In the changing economy today where everything is mobile and everything is moving at twice the speed it was before we are all faced with wonderful opportunities and challenges when it comes to how we store and protect information that we keep safe for our clients and our staff.
A typical organization in South Africa would be keeping 100’s of records of information and those records have value to Cyber criminals.
As business owner, we are obliged to keep those records secure from prying eyes.
A plumber that prides himself on his neet record keeping and his fairly low tech customer management system would be at risk in the following way: even though the he does not use fancy CRM software he still emails his invoices to his clients (because they insist on it) and he also receives invoices from his suppliers THREAT 1 & THREAT 2. Now he does not keep a customer data base with any private information nor does he have a lap top. He simply uses his old desk top computor at home (THREAT 3). The one thing that Mr plumber does rely on for new business leads is his website that he set up years ago on his “tech savvy” daughters advice. (THREAT 4).
In this example, we have used the most un-techy business scenario to show how even in this case there are Cyber security issues.
THREAT 1: Even though there is no formal data base that keeps customer information if the plumber sends email to his clients that have his invoices on it then the following information is available to a hacker: Client name details, address and if the client is a business then all the business information as well. Also in the is case the most valuable bit of info might just be the clients actual email address.
THREAT 2: The plumber receives invoices from the suppliers. Here the suppliers banking details will be at risk as well as all the other information mentioned in THREAT 1. Interestingly a threat of Cyber espionage might also be relevant here. If a competitor of either the plumber or the supplier has hacked in then all the commercial information is also available. What prices and parts are being used for each job.
PERSONAL INFORMATION OF THE PLUMBER CUSTOMERS, SUPPLIERS, AND THE PLUMBER HIM SELF HAS BEEN PUT AT RISK
THREAT 3: The Plumber we know and love just uses his old desktop PC to do all the invoicing and receive the business emails. He does not update his software because he just learnt how to master Windows XP and does not like Windows 7 and does not even know that Windows 10 has been released. Not only is his software outdated but he does not update the software because he did not know it was required. This leaves this PC open to even old automated malicious attacks.
EVERYTHING ON THAT PC IS AVAILABLE TO ATTACKERS – AND BECUASE ITS OLD SOFTWARE ITS EASIER THAN EVER
THREAT 4: The website that our plumber uses is attacked by a bored hacker that spots easy targets and then hold the site ransom until a fee is paid in Bit Coin or an underhanded marketing company promises a competitor to the plumber increased leads from there online marketing efforts and so crashes the original plumbers website everyday – all the time.
A DOWN WEBSITE RESULTS IN REPUTATIONAL AND OPPORTUNITY COST
In all of these scenarios, there is no insurance BUT for cyber liability insurance that would respond and indemnify the insured party against financial and reputational losses.