Four simple steps can dramatically increase organisations’ cyber attack resilience.
Braxton Bragg, Principal Security Consultant at Gridware Cybersecurity, told an Emergence Insurance webinar for brokers and clients that the four pathways are:
- Implement multi-factor authentication (MFA) across all applications
- Check backups and institute backup restoration testing procedures
- Implement password policies and software-based password management solutions
- Conduct or outsource organisation-wide security audits.
Braxton says MFA, which uses tokens or additional codes to enable at least two authentication processes after a username was input, can prevent most threat actors from gaining access to systems.
Backups are ineffective unless they are checked often and restoration procedures tested. Don’t wait to find out the backup can’t restore when it’s too late. Backups are essential to avoid ransomware demands.
Braxton suggests using passphrases of up to 30 characters, for example song lyrics, to enhance security. Audits provide an overview of systems’ security structures and identify vulnerabilities.
Organisations should keep up to date with patches, which overcome new security risks “out in the wild”, and limit the number of users with admin-level system access.
Braxton warns brokers of six potential threats they and their clients need to be aware of:
- Business email compromise, also called CEO fraud, where threat actors interject into email streams to divert funds by exploiting technological and human vulnerabilities.
- Ransomware, where threat actors take control of systems and lock data until a ransom is paid.
- Cloud security – the increase in organisations outsourcing data storage to cloud-based infrastructure has increased security risks.
- Internet of Things (IoT) risks come from a range of products, like printers, smart TVs and automated home assistants, many of which have poor security.
- Mobile devices and BYOD which connect to corporate systems may be insecure.
- The increased focus on data breach notification since the introduction of Australia’s notifiable data breach scheme.
Emergence National Head of Sales Gerry Power says cyber attacks’ potential to wreak economic havoc has been recognised by the World Economic Forum (WEF).
In WEF’s Global Risks Report 2020, cyber attacks ranked as the second greatest risk for business globally over the next decade. Gerry says the threat is high from both likelihood and impact perspectives.
He agrees cloud storage has increased dramatically and could be more cost-effective than in-house data storage, but brokers have to ensure clients’ cyber security solutions include coverage for cloud storage and all IT infrastructure businesses use.
Emergence is a pioneer of cyber cover in Australia and provides protection for SMEs through to ASX-listed entities.
Emergence was judged the 2019 Insurance Business magazine Underwriting Agency of the Year and a finalist in the same category at the 2019 ANZIIF-Asia Insurance Review awards.