On 17 June 2021, the Government passed the Your Future, Your Super (YFYS) legislation which introduced three major reforms:
Plumbing businesses rely on technology. It brings great efficiencies and opportunities, unfortunately, it also brings new risks. Cyber risks happen when people harness the way you use technology. Critical business assets such as emails and bank accounts are potential exposure points for malicious parties to exploit.
It is commonly thought that only large organisations are vulnerable to cyber risk. However, with 97% of Australian businesses having less than 20 staff1, small and medium businesses (SMBs) are a significant pool of potential victims for criminals to target. SMBs are often perceived as ‘low-hanging fruit’ and often do not have the time, funds or expertise dedicated to protecting their networks and digital assets.
A recent small business survey conducted by the Australian Cyber Security Centre2 found that:
- 62% of respondents had been victims of a cyber attack
- The estimated total annual losses from cybercrime are $300 million
- A cybercrime is reported every 10 minutes
So what are the common methods used by threat actors to target SMBs?
Social Engineering Fraud refers to techniques used by fraudsters to manipulate victims into surrendering funds or confidential information. These techniques have become increasingly sophisticated and difficult to detect. For example, cyber-criminals can intercept communication lines, such as email, awaiting the opportunity to issue a fraudulent payment request.
Ransomware is malicious software that disables access to a computer system unless a ransom is paid. It typically infiltrates systems through malicious attachments or links in phishing emails, and can include data exfiltration (where sensitive data is taken and the threat to expose it is made). Marsh data shows that the downtime from ransomware events averages 16 days, with the average extortion demand over USD170,000. According to a leading cyber insurer, SMBs often feel they must pay the ransoms, as the alternative is a potentially long period of crippling business downtime3. For plumbers, ransomware can have devastating consequences. Future booked work, confidential customer data, and more could be impacted, leading to significant financial, reputational and regulatory implications.
How can I protect my business?
- Implement multi-factor authentication. This provides an extra layer of security to verify the person’s identity trying to access an account.
- Whenever a change of supplier bank detail request is received, verify this request with a phone call or face-to-face meeting.
- Frequently train employees on the importance of cyber security, and outline common threats to be aware of.
- Regularly upgrade and patch applications to mitigate against known software vulnerabilities.
Risk transfer via insurance
The complexity of remediating IT systems and normal business operations following a cyber-breach is becoming increasingly damaging and expensive.
Cyber insurance policies often provide cost-effective protection and a range of resources and services to help you respond and recover losses from cyber events.
Marsh works with leading cyber insurers to create competitive insurance products. Often these go beyond just the insurance protection itself but also include risk management services to assist SMBs in creating a holistic cyber risk management solution.
For more information, contact your dedicated team at [email protected] or call 1300 300 511.
1 Australian Small Business Statistical Report
Marsh Advantage Insurance Pty Ltd (ABN 31 081 358 303, AFSL 238 369) (Marsh) arrange this insurance and are not an insurer. This advertisement contains general information, does not take into account your individual objectives, financial situation or needs and may not suit your personal circumstances. For full details of the terms, conditions and limitations of the covers and before making any decision about whether to acquire the product, refer to the specific policy wordings available from Marsh. The Master Plumbers and Mechanical Services Association of Australia receives a financial benefit when an insurance policy is arranged by Marsh for one of its members. LCPA No. 21/215