“The heart of the problem is email as a means of communication. People send all their confidential information, and it’s easy to hack and see what they are talking about.”

Here at Hallett independent we see at least one case of cybertheft per week, it’s much more prevalent than the physical theft of an artwork.

By cybertheft – what are we talking about exactly?

Well, often its email scammers trying to trick you into giving them your personal information. Many of these scams use social engineering as a tool to convince people to either divulge sensitive information or send money to mysterious overseas accounts, with scammers researching specific targets in order to pose as someone they trust.

So, what can galleries do to prevent this?

Put some simple measures in places. Password-protect invoices send sensitive information (including pricing details) via WhatsApp or another encrypted messaging service, or even consider using good old-fashioned snail mail.

This is a topic fully explored in Artsy’s latest blog, How Art Collectors Can Avoid Online Phishing Scams and Social Engineering.

The explanation by UK journalist Rupert Goodwin that the British Library attack was ‘largely symbolic’ because ‘as one of the world’s largest lending libraries, with 170 million items, the library is “emblematic” of public knowledge’, may be comforting for smaller institutions, but it is clear that attacks are on the increase.

So what can institutions do to guard against attacks? Especially when already resource challenged?

Firstly, your insurance broker should be talking to you about cyber risks and the options available to you. Informed brokers should be a conduit of knowledge about what the main risks are, what you can do about them and if you want to pass these these risks onto an insurer or not. Our recent instagram post highlighted some top tips:

– Speak to us or your insurance broker about cyber insurance as these policies will give you a wrap around 24/7/365 response to any incident. It will provide access to IT forensics to get systems back online plus lawyers and PR experts to help with the fall out and advise you.

– Staff training and procedures. Human error still accounts for the vast majorly of incidents. Ensure your staff are properly trained. Also, companies should have strict rules around who can move money and change bank account details. A huge red flag is bank details changing mid deal/transaction.

– Passwords. Use 3 random words which are much harder to guess and different ones for all different systems.

– Back up your data and update your devices.

– Multi Factor authentication. Use it on everything!

– Look at the National Cyber Security website www.ncsc.gov for extensive advice on cyber risks and protection.

https://www.instagram.com/p/C16046-IkIb/

‍

Sources and further reading:

https://www.theartnewspaper.com/2023/12/22/as-british-library-faces-fallout-of-cyber-attackwhat-can-arts-bodies-do-to-fight-off-wave-of-ransomware-threats

https://www.museumsassociation.org/museums-journal/news/2023/12/museums-on-alert-following-british-library-cyber-attack/

‍

View original post on LinkedIn:

https://www.linkedin.com/feed/update/urn:li:activity:7156238189148405760