Managing cyber risks key for SMEs

The Insurance Council of NZ is reminding business owners to take a look at their cyber security this Cyber Smart Week.

“Managing cyber risks is key for small-medium enterprises hoping to succeed in a modern, digital world,” says Insurance Council Chief Executive, Tim Grafton.
“There has been a very large increase in incidents reported to CERT,” said Grafton, “and it drives home just how important it is for businesses to have the right cyber security in place and plan for how they’ll manage their risks if something goes wrong.”

According to CERT NZ’s second 2018 quarterly report, cyber incident reporting by organisations has increased 143% since Q1 2018. In that period, 507 cyber incidents were reported by organisations. Direct financial losses from all cyber incidents for the period were $2.2 million.

“It’s important to remember that this is just what CERT is aware of,” says Grafton. “$2.2 million is probably a conservative number; there will be many people who don’t report cyber incidents to CERT or may not realise they suffered a cyber attack.”
“In an increasingly digital world, the likelihood is these attacks will continue and small businesses are vulnerable because they’re less well resourced than their large counterparts.”

ICNZ recommends SMEs do 8 things to help manage their cyber risks:
1. Make sure all employees regularly update their passwords and don’t write them down anywhere or use passwords they’ve used for other services. Where you have default passwords in use for admin tools, these should be changed. If you can, enable two factor authentication on website or system logins.
2. Buy and install good quality anti-virus and anti-malware software – don’t just rely on what comes default with your system. Make sure you protect tablets, cellphones and any other devices you can that connect to the internet.
3. Change your office WiFi password regularly and don’t leave printed copies of it lying around. Access to your WiFi could open up access to your files and systems if someone dishonest got in.
4. Don’t connect company devices to open or free WiFi networks or install and use unauthenticated apps. These networks allow anyone connected to them to see other connected devices and could make your device a target for hackers.
5. Make sure employees only download apps from the Google Play or Apple stores if they’re conducting any work on their devices. Unauthenticated apps could contain security vulnerabilities.
6. Keep your software up to date. Vulnerabilities in unpatched software make for easy entry for hackers.
7. Set up logs to detect unusual activity and verify any strange business requests you get by phone if you’re unsure of them.
8. Get cyber insurance – cyber insurance covers you for cyber attacks and helps your business get back on its feet faster. With $2.2 million in direct financial losses from cyber attacks last year, it makes sense to protect yourself.