12th October, 2017

Are your staff holding you to ransom?

It could be happening in your office right now. One of your trusted staff members could be about to pull that trigger, plummeting you into a hostage situation. And the scary thing is, your staff member probably doesn’t realise what they are about to do, and they certainly can’t envision the destruction it is going to cause your company. Cyber Crime, and particular ransomware has continued to rise in 2017, and will be here to stay in 2018.

Ransomware involves hackers taking control of a computer system and blocking access to it until a ransom is paid. For cyber criminals to gain access to your system, they will often need you to download a malicious file, or access a malicious website. They will often disguise the file or link inside a trusted email by impersonating companies such as Telstra, Google, Apple or Netflix. Common tricks include impersonating email addresses to look similar to those actually used by the companies, or imitating the way an email looks and sounds when compared to the legitimate version. So how can your staff spot a phoney, and keep you out of the hostage situation? What happens if they fall for the scam?

There are always telltale signs to spot the fake email. Cyber Criminals will often set the email to look like it came from a trusted source, for example support@apple.com. If you were to hover the mouse over the email address, or reply to the email, you might find you are responding to support@hackersrus.com. A second sign is checking the message body carefully. If the email is addressed to Sir or Madam, or no one at all, it is another sign the email may not be authentic. You can often spot grammatical errors or spelling errors in the body, which again give away someone could be trying to dupe you. With regards to links, hovering your mouse cursor over the button or link in the email will show you the web address, were you to click the button. It is crucial that this is given more than a glancing look, as hackers do try to imitate legitimate websites. For example, if a cyber-criminal was trying to direct you to a fake Apple website, they might create a website using the address www.aple.com or www.apple.co. Now being armed with the above knowledge and some robust IT Security should keep you protected, right?

Unfortunately the answer isn’t that straightforward. The weakest link in your system has been and always will be your staff. In this current day and age, staff are trying to do more things in less time, both professionally and personally. They are trying to respond to hundreds of emails, whilst also monitoring Australia Post for that eBay order they made the previous evening. So when they get an email from ‘Australia Post’ attaching a ‘Shipping Dispatch’ for their eBay order, they may not think twice before opening the attachment. Alternatively, one of your key clients may have emailed your employee an urgent request to review some files saved in a Google Drive or a Dropbox. Without even thinking, they click on the link to open the file and Bam! You are now in a hostage situation.

Once your system is locked down, you will receive instructions from the hacker on how to pay and unlock your system. This is an absolute last resort, as there is no guarantee your system will be unlocked. Furthermore, it could also be illegal to pay the ransom. You can contact your IT provider, who can use back-ups to restore your system. In order for this to be effective you must have ensured that you or the IT Company have regularly tested the backups are working, and the data can be restored. Too often companies fail to complete this, and find the back-ups fail at the time of need. Also be aware that this service may fall out of your terms of agreement with your IT provider, leaving you to foot a hefty service bill. On top of this, there will often be a delay within your business, primarily caused by the inability to access your systems, as well as a backlog created whilst waiting for the system to be restored.

Now before you say it won’t happen to me, consider that in 2015 1 in 3 business experienced a cyber-crime. Think about your own recent experiences in your office. Have you received an email you knew was malicious and deleted it? Every time you or your staff gets one of these emails, it is a potential threat to your business. Remember, you and your team have to get it right 100% of the time. The hacker only needs to get it right once.

It is often said the employees are an organisations greatest asset, but they can also become a significant liability in the event of a ransomware attack. In order to effectively protect your business and your reputation, you need to do more than hope your IT providers have you covered. You need to ensure you and your staff are equipped to spot that dodgy email or the suspect link. And if all else fails, you will want to be sure your insurance program has you covered.

So how can you protect your business against this threat? Your first port of call is your IT provider, to ensure your security is as robust as it can be, and this is critically tested on a regular basis. You should also ensure updates to operating systems and protective software are occurring as they become available. Secondly, it is critical to not only have processes around internet usage and security, but to actively and regularly discuss these and review these with your staff. It is no longer enough to write a policy which is handed to staff at induction, only to be forgotten a week later. Businesses should be conducting regular training with staff around the risks, and keeping staff up to date as new threats and methods come to light. Finally it is crucial you speak with an Insurance Broker who will take care to ensure you and your business is protected from your cyber risk exposures.


Article written by Michael Verbunt, Bruce Insurance, Account Manager

Author: Murray Bruce