The potential ramifications of a data breach are enough to give even the most laid-back broker nightmares.
The leak of the so-called ‘Panama Papers’, files detailing the private dealings of some of the world’s most famous and powerful people who were using the services of offshore finance specialists Mossack Fonseca, was a timely reminder of the need to ensure your systems are secure.
And don’t make the mistake of thinking your company is too small to be on the hackers’ radar – last year a small Scottish firm, Ellen Conlin Hair and Beauty, was forced to pay a ‘ransom’ of €1,000 after cyber-criminals took control of its customer database.
Most businesses will have professional IT security measures in place, yet still the hackers get through. So where should you focus your efforts if you want to avoid becoming a victim? On your staff, according to cyber-security expert David Lannin.
Lannin – director of technology at Sapphire, an IT security firm with offices in Basingstoke, Darlington and Paisley – says with ‘phishing’ attacks (where hackers hide malware within an e-mail) on the rise, educating everyone within the organisation is the best way to stay safe. Reminding staff to be suspicious of e-mails from unknown sources could save you a lot of trouble and money.
He told Insurance Business UK: “Businesses think that because they have firewalls and intrusion prevention systems in place they’re secure, but it’s the users that are often the weakest link in the chain, so education of those users is paramount.”
If the hackers are successful, the impact on companies in terms of business interruption, reputational damage and fi nancial cost can be signifi cant. “It can be dreadful,” Lannin said. “One of the most common things we tend to see these days is a phishing attack resulting in ransomware being propagated across an organisation’s network. A user who is perhaps attached to back-end databases and shared fi les… the moment he or she’s hit it
can spread like wildfi re, encrypting data and making it inaccessible.
“Quite often with ransomware, the only way to fi x it is to pay the ransom – and that’s what we’re seeing customers doing these days.”
So what’s the one thing insurance businesses should do to lower the risk of becoming the hackers’ next victim? Over to Lannin: “They should tell staff they are likely to be attacked at some point so everybody needs to be vigilant. Educate your people – give them the tools to restore their data, teach them what a suspicious email is and how threats can be propagated across your environment by something as simple as opening a spreadsheet,” he says. “The threat is very real.”