Is your business prepared to deal with a disaster? In this blog post we look at recent trends in cyber security and local examples of cyber-attacks.
Is your business prepared to deal with a disaster?
Will your business be able to get up and running quickly if you lose all your information? Cyber security attacks are becoming distressingly common and all businesses in our modern age rely on information. Databases to manage the flow of money in and out, to track sales and customers and to manage our goods and services are just a few ways we rely on technology. So, what’s your strategy for dealing with disaster?
I’ve written previously about the many different types of cyber security threats that we need to be aware of and defend against. More cyber risks are appearing on the horizon each day, threatening not just our businesses but also our personal identities. For example:
- Earlier this year Equifax had a massive cyber breach through an online security flaw that allowed hackers to break into servers and steal personal data belonging to 143 million US customers. This hack occurred after an incident on its networks two months prior that had supposedly been dealt with by experts.
- A popular computer clean-up tool, Avast’s CCleaner, had recently had malware planted through a backdoor in its version updates. This represents cyber criminals moving up the supply chain, to attack not just software companies instead of consumers, but the development tools used by technology experts.
Besides cyber-attacks here are a myriad of other ways a business can lose most or all of its vital information. For micro businesses, what would you do if the disk in your laptop crashes and you’re relying on a fabulously complicated Excel spreadsheet? If you have servers onsite in your office, what would you do if the building burnt down?
Here’s a recent example from an Adelaide business of what can go wrong. This business had engaged a new technology support company and an agreed aspect of the support service was to complete offsite backups. The day before they were encrypted, the technology support company realised they had not been successfully completing the backups. The support company brought in hard drives the next day but it was already too late, in a nasty coincident a cyber-attack had occurred that morning. The business owner was frantic, she through her business was gone. She went to the previous support company, who did have backups and in the end, they were able to recover the business information right up to the day. But this encryption attack led to 4 days without computers, in a business with 6 team members totally reliant on their information technology. So they not only lost 4 days’ worth of business, but they had to replace the computer the virus arrived on as it was fried. Approximately cost to recover: $26,000-$30,000
In another more devastating example, a micro-business person was impacted by a cyber-attack and their backups could not be used to recover anything. They had been in business for 5 years and nothing at all was recoverable, all their information was completely lost.
What can you do?
The moral of this story is that I encourage you to test that you can recover information from your backups.
Of course the first thing you need to do is ensure that you’re backing up all of your data.And that you’re doing this regularly. The time between backups is the amount of time you’ll lose when (note that I say ‘when’ not ‘if’) things go wrong. If you only backup once a week, then you’ll potentially lose a week’s worth of information.
The next step is to ensure you can read from the backups and recover information from them. You might want to just dip into the backup and recover a few files that have been accidentally screwed up by someone in your business, or you might need to restore everything. Test all the different scenarios and think through what you’d do to get up and running quickly in the event of a disaster.
If you have a technology support company managing your backups, challenge them to prove that you can restore from their backups.
And If you don’t have a spare $20,00 to $30,000 lying around to cover the cost of recovery, speak to your insurance broker about taking out cyber insurance.
Don’t wait until it’s too late, get onto it today.
If you are attacked, report it to the Australian Cybercrime Online Reporting Network.
You may also be obligated to report any attacks that impact your customers’ private, personal or sensitive information via Data breach notifications - Office of the Australian Information Commissioner.
Tell us your stories!
What horror stories about hacking attacks have you heard about or been involved with?
The more we are all aware of what can go wrong, the better chance we have of mitigating the risks!
Wiser Connections is here to help
I have many years’ experience in the industry and I am here to help. I pride myself on being able to find appropriate solutions for your issues, whilst remaining fiercely independent of other information technology providers.
Please contact us today to discuss how Wiser Connections can assist your business.
Resources to read more:
- Australian Cybercrime Online Reporting Network
- Data breach notifications - Office of the Australian Information Commissioner
- Australian Privacy - Principals of the Privacy Act
- The Morning Download: Out-of-Date Software Creates Incalculable Cyber Risk, Sep 19, 2017
- IT News - Bupa employee steals data - Jul 14 1017
- IT News – Australian govt will introduce decryption laws – Jul 14 2017
- The Advertiser – Adelaide researchers will develop defences against cyber attacks – Jul 13 2017
- Defence Connect - Global Security Intelligence Centre opens in SA – Jun 1 2017
- Cybersecurity standards and certification of the European Union Agency for Network and Information Security