Cybercrime is becoming an ever-more real threat for SMEs. What risks do you face and can you get cyber-insurance? We take a look…
As the digital sphere integrates more into our lives and businesses, there are cyber-risks that come with it.
This is especially true for businesses, which now not only face the threat of criminals in the area, but also criminals on the web.
Cybercrime is consistently on the rise, with ransomware becoming particularly prevalent.
Cyber-risks for businesses: Ransomware
While you may think that cybercriminals would focus on big companies, smaller businesses are actually an easier target.
This is especially true when it comes to ransomware – a type of malicious software (malware) which encrypts your files. Hackers hold these files ransom – only granting you the encryption key if you pay them.
These hackers often ask for Bitcoin, with some asking for as much as one Bitcoin. This doesn’t sound like much – until you realise that one Bitcoin is worth more than R35 000.
Small businesses are a prime target – not only do they have more money than the everyday individual, but often their networks and servers aren’t as protected as large businesses’.
Furthermore, files are much more important for businesses than individuals. This is because they hold valuable information and records needed by owners. This compels them to pay up to decrypt their files.
Malware is often loaded on to your network through employees – often, unwittingly. If your employee downloads an infected email attachment, for example, the ransomware can make it on to your system.
There are antivirus solutions from companies like Kaspersky. But ransomware and anti-ransomware software are essentially in an arms race. Once antivirus companies find a solution, hackers find a workaround or develop more advanced ransomware – and the cycle continues.
Cyber-attacks on businesses
Ransomware is not the only way that cybercriminals can attack a company. If the goal is to impact the company’s business by taking down services, hackers use other strategies.
For websites and online services especially, Distributed Denial of Service (DDoS) attacks are particularly common.
This is when your server becomes overloaded with traffic or requests from hackers – meaning your actual customers cannot access your services. Your online resources are essentially overwhelmed, meaning that your services can’t be used.
Since hundreds to thousands of devices are used during a DDoS attack, it’s not as simple as blocking one user.
Even large companies and government websites are impacted by these attacks. This often happens when they get on the wrong side of hacktivist groups like Anonymous.
Depending on how long the attack lasts, this can cost you valuable income. For example, if you provide online shopping or online booking, a DDoS attack can cost you thousands by preventing customers from buying from you.
There are other ways hackers can affect your website – sometimes by fully taking control of it. They will usually ‘vandalise’ your website, post on your behalf on your social media accounts and sometimes delete all your data.
Cyber-insurance: A solution?
Since cybercrime is becoming an increasing threat to businesses, there are insurance options available.
These policies usually go under the name “cyber liability cover”. There are various forms of cyber-insurance, however.
Depending on the cyber-insurance policy provider, these plans cover businesses for cyberattacks and cyber-extortion. This includes helping with the loss of income and the increase in operating expenses due to a cyber-incident.
“We should also be mindful of the impact from the loss of corporate data and information such as intellectual property and proprietary information, which in the hands of a competitor or even an extortionist can severely disadvantage business,” says insurer American International Group (AIG) on their website.
While more policies are becoming available, SHA says that this aspect of SME insurance is often overlooked locally. The insurers, however, emphasise that it can be vital for some businesses.
“An SME may not be able to afford a messy legal battle following a breach or two weeks of downtime following a hack attack,” says Candice Sutherland, business development consultant at SHA.
Some cyber-insurance plans also provide PR support to help a company’s reputation after a cybersecurity breach.
If you are interested in getting this type of insurance, make sure that the policy covers you against the various risks your company faces in terms of cyber-breaches.
If you would like to take preventative measures to reduce the risk of a cyberattack, there are a few precautions you could implement.
- Training your staff in cybersecurity awareness so that they don’t download malware. You can also teach them to not be tricked by phishing scams.
- Backup all your information and records regularly on a machine that is not connected to the rest of your network. This will mean you have your files safe and secure on another hard drive in the event of a ransomware infection.
- Implement up to date and strong firewalls to prevent unauthorised access.
- Make sure that there is adequate antivirus protection that can cope with the latest threats.