Top Tips for Cyber Security for Art Businesses

by | Mar 14, 2024 | Blog post

On February 20th, 2024, #AWADinDiscussion featured an informative and engaging conversation on Security and Transparency in your Art Business: Cybersecurity in the Art World with representatives from Synergy. We were inspired to offer this program because art galleries and other businesses have been increasingly targeted by cyber criminals. What follows are some key takeaways offered by our guest speakers – Brenden Beu and Nisha Soni.

How to protect yourself from Cybercrime?

— Make sure all your programs are updated. Unpatched software = not updated. As simple as a software update on your phone or computer

— Be wary of weak credentials i.e. easy to hack passwords. Don’t use a single pass for everything. Make sure passwords are long with special characters, upper and lowercase letters and numbers. A modern up to date password manager program is a critical tool for this purpose.

Who are the threats coming from?

— The Social Engineer – uses social platforms to gain access, AI frequently used.
— The Spear Phisher – usually against people in upper management – password and social media to plan attacks.
— The Hacker – advanced infiltration of computer system
— The Rogue Employee – disgruntled current or former employee plans an attack from within the organisation or outside using knowledge gained inside. Recommendation is for Zero-trust environment. Employees are granted limited access to information and then granted access on a need-to-know basis. Organizationally create a process where this happens. 
— The Ransom Artist – compromises your systems and will only release/restore them when ransom is paid.

— 75% of cyber attacks target SME businesses.

Actions that Art Businesses can take to begin to better prepare themselves for and guard against cyber crimes.

— Conduct a risk assessment – where are your business’s weaknesses?
— Have a Cyber Security strategy/policy.
— Have an incident response plan.
— Investing in Cyber Security insurance is critical. The documentation requirements that come with it can become a roadmap for your business. Make sure the plan you select covers your needs and doesn’t duplicate security that is offered from your other insurance plans.

No one person should be the holder of the data or information needed for security purposes. Your company, as part of their cyber security plan, needs to figure out the balance between keeping info separate for security reasons and having a way of sharing it for business.

Involve your insurers – specialist advice is available from AWAD partners Hallett Independent and Gallagher.

AWAD Members have access to the session recording as well as all previous #AWADinDiscussion programs. Please note that the recording is now live the members-only section of the website. If you are interested in learning about membership please visit Join