The massive ransomware attack which has affected more than 200,000 people in 150 countries is a timely reminder for Australian businesses to prioritise strengthening their cyber security measures, according to Gallagher Insurance Brokers.
Last week’s WannaCry ransomware attack exploited a vulnerability in Windows computers which did not have up-to-date security patches. This allowed files to be encrypted and held to ransom, with users asked to pay $300-$1200 in the bitcoin currency to free their files.
The attack highlights how following simple steps can play an important role in limiting cyber security exposures. And although only a handful of Australian businesses were impacted, Andrew Faber of Gallagher's Parramatta branch says that there’s no room for complacency.
“Australia got off comparatively lightly from this attack, but the sheer speed by which the ransomware spread should be enough to place this issue at the front and centre of business owners across the country,” said Faber.
“This attack also highlighted the fact that any business is a target for cyber criminals – not just big business. Indeed, what this attack has also shown is how vulnerable small businesses can be to cyber-attacks, simply through not following basic security measures.”
How to minimise cyber attack risks
Faber recommends all businesses look to minimise their cyber security exposures in the following ways:
- Do not open attachments or click on links in emails from unknown senders
- Develop a cyber breach response plan, and educate all staff on what to do in the event of a breach.
- Adopt best practice information security procedures, including firewalls, regular patching, application whitelisting, virus protection, restricted admin privileges, encryption and offsite data back-up.
- Factor cyber insurance cover into their business’s insurance program.
“Cyber insurance will not stop ransomware attacks from happening, but can be invaluable in helping to recover lost costs associated with such attacks – including loss of business income brought about by the inability to trade throughout the duration of the attack," Faber added.
"As such, it should form part of every business’s holistic approach to handling cyber security threats.”