OPINION: South Canterbury Chamber of Commerce chief executive Wendy Smith
Cyber attacks are becoming more frequent, and they can affect anyone.
It’s not just large organisations or businesses that are affected – small businesses and everyday New Zealanders are at risk, too.
Many of the attacks aren’t targeting anyone specifically but are looking for easy ways to get money or information.
The South Canterbury Chamber of Commerce is a proud partner of Cyber Smart Week that ran from October 14-18, driven by the New Zealand Government.
The week was intended to raise awareness of the risks of cyber attacks and to help people and organisations improve their cyber security.
Most of us think a cyber attack won’t happen to us, but sadly this is not the case. This year Cert NZ has provided a wide range of information to help people and businesses stay safe and protected, recommending four simple security measures that will safeguard against common attacks.
The chamber has actively promoted Cyber Smart Week and ran a free cyber security workshop with Shaun Fisher, from Reliance Networks, and Dale Rhodes, from Crombie Lockwood.
The training covered what a cyber attack actually is, how to protect your business and how to minimise the impact.
Examples of recent attacks include an Air New Zealand air points data breach, which affected potentially 100,000 members, and PHO Tu Ora Compass Health, which was hacked again in August this year, and up to 1million patients’ data were accessed.
Cert NZ estimates financial losses of about $14.1million to businesses in New Zealand in the 2018 year.
Cyber attacks are ranked as one of the top risks to businesses from an information protection perspective, a financial perspective and reputational risk. So now is the time to take action.
Go to Cert NZ for advice and follow the steps that they recommend for your business and for yourself.
Common threats include business email compromise, phishing scams including spear phishing and whaling, credential dumps, insider threats, ransomware and data breach among others.
Given that the impact of a cyber-attack can be life-changing, it’s certainly worth setting aside a bit of time to get the basic safeguards in place and to review your options for cyber insurance.
Policies will generally respond to both your own losses and your liability to others as a result of a breach in your network security.
These are Cert NZ’s recommendations:
USE A PASSWORD MANAGER
It’s really important that each of your online accounts has a different password. Although remembering unique passwords sounds like a challenge, the easiest way to both remember them, and secure them safely, is to use a password manager. This is like an online safe that stores and manages your passwords for you and keeps them safe, using strong encryption. You only have to remember the one strong password for your password manager.
TURN ON TWO-FACTOR AUTHENTICATION
Adding two-factor authentication (2FA) to your log-in is a simple way to add an extra layer of security to your accounts. It’s an easy extra step after you log in, like entering a code from an app on your phone. Take some time this week to enable 2FA on your apps and accounts.
UPDATE YOUR DEVICES
When you’re alerted to an update for your device, don’t ignore it – install it as soon as possible.
As well as adding new features, updates fix any issues or weaknesses that have been found.
Updating software prevents attackers from using these vulnerabilities to gain access to your information.
CHECK YOUR PRIVACY.
It’s important to know how much of your information you’re sharing, and who you’re sharing it with. We’re so used to sharing things online that we don’t always think about how it affects our privacy.
But the information you share can enable attackers to access your data or steal your identity.
Check that any requests for personal information are legitimate before you share your details.
If you’re not sure, don’t give the information.
Finally, if a cyber attack does occur then report it to Cert NZ.
Cert NZ (Computer Emergency Response Team) is a government agency that helps New Zealanders identify cyber security issues and guides them in resolving them.