How & why are small businesses exposed to Cyber Crime? (Or is it just for larger companies?)

  • By the source below
  • 12 Jan, 2017

Solution Underwriting 06.10.16

Quite simply the introduction of new Privacy legislation in March 2014 changed the landscape for all sized firms to consider privacy protection and subsequently cybercrime to protect their business, regardless of size.

 

The Background:


The Privacy Act 1988 (Privacy Act) protects personal information. Personal information is information or an opinion that identifies someone or could identify someone. Some examples are your client's name, address, telephone number, date of birth, medical records and bank account details.

On 12 March 2014, changes to the Privacy Act commenced. These changes include a new set of Australian Privacy Principles which set out how private sector organisations must handle personal information. They also include changes to the way credit information can be collected and used.

Therefore, if you think about how most businesses trade, you start to realise that any business that holds customer details need to understand and comply with the new legislation. Eg retailers who simply use EFTPOS machines or take client's credit card details. Companies like your own brokerage firm that use IT systems to collect information and money from your clients - is their information adequately protected?

Below is a link outlining how the new legislation has changed and how it can affect you and your clients:


https://www.oaic.gov.au/individuals/privacy-fact-sheets/general/privacy-fact-sheet-24-how-changes-to-privacy-law-affect-you


What about Cyber Crime? How are small businesses exposed?


Wikipedia defines Cyber Crime as: https://en.wikipedia.org/wiki/Cybercrime


Computer crime or cybercrimeis crime that involves a computer and a network (we all have one of those!)

It goes further to explain that, The computer may have been used in the commission of a crime, or it may be the target. It defines cybercrimes as: "Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such as Internet (Chat rooms, emails, notice boards and groups) and mobile phones (again we all use these tools in our private and professional lives).

Our news feeds are filled with many examples of Corporate Cyber Crime – they sound surreal and the idea of “it won’t happen to me ” is still common with small to medium sized companies - they simply just don’t believe anyone would ever do that to them - but isn’t that what insurance is all about – protecting against the unforeseen?

We are all intrigued by a good Cyber Crime story – in fact we have found a list of the Top 10 Cyber Crimes of 2015 for you – check out the link below:

http://www.computerweekly.com/news/4500260419/Top-10-cyber-crime-stories-of-2015

 

So how can a small company protect themselves?

There are many options in the market for companies to protect themselves against cyber liabilities but not all companies can afford the premium associated with the level of coverage offered. An alternative could be an endorsement to an existing policy.

 

An overview of coverage available through our recommended insurer is as per below:

 

Section a) Third Party cover-

  • Liability for breach of any Australian or New Zealand privacy legislation;
  • Infringement of any intellectual property rights, copyright or trademark;
  • Defamatory statement as a result of content in email or website;
  • Negligent transmission of a computer Virus via email or website;
  • Unauthorised collection or misuse of customer data which is held electronically.
  • Section b) First Party cover-
  • Reimbursement of costs incurred by the client to repair, replace or restore systems and data as a result of a hacking attack or the threat of a hacking attack.

 

This covers reasonable costs incurred such as:

  •  Costs of Restoration and Recreation of Data
  • Computer Malware Decontamination Costs
  • Experts Fees
  • Costs of Restoration of Access Control System
  • Costs of Investigations and Inquiries
  • Costs of Managing the Procedure with Supervisors
  • Costs of Legal Defence
  • Notification and Communication Costs

 

So if you would like to talk to us or need a quote please contact us on 07 5586 9955
By the source below 18 Jul, 2017
Cyber risk and insurance is top of mind for both insurance businesses and the wider business community following the recent WannaCry and Petya ransomware attacks.

According to one cyber expert, things could be about to get a whole lot worse for the insurance industry.

Search and compare product listings for Cyber insurance from specialty market providers here

“It’s exceptionally likely that we will see an event over the next months that will seriously affect insurers,” Graeme Newman, chief innovation officer at CFC Underwriting, said, according to Bloomberg .

“It would only need a combination of WannaCry’s wide reach and Petya’s destructive force to cost cyber insurers something like $2.5 billion, or a full year of gross premium income in the market.”

Speaking after the Petya attack, Fergus Brooks, Aon Australia’s national practice leader for cyber risk, said that he believes attackers are “just flexing their muscles” in terms of the damage they can cause as he fears attackers may have something bigger planned.

“I still think that these things are not being realised to their full potential,” Brooks told Insurance Business .

“I still hold by my assertion that the first one [Wannacry] was a shot over the bow and I think this one [Petya] they have just gone, ‘I bet there are still some machines out there so let’s do it’.”

As awareness of cyber risk and insurance continues to grow in the wake of these global attacks, so too does the exposure insurers face.

As a new insurance market, cyber payouts have so far been limited but Thomas Seidl, an analyst at Sanford C. Bernstein, in London, told Bloomberg that this limitation may soon disappear.

“Sooner or later we will see a billion-dollar cyber claim and the insurance market is well positioned to absorb that,” Bernstein said.

“Everybody has exposure to cyber risks and the best precaution can’t eliminate that, so there is a strong demand for insurance, making cyber coverage by far the biggest opportunity for non-life insurers for the next years.”

By the source below 18 Jul, 2017

At Austbrokers Coast to Coast we are always looking for tools to assist our clients to minimise their risk. A claim is not always the best result and, even though we can put cover in place to protect you against lost stock and machinery breakdown - sometimes prevention is the best measure!

Maxichill Refrigeration and Air Conditioning Specialists have kindly supplied the following information on a device that monitors your cold rooms over 24 hours 7 days a week and prevents you arriving to work the next day to a disaster!

This not only keeps your business running but prevents multiple claims damaging your claims history and pushing your premiums up or, at worst, resulting in uninsurable items.


FRIGBOT Info Guide

Frigbot is designed to work with all major electronic refrigeration controllers such as Carel, Dixell and Eliwell.

 

How it works –

Your refrigeration is at your command with Frigbot. With immediate access to all the information from anywhere you know exactly what is happening at all times. You even receive alerts so your equipment can call you when it's in trouble. Download the free companion app to have your Frigbot's information in your pocket.

Frigbot is a system of  new business methods that connects refrigeration companies to fridge owners creating great value for our valued and future customers

 

Features –

Cloud Based:

Apple of Android Based APP

With Frigbot there is no software to download, no backups and no configuration issues with your PC or Mac. Why? Because it’s all in the cloud.

We do all the backups and take care of all the other tricky stuff like security and updates. Super easy. Always on. It’s the new way to do business.

 

Reports:

Frigbot collects the operational data from your equipment and presents it in an easy to read graph. This can not only tell you the current status of your equipment but the Frigbot report* can tell you what was happening yesterday, or last week, or however long you want to go back. It’s your very own crystal ball that provides compliance documentation and is an essential tool for fault finding and troubleshooting equipment malfunctions. The Frigbot reports can also be used as a tool to predict equipment faults (maybe before they happen).

 

Configuration:

With Frigbot you can log in and update your configuration anytime you like and from anywhere you have internet access. But the  magic doesn’t stop there because Frigbot also has an incredible and unique backup feature that saves all your settings - so when you need to replace a faulty controller you can download and restore your  last known working configuration . This is unique to Frigbot and a genuine labour saving efficiency.

 

Alerts:

When refrigeration equipment breaks it can be a disaster: spoilt food and loss of trade sales (plus the emotional and financial stress of the whole event) and the only person who can solve the problem is usually the very LAST person to get involved. That’s the old way of doing business!

The  NEW way alerts MAXICHILL Refrigeration FIRST . This simple alert triggers faster response and quicker repairs that mean less down-time. When there’s a breakdown the focus is all about turning the situation around as fast as possible and keeping any disruptions to a minimum.

 

Technical Info –

Frigbot has the ability to measure electrical current in real time. This is a more advanced feature but essential if you need the operational status of refrigeration equipment. If you measure electrical current  you can remotely determine if a compressor has a potential fault - this is a huge time saver for a busy refrigeration mechanic.

Diagnostic and activation information is presented automatically on the low-power ePaper display.

The Frigbot uses the cellular network to send refrigeration status and configuration information to our cloud servers. No need for any Wi-Fi connectivity, use your Frigbot’s anywhere that a mobile phone works!

 

                                    MAXICHILL REFRIGERATION & AIR-CONDITIONING

                                    Ph: 0419 102 754

                                    Email: info@maxichill.com.au

                                    ABN: 85 041 779 812

                                    ARC: AU31134

                                    BSA: 1271764


By the source below 18 Jul, 2017

The Australian and New Zealand Institute of Insurance and Finance ( ANZIIF ) has announced the nominees for its annual awards.


In the small broking company of the year category, Austbrokers Coast to Coast, Remingtons Insurance Brokers and Simplex Insurance Solutions make it two nominations in a row – with Austbrokers Coast to Coast hoping to secure an award-winning double.

In the medium broking company category, Adroit Insurance Group will look to retain their title, as they face off against GSA again.

In the large broking category, last year’s winner Aon goes up against Marsh and Insurance Advisernet.

“With 106 submissions received this year, these awards recognise the outstanding performers and high achievers in the industry and the positive impact our industry has on the community,” Prue Willsford , CEO, ANZIIF said.

Last year’s underwriting agency of the year PetSure faces competition from CHU and NTI whilst, in the large general insurance company category Allianz , CGU , QBE and Suncorp are all nominated.

Small-medium general insurance company of the year sees both RAA and RACT nominated.



By the source below 18 Jul, 2017
In an important decision by the Fair Work Commission (FWC), the FWC has decided to insert a provision for the conversion of casual employment to full-time part-time employment into all Awards. The decision was part of the FWC’s 4 yearly review of Awards. 

Some awards already contain a casual conversion provision. For those Awards that don’t, the FWC will insert a clause that allows casual employees to convert their casual role to the full-time or part-time position. There are about 85 such Awards.

The FWC decided that the conversion to full-time/part-time employment should become an entitlement after a casual employee completes a qualifying period of 12 calendar  months of casual employment on an ongoing regular basis.

The ACTU had argued for a 6 month qualifying period. A further qualification is that the work performed by the casual employee can be performed by a full-time or parttime employee without significant adjustment to the pattern of work hours.

An employer can only refuse to convert the casual employment to full-time/part-time employment if:
  1. doing so would require a significant adjustment to the hours of work; or
  2. the employer can foresee that within the next 12 months, the casual employee’s position will either cease to exist, or the hours of work will significantly change or be reduced; or
  3. there is another reasonable ground, based on reasonably foreseeable facts.
In addition, the clause will require employers to provide the casual employee with a copy of the casual conversion clause in the Award within the first 12 months of the casual employee’s initial engagement.

The FWC decided to include the casual conversion clause in all Awards to remedy what it held to be the detriments associated with long-term casual employment. These detriments, the FWC held, are inconsistent with the objective of all Awards, namely to provide a fair and balanced safety net for employee. The detriments identified by the FWC were:

1. a lack of career path
2. diminished access to training
3. poorer health and safety outcomes
4. a diminished ability to obtain loans from financial institutions
5. a tendency to still attend work when sick
6. an increased reluctance to take recreational leave (due to concerns about ongoing employment if they do)
7. an incapacity to attend to personal carer responsibilities; and
8. the potential for a sudden loss of regular work without proper notice or adjustment payment.

In a further aspect of the decision, the FWC noted that some Awards do not provide for a minimum engagement period for casual employees. The ACTU proposed a 4 hour minimum engagement period. The FWC decided to include 2-hour minimum engagement period for casual employees into about 34 Awards.

What does this mean for employers

This decision will have a particular impact on employers who use high degree of casual employment. Employers may do this as a means of regulating work hours, to meet peaks and troughs in customer demand and to minimise employment costs such as notice periods and potential redundancy payments and the costs of possible dismissal claims.

Employers will need to consider the manner in which their long-term casual employee are rostered and whether this pattern of rostering creates a clear and systematic pattern of work for casual employees. They will also have to consider whether the roster pattern could be carried out by full-time or part-time workers.

It will also be important to identify which roles cannot be done by full-time/part-time workers without significant adjustment to the hours available for work or if there are other reasonably foreseeable issues make converting casual employment unreasonable in terms of the business’s operational needs.

While the FWC noted that the casual loading is meant to compensate for a range of entitlements such as leave entitlements, casual loading does not, in fact compensate for all of the detriments associated with casual employment.

This may result in businesses having to rethink the reasons and objectives behind employing casual workers. It is better to consider and identify these issues now rather than upon an application for conversion to full-time or part-time work.

If you have any further questions, please contact one of our lawyers.
By the source below 08 Jun, 2017
A new report from international insurer   Beazley   has found a new cyber threat that clients should be made aware of.

The latest   Beazley   Breach Insights report, from the cyber specialist   Beazley   Breach Response (BBR) Services, said that phishing scams aimed at accessing direct deposit funds have emerged as a growing threat, particularly in the higher education sector.

Phishing scams aimed at accessing employee tax information also rose, representing 9% of all breaches handled by   Beazley   in the first quarter of 2017.

Beazley ’s BBR Services handled 641 breaches on behalf of clients in the first quarter of the year, compared to 462 during the same period of 2016.

“Organisations continue to face increasingly sophisticated threats as hackers adapt and employ new methods to seize data and funds,” Katherine Keefe, global head of BBR Services said.

Direct deposit phishing sees hackers try to access an employee’s email and, once inside, request a password reset for the firm’s payroll provider. Hackers then chance an employee’s forwarding rule to send all emails from payroll to a junk email folder as funds are stolen.

Higher education was a particular target of these style of attacks where hacks and malware caused 48% of data breaches in the first quarter.

Ransomware continues to be a major threat for businesses with attack numbers up 35% compared with this time last year.

Financial institutions also remain a key target with firms in the sector suffering a number of breaches. The sector has seen an increase in unintended disclosure breaches which see bank account details or personal information sent to the wrong recipient.

In a bid to up cyber security and resilience   Beazley recommends that businesses deploy prevention and detection tools, use threat intelligence services, and utilise staff and manager training and conduct risk assessments focused on identifying and protecting sensitive data.
By the source below 08 Jun, 2017
The Australian Competition & Consumer Commission (ACCC) has warned that thousands of homeowners across the country could still be at risk of fire and electrocution due to faulty electric cables.

Infinity cables installed in New South Wales homes in 2010 may already have started cracking, with other state and territories where the cable was installed from 2011 coming into danger next year.

The product safety regulator is warning that the dangerous cable could become prematurely brittle and break under stress near heat sources and roof access areas. This could lead to fire or electric shock if cables are disturbed by home or business owners or tradespeople.

Delia Rickard, ACCC deputy chair, said that whilst the product recall is in its fourth year, only 54% of the 4,313km of dangerous cable has been found and fixed.
“Your home might be a ticking time-bomb if you haven’t had Infinity cabling replaced,” Rickard said.

Rickard urged those who had electrical cables installed between 2010 and 2013 to organise an inspection with a licensed electrician.

Brokers should discuss with both home and business clients if their properties have undergone any electrical work during this timeframe.

"In some circumstances, suppliers, installers and property owners may be liable to pay compensation for injury or property damage caused by Infinity cable installed in buildings,” Rickard continued.

The national recall began in August 2013.
By the source below 08 Jun, 2017
ASIC   has said there is still “substantial work” to be done to clean up the sale of add-on insurance sold through car dealerships with more enforcement action being considered.

In 2016, add-on insurance, particularly policies sold through car dealerships, was put into the spotlight by   ASIC   with calls for a shake-up of the industry. Michael Saadat, an   ASIC senior executive who oversees insurers, banks and credit, said that while some work had been done to address concerns, it remains a major focus for the regulator.

ASIC   has long been concerned about the sale tactics, very poor value of the product and commission structures of add-on insurance, especially as sold through car dealerships,” Saadat said, according to the   Australian Financial Review .

Saadat said that insurers are now being required to provide granular data on sales to   ASIC , so that the regulator can place more scrutiny on the impact of consumers. While Saadat did not name any particular companies, he noted that the regulator is working alongside individual insurers to ensure that they remediate any consumers that were sold add-on insurance unfairly.

Browse and compare product listings for Auto insurance from specialty market providers here

“Enforcement action remains under active consideration,” Saadat continued.

Earlier this year, the ACCC denied insurers authorisation to put a joint cap on commissions paid to car dealers who sell add-on insurance policies, citing that customers could still be sold products without being given adequate information or opportunity to make a considered decision.

The ICA proposed a series of enhancements to the sale of add-on insurance products last year in a bid to upgrade sales processes and improve value for customers.

Brokers have also called for action with David Coe, managing director of Northwest Insurance, speaking to Insurance Business earlier this year about the need for further regulations to protect consumers and to create a level playing field.

“I would like to see tighter regulations on car yards and the like,” Coe told Insurance Business. ”Also, the banks offering products, particularly insurance products - we are getting a lot of people coming back to us from the banks that are very unhappy about the way that they have been treated.”
By the source below 16 May, 2017
See how an effective ransomware attack comes together. This is why today's enterprises require effective security. For more on how Cisco looks to keep ransomware at bay, go to:   http://cs.co/9001BAFGf .
By the source below 15 May, 2017

The highly-anticipated tax cut for small businesses will provide much needed relief for mum-and-dad owners, with an Australian Small Business and Family Enterprise Ombudsman (ASBFEO) report highlighting the amount of tax paid by the small business sector overall has increased, while the contribution made by big business has fallen.

The ASBFEO’s   Small Business Counts   statistics report released today, includes ATO figures showing the small business share of company tax revenue has increased two per cent in recent years, while input from the big business sector has fallen three per cent.

“A healthy small-business sector is a prerequisite for a growing economy; there’s no doubt SMEs are doing their fair share when it comes to paying tax, not to mention creating job opportunities,” ASBFEO Kate Carnell said.

“The Federal Government’s foreshadowed company tax cuts for businesses with a turnover of up to $10 million will give 99 per cent of Australian businesses a tax reduction, and will provide a much needed shot in the arm for the sector’s growth prospects, enhancing the ability of small businesses to employ,” she said.

Compiled over the past 12 months, the ASBFEO statistics report brings together data and analysis from a range of sources including the ATO, ABS and Austrade, and has been released to mark the office’s one year anniversary.

“This report provides a unique insight into the sector; it ultimately reinforces the size and importance of the small businesses to the Australian economy, and outlines its growing diversity,” Carnell said.

Among the report’s findings, Carnell said the number of small businesses currently venturing into offshore markets is on the rise.

“Encouragingly, ABS data shows more and more small businesses are entering export markets, with 44 per cent of goods-exporting firms classified as small business,” Carnell said.

“Many are also entering the global market place at an early stage of their development, giving rise to the ‘born-global’ phenomenon,” she said.

Carnell said while many small businesses are at the cutting edge of innovation, she’d like to see more small businesses go down this path.

“Our report highlights ABS data showing small business accounts for 17 per cent of business expenditure on R&D; while this is encouraging, it’s a figure I think the sector can – and will – build upon, particularly as more small businesses realise the benefits of entering into strategic partnerships with larger companies, especially in industries like defence,” Carnell said.

Carnell said the purpose of the report is to be a resource for governments, public policy makers and researchers that will improve their knowledge and understanding of the Australian small-business sector.

“We’re inviting feedback on the report and welcome comment from small business and others on how we can ensure this document is the go-to publication for small-business stats in Australia,” Carnell said.

The full report can be found on the ASBFEO website: www.asbfeo.gov.au where a feedback form is also available.

By the source below 15 May, 2017

The Privacy Amendment (Notifiable Data Breaches) Bill 2017 ( bill) amends the  Privacy Act 1988  (Cth) ( Privacy Act) and imposes an obligation on businesses to notify individuals and the Information Commissioner of data breaches. While the introduction of a mandatory data breach notification regime is significant, the threshold for notification is quite high.

When will it take effect?

The notification laws are expected to come into effect within the next 12 months. The bill was passed by both houses of parliament on 13 February 2017 and is currently awaiting Royal Assent.

Who is affected?

All entities that are currently subject to the Australian Privacy Principles ( APP entity) in the Privacy Act, which includes:

  • Australian Government agencies;
  • all businesses and not-for-profit organisations with an annual turnover for the previous year of more than $3 million;
  • health service providers, or holders of health information (subject to the operation of the  My Health Records Act 2012  (Cth));
  • credit reporting bodies; and
  • holders of one or more individuals’ tax file numbers.

Also, if an APP entity has provided personal information to an overseas entity, these notification obligations may still apply as if the APP entity itself held the information.

What are the notification requirements?

An  ‘eligible data breach’  is central to this legislation. An eligible data breach happens if:

  • there is unauthorised access, disclosure or loss of, personal information held by an APP entity; and
  • a reasonable person would conclude that the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates.

‘Personal information’  means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not. Common examples may include individuals’ dates of birth, addresses and credit card details.

‘Serious harm’  imposes a fairly high threshold, and is where a reasonable person would conclude that access to, or disclosure of, personal information would be likely to result in serious harm, taking into account a range of specified matters1 including:

  • the kind of information and its sensitivity;
  • the persons who have obtained the information through the breach;
  • whether the information was encrypted; and
  • the nature of the harm.

The Office of the Australian Information Commissioner has previously considered  ‘serious harm’  to include identify theft and financial fraud.2

There are three categories of obligation surrounding an eligible data breach.

Suspected breach

Within 30 days of an APP entity suspecting that there may have been an eligible data breach it is obliged to carry out a reasonable and expeditious assessment of whether there in fact has been such a breach.

Actual breach

If an APP entity has reasonable grounds to believe that an eligible data breach has happened, it must notify:

  • affected individuals; and
  • the Information Commissioner.

An APP entity is also required to provide such notification if directed to do so by the Information Commissioner.

Remedial action

If an eligible data breach occurs, and the APP entity takes action before the breach results in serious harm to any of the affected individuals, then the breach is deemed to have not been an  ‘eligible data breach’  and no notification steps are required.

The notification

The APP entity’s notification to the Information Commissioner and the affected individuals must be provided as soon as practicable after the APP entity becomes aware of the breach, and must contain:

  • the identity and contact details of the APP entity;
  • a description of the eligible data breach;
  • the kinds of information concerned; and
  • recommendations of the actions that the affected individuals should take in response to the eligible data breach.

What are the consequences of non-compliance?

If an entity or individual does not comply with the requirements of the legislation, they risk facing civil penalties of up to $1.8 million or $360,000 respectively or compensation orders to individuals who have suffered loss or damage as a result of the non-compliance.

What do I need to do?

If these amendments are likely to impact your organisation, we recommend action be taken now to prepare for the commencement of the bill. Such action may include implementing:

  • the Australian Signals Directorate’s recently introduced  ‘Essential Eight’   strategies to mitigate cyber security incidents; and
  • a data breach response plan, such as the example plan on the website of the  OAIC .

We also recommend a whole-of-business approach towards minimising cyber risks and the associated fall-out from a cyber event should be taken. As part of this, companies should consider how their present insurance coverage responds to cyber events and whether obtaining specialised cyber risk insurance coverage is necessary, particularly in light of the impending commencement of the bill.

Download Publication here 

http://www.carternewell.com/page/Publications/2017/Need_to_Know_%E2%80%93_Australia%E2%80%99s_New_Da...


Austbrokers Coast to Coast can offer comprehensive solutions for all risks mentioned. Please contact us on 07 5586 9955


More Posts
Share by: