One single security breach can lead to the exposure of personal information of millions of people. These breaches may have a significant financial impact on companies and the loss of trust of customers and staff. It has therefore become essential to protect our businesses and our brand from spammers and cyber criminals.
Myth or Truth: Cyber-criminals look weird and hide out in basements.
This couldn’t be further from the truth.
Today the range of profiles for a perpetrator is extensive. With computer expertise, knowledge of human behaviour, and a variety of tools that are easily available to most people, a cybercriminal could be anyone out there: a disgruntled IT manager at a large corporation, an underpaid admin lady at the reception desk or even a superstar 10-year-old who wants to prove that they can. Other reasons may include phishing, scams, frauds, ransomware, harassment, stalking, human trafficking, identity theft, online slander, attack on a system and sometimes even just for fun.
Cert NZ has reported in its Q1 2023 Cyber Security Insights, phishing and credential harvesting have remained the most reported incident category. The number of incidents that Cert NZ responded to had increased by 12% from Q4 2022, and with a 66% increase in direct financial loss.
It’s quite scary if you think about it. But that’s the problem. Most of us are aware of the cybercrimes out there but do not take extra precautions to prevent it, as we may believe that the possibility of our business being attacked is slim to nothing. We may also be under the misconception that if we are password protected, then we are safe. Sadly, this is not the case.
So, what do we do?
By investing in cybersecurity tools, financial firms can better protect their systems from hackers. You can also use encryption to keep sensitive data safe. Integrating cybersecurity into your IT practices will also help you identify and respond to any vulnerabilities before they become a threat. However, this can be a very expensive and complex exercise for small to medium sized businesses.
Here are some practical tips that we can use and put in place immediately to mitigate cyber threats.
1. Perform a Risk Assessment for your business.
* Know what data your business holds and where it is stored.
* Ensure that your data storage meets the Privacy Act requirements.
* Know where you are vulnerable in your business.
* Know and understand your obligations and how much you will have to pay if something goes wrong.
2. Ensure adequate password protection of all devices and software utilized in your business.
* Passwords should be long, complex, and unique. Do not repeat passwords.
* Do not use predictive text words. Artificial intelligence software has made it easier for cyber criminals to decipher predictive and commonly used passwords.
* Implement trustworthy password management tools such as Roboform or NordPass that allow users to have secure, unique passwords for every website accessed.
3. Staying vigilant is still the best defense. Healthy scepticism is a good way to keep yourself safe online. These additional security tips can further prevent cyber theft.
* Make use of multi-factor authentication (MFA) to further secure your access to confidential information and programs.
* Develop privacy policies for you to practice and adhere to them.
* Always purchase secure products and services.
* Implement Phishing checks within your business and educate staff on what to look for and how to identify red flags.
* Check email and web domains closely. You can look on an organisation's legitimate site for email addresses companies will use.
* Check with your bank and other organisations, such as the FMA, before investing any money. This will give you a good sense of whether a particular opportunity may
be a scam or not.
* As always, be wary of who you're talking to online, take a second to check any links or details, and don’t share passwords, authentication codes or personal information.
* Communicating over an app, such as WhatsApp, is a sign they may not be legitimate.
* Check the companies register for a business’s legitimate website.
* It’s also a good idea to lock down your social media profiles because scammers can take that information and feed it into AI tools to create more realistic fake accounts or use your publicly available information to target you.
* Develop a Business Continuity Plan listing phone numbers and steps to follow in the event of a breach.
Mayday, Mayday! I’ve been attacked.
In any crisis, do not panic. You should speak up and act quickly.
Report the crime to the right government agencies. You can immediately reach out to Cert NZ as they care and are experts on cybercrime. They will assist and advise you on what to do.
0800 CERT NZ (0800 2378 69)
“Data privacy is a human right, and it belongs to you. Lock it down, protect it up, and block the hackers.”
