1. “I am not a large business, cyber is just not an exposure for me.”
Hackers are increasingly targeting small businesses as that data security tends to be less advanced than larger businesses. In The Small Business Cyber Security Best Practice Guide, the Australian Small Business and Family Enterprise Ombudsman asserts that:
• 43% of cybercrime targets smaller businesses
• 22% of smaller businesses hit by cyber-attacks are so badly affected they cannot continue operating.
• 60% of smaller businesses that experience a significant cyber breach go out of business within the next 6 months
2. “My IT guy knows his stuff, he is a guru.”
Firewalls, a quality IT team and antivirus protection are all great strategies around data protection, but they are not the silver bullet. Ask yourself this, how could companies Yahoo, JP MorganChase, eBay and Target Stores with their large IT teams and robust IT systems still experience data and security breaches , resulting in significant financial losses running into the millions, as well as reputational damage to their business?
3. “We don’t hold credit card or financial records why would someone want to target my business?”
For a small business, like a chiropractic practice, the bigger risk is the interruption to your business even though you might not have such sensitive information as credit card data or financial records. The cyber-attack may include social engineering or cyber extortion. As a small enterprise you are more likely to have unique product offerings, client information, invoicing and payment records. You may also have intellectual property that has been built over years of operation which is key to your success and also an asset within your business. It is not necessarily about the data being useful to the hacker; it’s how the data and records are useful to your organisation, and important, how well (or how long) your business could function without them.
4. “I outsource to a Cloud provider – they’ll take care of it.”
When outsourcing to a third party (60% of Australian companies use cloud computer services), you don’t outsource your liability or responsibilities for the data that is managed externally. You will still be liable if a breach occurs at your service provider’s end. If your clients are providing you with their information (whether it be corporate information or personal), you have a duty of care, and are responsible for the safety of that information.
5. “I’ve got insurance, I am fully covered for any cyber exposure.”
Are you? Traditional professional indemnity insurance policies were never designed to cover cyber risks and will only ever provide partial cover, if any at all. It is important to do your homework and clarify what is covered in your professional indemnity insurance policy and what limitations are associated with it. If you do your research and find out that your professional indemnity policy does not have any cyber cover or very limited cyber cover, then you might want to consider getting cyber insurance. Cyber insurance helps to protect you against certain cyber related threats, such as unauthorised access to your computer system of network resulting in loss or theft of data. To find out more about cyber insurance or get a quote please visit aon.com/chiro, email firstname.lastname@example.org or call 1800 805 191.