We touched on this topic in our previous article; sadly cyber attacks are on the rise and therefore should not be ignored, whatever size your business is.
First of all, what exactly are cyber attacks? Here’s a definition:
‘An attack via cyberspace, targeting an enterprise’s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure: or destroying the integrity of the data or stealing controlled information.’
Some of the most common attacks are:
- Denial of service attack – where systems are so overwhelmed they experience complete shut down.
- Phishing – so called ‘whale phishing’ for instances when management are affected, or ‘spear phishing’ for an attack on an individual.
- MITM attack – where an attacker eavesdrops on the data sent back and forth between two people, networks or computers.
- Ransomware – where a victim’s system is held hostage until they agree to pay a ransom to the attacker. After the payment has been sent, the attacker then provides instructions for the victim to regain control of their systems.
The government reports that 39% of businesses have suffered an attack in the past year. The average cost for a small business is £4,200 and medium and larger businesses £19,400. The threat has increased as a result of Covid-19, with the sharp increase in online usage and security teams finding it hard to keep up with the necessary security systems.
So, what are you doing about cyber security for your photography business?
Gone are the days that we could rely on a decent firewall alone for protection. It’s vital for businesses to obtain cyber insurance, but to even be considered for cover (indeed it is more common to be declined cyber insurance than offered it) there are a range of measures you must have in place – and those measures must be in proportion to the size of your business. The key takeaway being that if a business doesn’t take cyber security seriously, they are much more vulnerable to a cyber attack.
These five measures will put you in a strong position against potential attacks:
1. Employee Awareness Training
This is absolutely crucial. Your biggest vulnerability is the people involved in your business – cyber criminals take advantage of that. Employees must be aware of how cyber criminals penetrate systems.
Training programmes help increase employees’ security awareness. We must all be informed about topics such as;
- Identifying potential phishing emails
- Which links are safe to click
- Which programmes and files are safe to download
- What makes programmes and applications vulnerable
Most cyber claims are the result of an employee making a simple and easily avoidable mistake. Training is critical. There are some great resources out there, including government lead initiatives, such as those offered by the National Cyber Security Centre.
2. Back ups
Good old fashioned backing up. Your business is reliant on its information and data. A cyber loss or attack would be catastrophic for most small businesses if the data were to be destroyed or completely irrecoverable. As such, data back ups are still very much deemed essential by cyber insurance experts.
Insurers what to know:
- How you backup: the process in detail and types of backups
- Technology used
- Frequency of backups
- On and offline storage methods used
- How often you test the backups and how you protect your backups
3. Endpoint Protection Software & Anti Virus
All insurers now expect some form of protection for the individual devices (endpoints) being used. Endpoint Protection Software should be installed on individual computers, which uses behavioural and signature based analysis to identify and stop malware infections.
4. Multi-factor authentication (MFA)
You might have used MFA for personal banking, it involves the user authenticating themselves through two different means when remotely logging into a computer system or email account. Usually your password and a passcode generated by a physical token device, software or sent as a text message.
MFA should be in place to access all systems where possible, or at the very least in place to access emails – which for most businesses are a lifeline.
If you have a server and shared infrastructure, then you must have a good quality firewall. A firewall is a simple hardware solution used to control and monitor network traffic.
We hope this is useful information. Goodluck with managing your cyber insurance. Williamson Carson are experts in insurance and passionate about supporting the creative industries. Contact us now if you’d like discuss securing cyber insurance for your business.