The three Rs to protect your company against cyber attack

Date
Author:
Debbie Street, Director – Operations and Marketing, International Underwriting Agencies

International Underwriting AgenciesThe last thing any business needs or wants is to be the victim of a cyber attack.  The time, resource and cost of responding to an attack can be considerable. Without the correct protection in place, these costs will come straight off a business bottom line.

As a Connect Smart Silver partner, International Underwriting Agencies recognise cyber-criminal activity is evolving and changing, and it is important for businesses to be aware of risks and exposure. We recommend businesses use the practical approach of the “three Rs” – Risk Avoidance, Risk Limitation and Risk Transfer.

If businesses follow the “three Rs” - Risk Avoidance, Risk Limitation and Risk Transfer they should be able to reduce the impact on their business. There are numerous resources available for businesses and Connect Smart has an [SME Toolkit https://www.connectsmart.govt.nz/assets/SME-Toolkit/Connect-Smart-for-Business-SME-Toolkit.pdf] which is an excellent Risk Management starting point.  Larger businesses may also wish to consider employing an outside consultant to carry out “penetration” testing which will assist businesses to identify and “plug” vulnerabilities in their networks and systems. 

Once basic risk management is implemented, businesses can then look to limit their exposure by taking some action.  An example of risk limitation would be a company accepting that a disk drive may fail or their system may be hacked and having a robust backup system in place to avoid a long period of outage/failure. Any backup should also be protected, such as through using a strong password. Backups should also be regularly tested to ensure they have not been corrupted or damaged and you are actually backing up what you think you are backing up.

Risk Transfer is the final stage and involves passing the balance of a business risk exposure to a willing third party i.e. look at taking out a Cyber Insurance Policy.

According to PwC’s Global State of Information Security Survey 2016, released October 2015, 25% of New Zealand organisations with cyber insurance made a claim in the past year, compared with 50% globally.  Given Cyber Insurance Policies have only been available in the NZ Insurance Market for a couple of years it is likely that New Zealand will likely catch up with the Global trend.

About 42% of respondents that experienced a security incident in the past year say the source was a current employee – higher than the global figure of 34%.  If you haven’t done so already, it would be wise to develop and implement a Cyber Security Policy for your business and ensure employees understand at least the basics i.e. Mobiles should not be shared and must be pin or password protected.  Your Cyber Security policy should be a “living” document and regularly reviewed.

In summary, as a business owner you ideally want to avoid the risk in the first place, but if that doesn’t work then you need to limit the impact on your business and transfer your financial exposure.

Hack attacks on businesses are growing at an alarming rate.  It’s not a matter of “if” but when.  Procrastination is not an option – act now before you become yet another statistic.