Security hackers pose a serious threat to your business!

They are highly intelligent, motivated and determined (mostly professional or state-sponsored hackers) and if you happen to be in their crosshairs, it is just a matter of time before they pull their trigger to launch cyberattacks to disrupt or cripple your operations.

High profile corporations like Yahoo, eBay, Marriott International, Uber, Equifax and J P Morgan falling prey to cyberattacks by hackers. Even our SingHealth was not spared.

 

The threat of cyberattacks is real and palpable. Make no mistake about it! 

According to the Singapore Cyber Landscape 2019 report by the Cyber Security Agency of Singapore, 47,500 phishing URLs with a Singapore-link were detected. Website defacement accounted for 873 cases. There were 35 reported ransomware cases. 530 command and control servers were observed in Singapore and 2,300 botnet drones (compromised computers infected with malicious programs) were observed daily.

On the cybercrime scene, 9,430 cases were reported in 2019, an increase of 51.7 % from 6,215 cases in 2018. This represents more than one quarter of all crimes in Singapore last year.

Cyberattacks - How SMEs can mitigate their risk

Cyberattacks – How SMEs can mitigate their risk

 

With data breaches occurring daily, small and medium enterprises (SMEs) bear the brunt of being hit more frequently than large corporations.

Why this vulnerability?

Many SMEs are unaware of the high risks of data breaches in their operations believing that hackers only target large companies with high revenues. They don’t think cyberattacks will happen to them. However, the reality is it is a question of “when” it will happen.

For example, these hackers may install dangerous malware into your computer systems to steal, alter or destroy information. They may steal valuable customer data, resulting in a personal data protection breach.

It can be confidential documents and trade secrets that are stolen with ransom demand to withhold their release.

It can even be a devastating denial of service attack where hackers direct massive volumes of traffic through your networks to overload and crash them resulting in business interruption losses.

 

The first line of defence

Whatever the case, SMEs need to defend themselves from cyberattacks with a security plan which should include the following measures:

  1. Backup Data. Backup data frequently with the backups stored offsite and not connected to the SME’s network.
  2. Staff Training. Ensure all staff have frequent cybersecurity training so that they are aware of the potential risks.
  3. Firewall & Anti-virus Protection. Use operating systems with embedded firewalls and anti-virus protection software (such as Windows or MAC OS X) or run separate commercially licensed firewall or anti-virus protection software.
  4. Never Pay Ransom. It is not always wise to pay a ransom as you are not able to determine where the money will go to (i.e. terrorism financing) or whether the hacker will repeat the attack.
  5. Mobile Device Encryption. Protect your data with encryption including mobile phones, laptops and other portable devices.
  6. Credit Card Storing. Do not store credit card details on websites. Do not keep them saved on notes or documents on computer system.
  7. Password Protection. Keep passwords strong and secured and set up two factor authorization (2FA).
  8. Third Party Vendor Agreement. If you receive any requests to alter supplier and customer details including bank account details, verify independently with a known contact for authenticity.
  9. Two Person Sign-off. Ensure that at least two members of staff authorize any transfer of funds, signing of cheques and the issuance of instructions for the disbursement of assets, funds or investments.
  10. Incident Response Plan. Have a well-planned approach to addressing and managing a cyberattack to help respond to and recover from network security incident.

 

AND now the second line of defence against cyberattacks.

Transfer your cyber risk to Insurers! Yes, that’s right. INSURANCE. There is a compelling need for it!

Despite all the necessary security safeguards put in place, a significant data breach or business disruption from cyberattacks may still strike you. To protect yourself against your financial risks of loss, purchase a cyber liability insurance policy.

 

What are these financial risks that should worry you?

These are typically expenses and losses that you incur that will strain your resources and liquidity and hit your profit and loss account. They are:

– Legal expenses, fines and penalties due to regulatory investigation

– IT forensics investigation

– Negotiation and payment of ransom demand

– Data restoration

– Loss of profits from network interruption

– Crisis and reputation management

– Customer notification

– Credit monitoring and identity monitoring

 

What are some of the fundamental questions that you need to ask yourself before you decide to buy insurance?

You need to ask:

– Is the policy limit adequate for our needs?

– Are the coverage terms broad or restrictive with unacceptable exclusions?

– Is the premium pricing competitive?

– Do we know the security rating of the Insurer?

– How much do we know about the Insurer and its claims settlement philosophy?

– What value-added service can the Insurer offer by way of risk management advice?

We can help you clear your mind with our in-depth insurance knowledge and experience and customize a policy to your requirements that will provide you a safety net for sustained business continuity should a serious cyber event hit you.

To find out more, drop us an email at acorn.contact@acornint.com and we will be happy to have a conversation with you.