Government report a cyber-warning to New Zealand businesses
The threat of cyber-attacks is becoming an ever-growing concern for New Zealand businesses. The PwC New Zealand CEO Survey 2017, found that 91 per cent of CEOs are concerned about cyber-attacks, and a 2016 survey of leading directors and executives at the 2016 MinterEllisonRuddWatts Corporate Governance Symposium found that less than 30 per cent were confident they were prepared for a major cyber event.
In response to this growing threat, in 2016 the New Zealand Government invested $22.2 million to set up a national Computer Emergency Response Team (CERT NZ). The agency has just released its first quarterly report, which has highlighted the enormity of the cyber threat problem.
What the first quarterly CERT NZ report tells us
In the first CERT NZ Quarterly Report, between 11 April and 30 June 2017, there were 364 incidents reported, of which 70 were referred to the New Zealand Police. The impacts on the local economy are being felt by many businesses. The report found that there were direct financial losses of over $730,000 caused by cyber-crime. It is also widely accepted that the majority of cyber-attacks go unreported.
A significant issue highlighted by the report is that 33.6 per cent of the incidents reported related to phishing. This is a global trend as one of the easiest routes for hackers is through e-mails. This means if your staff aren’t vigilant and don’t know what a phishing email might look like, your business and its operating systems are at real risk. Microsoft have put together a quick guide on how to recognise a phishing e-mail.
Employees are your first line of defence
How can you educate your staff to prevent your systems from being breached?
- Ensure passwords are updated frequently – A crucial step is to update passwords regularly. Every 2 months is a good benchmark. It’s also important to ensure passwords are strong and unique. For example, if your password is as simple as “ABCDE” or the standard “Password” it amazingly takes a hacker around 0.29 milliseconds to uncover it. A good tip is to see how good your current password is using free online tools such as this one from Better Buys.
- Regular back-ups – In larger organisations, this will be something the IT department carries out. For smaller businesses or sole traders, you may have to do this yourself. While back-ups in the cloud are great, it also pays to back up key documents on removable hard-drives. After all, if your passwords are compromised it is likely hackers will get into your cloud back-ups too.
- Remind staff not to ignore system updates – Make it your company policy that however inconvenient it might be, when operating system updates appear, install them straight away. The major software companies such as Microsoft are doing what they can to send patches to fix the weak points in their systems that cyber criminals are exploiting. So if you keep your systems up to date, you are at least making it harder for criminals.
- Educate staff to be careful of suspicious links – If your staff receive an e-mail or link they were not expecting, then they need to be vigilant and report it, rather than click on it. However, this can be hard to spot which is why they need help and guidance.
- Support staff with regular training – There is a great deal of confusion around what is a system threat and what isn’t. A simple yet efficient option, training can even be done annually online through solutions such as Safetrac. This will help your staff to keep your systems safe particularly from threats such as scams and phishing.
- Share stories of cyber-attacks – If you have a company newsletter or briefings then have an item which shares a recent incident you’ve had or one that has been in the press. This helps to keep it top of mind for everyone and reinforce what your staff need to be on the look-out for.
MinterEllisonRuddWatts Partner and co-author of Safetrac’s online course Richard Wells notes:
“Cybercrime is on the increase and our recent research shows that many New Zealand businesses could prepare better to address this threat.”
With cyber-attacks growing every day, businesses cannot afford to ignore such issues.
Learn more about protecting yourself from cyber threats by downloading MinterEllisonRuddWatts’ Cyber Security Toolkit.