Cyber, General
Businesses need to understand the importance of being cyber safe. Cyber criminals are exploiting the global focus on COVID-19 and the new normal of working from home, to infiltrate networks and extort money.
In the World Economic Forum’s (WEF’s) Global Risks Report 2020, cyber-attacks ranked asthe second greatest risk for business globally over the next decade. During a meeting of the United Nations (UN) Security Council in May 2020, the disarmament chief of the UN reported a 600% rise in malicious emails during COVID-19.
And in Australia too, the Australian Cyber Security Centre (ACSC) warned of a significant increase in attacks on businesses with COVID-19 themed email ‘phishing’ attacks.
Cybercrime costs Australian businesses $29b each year
Abigail Bradshaw of the ACSC said that “Small businesses can be big targets for cyber criminals”. Attacks often involve cleverly disguised emails which make unsuspecting business owners and employees open malicious files. These scams and other cyber activity have cost Australian businesses an estimated $29 billion each year. One reason small to medium sized businesses are under great threat is because they do not have the sophisticated security systems and IT departments of bigger operations.
The Privacy Act requires businesses to take “reasonable steps to protect the sensitive and personal information they hold from misuse, interference and loss, as well as unauthorised access, modification or disclosure” (APP 11.1). The consequences of not doing so can be significant.
Scammers use a variety of approaches, from setting up fake online stores selling protective gear like face masks etc and stealing the victims credit card details to taking control of a victim’s computer system and locking data until a ransom is paid. This type of extorsion is becoming more targeted and costly and recovery times can be long.
Five potential threats businesses need to be aware of:
- Business email compromise, also called CEO fraud, where threat actors interject into email streams to divert funds by exploiting technological and human vulnerabilities.
- Ransomware, where threat actors take control of systems and lock data until a ransom is paid.
- Cloud security – the increase in organisations outsourcing data storage to cloud-based infrastructure has increased security risks.
- Internet of Things (IoT) risks come from a range of products, like printers, smart TVs, and automated home assistants, many of which have poor security.
- Mobile devices and Bring Your Own Device (BYOD) which connect to corporate systems may be insecure.
Six things businesses can do to help them stay cyber safe:
- Awareness: Promote a ‘stop and think before you click’ message amongst their staff.
- Passphrases: Ensure that they and their staff use Passphrases rather than passwords e.g. lyrics to a song. They should at least 12 characters long and include upper and lowercase letters, numbers and symbols for extra strength. Better still use two factor authentication which typically requires the user to provide a secret only the user knows (like a passphrase or PIN).
- Updating: Ensure all operating systems and application software update automatically where possibleAnti-virus software: Installing anti-virus software and an ad-blocking browser plugin on staff computers to help prevent malware compromising business computers.
- Backup: Keep frequent backups of all critical information and systems, ensuring that backups are stored securely off site and not connected to the network to prevent their loss due to fire, theft or malware.
- Subscribe to alerts published by: Stay Smart Online: www.staysmartonline.gov.au/alert-service
Scam watch: www.scamwatch.gov.au/news
Have financial protection should an attack slip through
In the event of an attack slipping through, it’s important for businesses to have financial security to handle and remediate the situation – which may include a ransom, data and application restoration, legal advice, data breach investigation and public relations, to name just a few. The financial impacts of cybercrime can be extensive and not always obvious.
Like COVID-19, there is no cure for cybercrime, just preventative measures and having the means to remediate the situation once it has taken place. To speak to a broker about cyber insurance, contact us today.
General
Defend and Pursue
The primary trigger for Professional Indemnity is a breach of professional duty that results in a financial loss to a third party, but CLP does not need to be triggered by allegations against the insured in order to respond. Five of the seven Heads of Cover included within CLP afford legal costs to pursue a dispute with a third party, such as Contractual Disputes, Debt Recovery or Restrictive Covenants (employees breaching non-compete).
Designed to Complement, Not Replace
Legal expenses insurance complements other classes of insurance as it lowers the financial burden associated with legal disputes and provides access to legal advice (without needing to trigger the policy first) and assistance which could curb the need for full-scale litigation.
Free Legal Advice
CLP allows the insured to receive targeted advice from a lawyer relating to any problem directly associated with their core business activities. Unlike PI, cover is not restricted to professional services.
A discussion with the legal team does not necessarily equal a notification on the policy. Unless it’s identified that a section of cover is triggered, advice is treated as general, and the insured can make as many enquiries to safeguard their business as they wish.
For further information contact Newcastle Insurance Group
General, Home Insurance, Real Estate
Its all over the news, a number of direct insurers have declined claims as people were operating businesses from their homes.
Given the fact that the number of people who are operating some kind of business from home has significantly incresed we thought it may be helpful if we outline some of the thinking underwriters and insurers have around this subject.
Caveat: always ask your specific underwriter or insurer or broker what their terms & conditions are on the subject before making any decision.
DISCLOSURE
You would be obliged in one way or another to tell your insurer if you start or intend to start to operate a business.
DEFINITION
In the current business environment, the distinction between home and business have become more blurred. Unless it is your (i.e. the insured’s) business and it is primarily run from the home, most insurers do not treat this as “conducting business from home”.
For example, if you work from home a few days a week, or do incidental paperwork at home for a business that performs the majority of its activities elsewhere, then msot insurers do not consider this to be a business run from the home.
If, however, you are running a business from your home premises, then you need to disclose this, regardless of the size or nature of the business.
Hope this helps.
General
Subcontractors are completing work for your customers on your behalf so you can and will be held liable for that work.
A typical example people dont think applies is an electrician coming to your business property to do some work. If they damage or injure someone whilst there you could be held liable.
If someone is injured, or damage is caused to someones property by a subcontractor, you will most likely be the one who receives the demand for compensation. Your insurer will then seek to pass on the demand to the subcontractors insurer.
Obvioulsy, it is important to make sure your subcontractors have their own adequate insurance in place, if they do not, you and your insurer may find it very difficult to recover any claim made.
You can also be potentially held liable for injuries sustained by a subcontractor whilst they are working for you. If the subcontractor has their own workers compensation, workers comp will generally finalise the claim and then seek to recover this claim from your insurer if it is deemed you have contributed in some way to the injury. A worker to worker claim like this can take years to bubble up to the surface and can be quite expensive.
There is definitely risk engaging subcontractors, be aware of the risks and mitigate them as much as you can. Your insurance broker should be talking to you about this.
Reach out if concerened about your levels of insurance cover.
Call 1300 62 80 80 or contact us www.newcastleinsurancegroup.com.au
Trades, Construction, Property Developer
Property Developer
15 Staff
$19M turnover
Background
Following the sale of 2 properties, the Insured was required to make a payment of $400,000 to their property consultant. On the day the payment was due, the Insured received an email from the consultant advising their banking details had changed. The Insured requested that this be sent to them in writing on the consultant’s letterhead which they received, including the signature of the director of the consultancy company. The Insured was later chased by the consultant for payment at which time it was discovered that the email and letter had been fraudulent. The Insured contacted their bank to stop the payment and were informed that the money had already been withdrawn and transferred overseas.
Outcome
The Insured made a claim on their Cyber policy which triggered the optional Social Engineering cover. An IT forensic consultant was appointed who identified that the hacker had infiltrated the consultants system and intercepted correspondence between the Insured and the consultancy firm. The Insured was reimbursed for the outstanding funds (capped at the Social Engineering sub limit of $250,000).
Payment: $250,000.
