Whether you operate your business from a traditional bricks-and-mortar location, or solely online, thinking about how to keep your information safe from cyber attack is key.
As we’ve grown more dependent on the web and fed it with more of our sensitive information, hackers have refined their techniques to attack a wider pool of users faster than ever.
A solid plan within your business is crucial to protecting personal data, like passwords, credit card numbers and data. A cyber attack can cost you thousands if it does happen. And ignoring cyber security threats and data breaches ultimately puts your reputation at risk.
During the first six months of 2020, the government’s Computer Emergency Response Team (CERT NZ) reported a 42% increase in cyber-crime incidents compared to the same period in 2019. Scams and fraud were the most common incidents reported, followed by phishing and credential harvesting. And, more recently, at the end of August, the NZ stock exchange was crippled by international cyber criminals.
What is a cyber attack?
It’s a slightly terrifying term, and there’s a vast number of things it can encompass. Hackers can attack your website, email, IT network, social media, staff accounts or financial accounts. Some forms of attacks include:
- Malware: Refers to any kind of malicious software designed to damage or harm a computer system
- Ransomware: A type of malicious software that denies a user access to their files or computer system unless they pay a ransom
- Scams and fraud: Online scams are intended to manipulate or trick people into giving away their personal details, financial details, or money
- Unauthorised access: Directly- or indirectly – accessing information online without authorisation
- Phishing: Phishing is a type of email scam. The sender pretends to be a trustworthy organisation, like a bank or government agency, in an attempt to get you to provide them with personal information, particularly financial details
- Data breach: A data breach is when private and confidential information is released into an unsecured environment. This usually means that the information becomes publicly available. It also means that others can use it for personal gain, or to cause harm to a business or individual
How do I prevent cyber attacks on my business?
The good news is that the risk of attack can be mitigated easily with a few simple steps. Where do you start? To best protect your systems and data, you need to identify and address your vulnerabilities and your important assets.
1. Use strong passwords for everything
Always use strong passwords to protect your data and devices. It can seem like a hassle and you may be tempted to reuse the same one password for everything. But don’t fall into that trap. Use passphrases, rather than passwords. They’re unique, at least 15 characters long and a combination of different character types, eg IAte36OfDannysDonuts!
Change default passwords and usernames that come with a new device as soon as you get it. And avoid using the same password or passphrase for more than one of your systems or staff. Hackers could get into all your most sensitive information in one go.
Also avoid storing your passwords on your online systems or devices, this makes them far too easy to find. Instead, use a password manager. Just make sure you choose a reputable one.
2. Keep company computer systems up to date
An easy way to prevent hackers from getting into your systems is to make sure your company computers are up to date. Software providers release regular updates to guard against the latest hacks and bugs. Yes, they’re easy to ignore or continuously put off. But the small hassle of keeping your systems safe is worth it in the long run. You are willingly leaving cracks in your security if you don’t update your systems.
3. Don’t keep sensitive data longer than it’s needed
Get rid of sensitive information on your company computers that you no longer need. It’s easy for documents and files to get hidden away. But if you have personal info on former employees, contractors, clients, or other people you no longer interact with, you have a responsibility to keep it safe. Put a plan in place to regularly wipe unnecessary information like this from your company computers.
4. Use a VPN service
You will likely have data you don’t want stolen on your work phone or laptop. However, if you access the web at places with weak wireless security (public WiFi networks are unsecured), you’re vulnerable to attacks from hackers.
The best way to protect the data streaming in and out of your device when accessing the internet via WiFi is to use a VPN service. Essentially, a VPN encrypts all your internet communications, so it prevents anyone from tracking your internet activities and stealing your sensitive information.
5. Manage access
Security breaches can often be caused by an employee doing something they shouldn’t, usually accidentally. If employees use computers and mobiles devices at work, or work devices out of work:
- Create an IT and social media policy to keep everyone on the same page
- Make staff aware of how cyber attacks can happen
- Give staff the appropriate level of access to your systems and apps.
Put a cyber attack plan in place. Test different scenarios regularly, and make changes to your plan if things don’t work as expected. If you have lots of holes and don’t know how to manage them, consider paying a security specialist to help you set up a security process.
My business has been hacked, what do I do?
If you think you’ve been hacked, you’re certainly not alone. Almost one in five small businesses in New Zealand have been targeted by a cyber attack.
While you don’t have a legal obligation to report any breaches or hacks, it’s best not to ignore them. How you approach the problem depends on the issue. But it’s not always easy to figure out what’s gone wrong. Write down what’s happened, including when and how you noticed the issue and what’s been affected.
If you don’t have an IT expert on your team, there are a number of resources that can help you diagnose the problem. CERT’s online reporting tool, for example, asks you short questions to help you identify and diagnose the problem. It then offers advice on a resolution. And it’s confidential. Netsafe has an online tool, too.
If you do have an incident, break it down into four steps:
- Pinpoint exactly what happened, and how
- Take any immediate steps to stop the damage from becoming worse
- Think about whether it’s necessary to notify affected people
- Put in place a plan to prevent it happening again
If you’ve been attacked by ransomware, DO NOT PAY UP! Plenty of people who pay a ransom never get their data back. It could also put you at risk of further attacks. If an attacker sees that you’re willing to pay, they could target you again.
Paying ransoms supports this kind of criminal activity. CERT has a full guide on dealing with ransomware attacks. The Privacy Commissioner also has a comprehensive guide on recognising types of data breaches and how to deal with them.
Canstar can help
Fast broadband is just as important to a business as having beefy cyber safety systems in place. Things grind to a halt without broadband. And many providers offer advice on cyber security as part of their support packages.
So as part of our mission to inform consumers of the best NZ has to offer, Canstar Blue has compared broadband providers, rating them on customer service and value for money. To find a plan that works for your business, just click below to get comparing!