CERT NZ reported 7,809 cybersecurity incidences in 2020, a 65% increase from 2019. These incidences resulted in a financial loss totalling $16.9 mil*.
The topic of cybersecurity is constantly present in the media, but from our conversations with clients regarding their own security, it can seem too daunting and sometimes easier to ignore. Having cyber liability insurance is definitely the ambulance at the bottom of the cliff and an essential tool in your cybersecurity artillery, but also having a cyber policy in place could reduce your insurance premium, and most importantly, reduce your chances of a cyber incident dramatically affecting your bottom line.
At GSI we engage I.T expert Mark Barrett-Hamilton from I.T.Star to advise us on our own cybersecurity. These are some of the ways Mark mitigates our cyber risks and what they mean:
User Security Awareness Training
Users are always the weakest link- they will be the ones to click on the link, transfer money, download an attachment, share their password, and so on. Regular training makes users aware of how they can be the best cyber-secure employee. We do weekly compulsory training on this with the GSI team.
Firewall
This protects monitors incoming and outgoing traffic and decides whether to allow or block it. Firewalls require regular monitoring and alerting for any changes, as well as regular updates to ensure all security vulnerabilities are covered.
Anti-Virus: a cloud-based system
Having a cloud-based anti-virus system means we can ensure that all devices are always up to date with updates and definitions (files categorised as malware or dangerous IPs and URLs). With staff based across 3 different offices, this is essential to stay up to date.
DNS Protection
This puts an extra layer of protection between users and the internet where any outbound traffic is monitored to ensure it is not going to a known malicious site. This is stopped before the user can do any harm.
Patching
Exactly how it sounds, patching is mending or repairing exposed flaws in programs or operating systems.
a. Operating system- updates are scheduled for installation through the cloud soon after they are released and set as being required for each device.
b. Standard apps are monitored and automatically updated should the vendor release a new updated version.
Dark Web Monitoring
This is to ensure any references to the business do not appear on the Dark Web- a sure sign that you have been hacked or are about to be hacked.
Backups
In case the worst happens we need to be able to recover every bit of the business. These need to be done and checked regularly. We get confirmation of successful backups daily.
As well as engaging Mark and the I.T.Star team, as a team we have open discussions around security and risks, require employees to use two-factor authentication (which you can read about at CERT NZ), make sure the data we gather from our clients is in line with The Privacy Act 2020** (and only essential for our operations), and have a plan in place in case we do experience a cyber incident. Having a professional team alongside our own cybersecurity policy as well as cyber liability insurance is the best way to minimise the likelihood and potential impact of cyber risks.
Our advice is:
-Read up on cybersecurity at CERT NZ (you can also view current threats and advice on what to do if they affect you under 'Alerts')
-Engage an I.T Security expert to assess your potential risks and advise you on how best to mitigate them
-Talk to your insurance broker (or one of the GSI team) about cyber liability insurance and how it can protect your business. You can read more about cyber cover here.