Louise Zucchi of Towergate Insurance on lessons to be learned from Maersk’s bad week at the hands of cyber criminals.
As shipping giant Maersk emerges as the victim of the latest cyberattack to send major global businesses reeling, the whole industry will be waking up to the fact that no business is safe from this growing threat.
In the last few weeks it has become clear that criminals are becoming ever more sophisticated and we can assume they will continue to find ways of defeating systems’ defences and causing chaos and loss to businesses large and small and their customers, with a significant knock-on effect to those involved in the supply chain – and the shipping industry is just as vulnerable as any other.
The financial and service impact can be huge, and we would urge all operators to take immediate action to review the protection they have in place to defend against such attacks and implement improvements where they need to.
Cyber crime is continually growing, and the digital space is vital to SMEs to help them grow within their markets. There are some simple measures companies can take to help prevent becoming a victim of a cyber attack, or at the very least, mitigating any potential losses that do occur.
It’s key to remember that not all cyber policies are alike, which means that it’s important to speak with a broker who can help to tailor the right product to best meet your business needs.
Here are some basic steps that you can take to protect yourself against the threat of a cyber attack better:
Keep software updated: Download software and app updates as soon as they appear. They contain vital security upgrades that keep your devices and business information safe. Many instances of hacking have relied on businesses not staying updated with software patches.
Make passwords stronger: Use strong passwords made up of at least three random words. Using lower and upper case letters, numbers and symbols will make your passwords even stronger.
Be vigilant with emails: Delete suspicious emails as they may contain fraudulent requests for information or links to viruses. Unsolicited emails often contain attachments or hyperlinks (particularly shortened links); many phishing attacks attempt to trick you into opening a file loaded with malware or to visit a site which runs malicious scripts on your computer
Install antivirus software: Install internet security software like antivirus on all your devices to help prevent infection.
Train your staff: Make your staff aware of cyber security threats and how to deal with them. For example, the UK government offers free online training courses tailored for you and your staff that take around 60 minutes to complete. You can encourage staff by holding learning sessions – lunch and learn for instance. Most security issues are based on ignorance, not malicious intent. Assume staff don’t know all the answers and give them an environment to learn.”
Manage administrator privileges carefully: Avoid using an account with administrative privileges for normal day-to-day activities and web browsing. Accounts with lower privileges warn you if a programme tries to install software or modify computer settings thus allowing you to decide whether the proposed action is safe.
Don’t store credit card data on servers: Consider using somebody like PayPal to handle payment processing and avoid the need to access customer’s credit card details. Let your servers work for other parts of the business and let somebody else deal with the financial transactions.