Reports about cybercrime are a daily fixture in the media. Deutsche Telekom is a recent example, whereby almost a million of their customers were left without internet access as the result of a large-scale cyberattack.
It’s not just multinationals that are being targeted by international criminal gangs. They use the latest online crime methods to target small and medium-sized businesses. These businesses often suffer substantial financial damage and major reputational damage.
You can never fully prevent cybercrime. But by being aware of the four biggest cyber risks to your company can go a long way in preventing potential disasters.
The biggest cyber threat your company currently faces is a virus attack via phishing. These large scale attacks are carried out on a daily basis by malicious organisations in Belgium and abroad.
When you are a target of phishing, you or someone at your organisation receives an email containing a harmful file, or a link to a harmful file. When you open the file or click the link, the virus is activated.
Gerrit Mets, cyber expert at Vanbreda Risk & Benefits: “The consequences of phishing can be severe. The virus can bring down a company’s entire IT system, leak data or block the system until the company pays a ransom. In each of these cases, the organisation suffers reputational damage as well as substantial financial damage. For example, the ‘clean up’ of an IT system following a cyberattack can cost a tidy sum.”
The solution: the phishing gangs are becoming increasingly inventive. The emails are written in perfect English and anti-virus software cannot always keep the most damaging of viruses at bay. It is therefore crucial to make people at your company aware of this threat. Ensuring that emails and files are only opened after checking who sent the email is a step in the right direction. For more information, visit www.safeonweb.be.
Companies are increasingly faced with the dangerous consequences of ‘unintended data leaks’.
Gerrit Mets: “This means that employees or managers unwittingly make huge amounts of data public. For example, by accidentally emailing an Excel file with personal data or placing it online. The consequences of these unintended data leaks can be severe. It not only undermines the reputation of the company but can also lead to substantial fines. The new European ‘General Data Protection Regulation’ will take effect in 2018 and will significantly increase the authority of the Privacy Commission.”
The solution: it is extremely difficult to combat this type of cyber risk. Every organisation sends dozens, hundreds or even thousands of emails every day. Also here, the main message is to increase awareness of the threat of unintended data leaks and how they are prevented.
The third type of cyber risk is having your public company website hacked. Smaller companies are particularly susceptible since they often do not have the correct security technology and procedures in place to withstand this type of cyberattack.
Gerrit Mets: “It is often political groups that hack websites in order to spread propaganda and to extract ransom money to add to their war chest. The costs of this type of attack can really add up, certainly for companies that use their website as an important sales channel. And the reputational damage is often substantial. Customers may draw the rather logical conclusion, ‘if they can’t even secure their own website, how can they keep my data safe?’.”
The solution: ensure that you have the right software and procedures in place to secure your website by engaging the services of companies that offer the right expertise.
The final way that internet criminals often attack companies, is via software that has not been updated. Gerrit Mets: “If your company uses computer software that need updating regularly, you inevitably have a higher risk of falling victim to cybercrime. If you do not update your software in time, this creates ‘vulnerabilities’ in your system that hackers can ruthlessly exploit to break into your system.”
The solution: ensure that your software is updated in time and always carry out updates as soon as the software requests it. This is certainly essential if you use systems and software that are connected to the internet. It’s just as important to keep your wireless router updated.
The tips and advice listed above can help you to increase awareness of cybercrime at your organisation and take the first steps towards developing measures against cybercrime. However, even the best measures cannot fully prevent the serious and often underestimated consequences of a cyberattack. As risk consultants, we therefore recommend that you take out a cyber insurance policy because this is the best insurance currently available against the harmful consequences of cyberattacks. This policy can also protect you against the harmful effects of human error or software failure, unauthorised access and unexpected events that have an impact on your computer system (e.g. power cuts or reduced voltage).