’s cyber policy 

The Emergence cyber policy was designed with working remotely in mind. The policy covers IT infrastructure owned, leased, rented or licensed (for example, cloud or SaaS solutions) by the insured and used in conducting the insured’s business.

That means if a cyber event emanates from a computer or laptop or other device being used by the insured’s employees at home, the policy will respond to cover the cyber event for response costs, loss of profits and any potential litigation that may arise.

 

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

 

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on the inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

5 Cyber Security Tips For Aussie Businesses

cyber attacks

In recognition of National Cyber Security Awareness Week Cyber Insurer Dual wanted to provide 5 quick cybersecurity tips for Aussie businesses:

Back up Data

– Back up data frequently with the back-up stored off the business’s premises and not connected to the insured’s network.

Firewall & Anti Virus Protection

– Use operating systems with embedded firewalls and anti-virus protection software (such as Windows or MAC OS X), or run separate commercially licensed firewall or anti-virus protection software.

 

Never pay ransom

– It’s not always wise to pay a ransom as you are not able to determine where the money will go (i.e funding terrorism without knowing) or if the hacker will repeat this attack.

Third Party Vendor Management

– Any requests to alter supplier and customer details including bank account details, independently verified with a known contact for authenticity.

Incident Response plan

– Have a well-planned approach to addressing and managing a cyber attack to help respond to, and recover from network security incident.

 

Source: Dual Insurance

Compare Cyber Insurance

Cyber Insurance Comparison

 

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

 

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on the inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

Cyber Criminals Using Social Engineering to Defraud Businesses

Social Engineering to Defraud Businesses

Social Engineering to Defraud Businesses

New research from US-based cybersecurity company FireEye, which analysed 1.3 billion phishing emails in Q1 2019, has found three big emerging trends.

Cybercriminals are increasingly using impersonation in phishing attacks, with the rate up 17% from Q4 2018, primarily by imitating well-known brands. Microsoft spoofs accounted for almost a third of the Q1 attacks, plus OneDrive, PayPal, Apple, and Amazon were impersonated. Cyber crims also impersonate CEOs and other senior corporate officers to request changes to bank account information.

A second trend is using HTTPS (hypertext transfer protocol secure) for malicious phishing sites, which jumped 26% in Q1 2019. HTTPS can give a false sense of security because there’s a misconception the protocol is only identified with legitimate, safe sites.

A third trend is hosting malicious files on trusted, cloud-based, file-sharing sites, such as Dropbox, Google Drive, and OneDrive. That means links don’t look suspicious and can get through email filters.

Gerry Power, National Head of Sales at award-winning Emergence Insurance, says social engineering advice is one of the most frequent requests from brokers seeking information for their clients.

 

Cyber Criminals Using Social Engineering to Defraud Businesses

Socially engineered theft or ‘hacking the human’ is a trending exposure in Australia and globally today. Most breaches are caused by employees opening phishing emails that have already made it through existing technology defenses.

It can take hundreds of days to find out you’ve been compromised. Clicking on one phishing email can enable a criminal to infiltrate a company’s system, escalate their access and privileges, and steal the company’s crown jewels, clean out the bank accounts, or develop fake invoices.

Gerry says many people think they’re adept at spotting scams, but the task is getting harder as cybercriminals broaden their reach and methodologies.

Organisations need better training and education and heightened awareness to get a step ahead. They also need insurance as a last line of defence.

Emergence’s Criminal Financial Loss cover option has been designed to provide cyber insurance protection for financial loss, be it cash, accounts receivable or securities associated with a company’s business being hacked or a social engineering attack causing direct financial loss from an electronic funds transfer to an unintended third party.

A cyber insurance policy is part of every successful business’s risk management framework, but it’s not the first line of defence against Social Engineering to Defraud Businesses.

Cyber insurance is designed to protect a business when its IT security, policies and procedures fail to stop an attack. But no amount of risk management can get you out of the sights of a determined cyber attacker.

FireEye’s report says threat actors are “doing their homework” and developing new variants of impersonation attacks that target new contacts and departments within organisations.

 

 

Source: Emergence

 

Compare Cyber Insurance

Cyber Insurance Comparison

 

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

 

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on the inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

 

Cyber criminals are getting smarter at using social engineering to defraud businesses

Latest Trends in Cybersecurity

Cybersecurity

Trends in Cybersecurity

The release of the latest Cisco security report shows that the cost of data breaches amounted to more than 20% of revenue on top of a substantial loss of customers and opportunities for more than a third of the organisations breached in 2016.

Some of the report’s major findings included

  • Ransomware is dominating the malware market although it is not a new threat it has evolved to become the most profitable malware type
  • Adobe Flash vulnerabilities continue to pose a prominent threat
  • There is a false sense of security about secure connections

Recommendations from Cisco researchers include:

  • Instituting and testing an incident response plan that will enable a swift return to normal business operations following a ransomware attack
  • Not blindly trusting HTTPS connections and SSL certificates
  • Moving quickly to patch published vulnerabilities in software and systems, including routers and switches that are the components of critical Internet infrastructure
  • Educating users about the threat of malicious browser infections
  • Understanding what actionable threat intelligence really is

Full Cybersecurity Report Click Here

Need Cyber Insurance?

Compare Cyber Insurance

1300-Insure

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on the inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

Could a cyber risks cause disruptions to critical business infrastructure

Cyber Risks

Cyber Risks to critical business infrastructure

When a scheduled flight of a wide-body airliner is cancelled it can cost the airline up to $43,000. So you can imagine what kind of day executives at LOT, the Polish national airline, were having last year when 20 flights were cancelled after computers that issue its flight plans were breached.

“The aviation industry’s growing reliance on data networks, and onboard computer and navigation networks, is rendering it increasingly vulnerable to cyber risks,” says Erlend Munthe-Kaas of Bloomberg Intelligence. “Airlines rely on computers for almost every aspect of operations. As a result, cyber incidents can have devastating consequences, including business interruption and loss of reputation.”

“There’s beginning to be a shift beginning to educate businesses to see the wider, deeper cyber risks picture that in many cases has gone unacknowledged.”

Think of it as cyber creep. The risks aren’t just about protecting your customer’s data, although that remains important. They are insinuating themselves into every nook of your business, creating the possibility of mass disruption to operations and critical infrastructure. As the world becomes more connected, and businesses rely more on machine-to-machine communication and automated manufacturing, the cyber risks pile up. One day, production might grind to a halt. Critical transactions might not take place. Shipments could be steered to incorrect destinations. Planes might not take off.

Continue reading Could a cyber risks cause disruptions to critical business infrastructure