How to enhance your small business’s cybersecurity and data protection regimen in 2025

Pictured above: George Moawad.

As authorities at home and abroad continue to enforce ever-more-stringent data protection regulations and bad actors amp up their infiltration efforts, New Zealand enterprises need to be laser focused on strengthening their defences.

Preparedness for adverse cyber events is fast moving to the forefront of conversation for New Zealand business owners and leaders. That’s hardly surprising, given attacks and data breaches continue to occur ever more frequently, within organisations of all stripes and sizes.

The National Cyber Security Centre (NCSC) responded to 1,905 incident reports[1] about individuals, businesses, and organisations between 1 July and 30 September 2024; a worrying 58 per cent increase on the previous quarter.

Unauthorised access incidents were up 80 per cent, while incidents of phishing and credential harvesting rose by 70 per cent, in what continues to be the most commonly reported category.

This upsurge in malicious activity is undoubtedly a consequence of our increasing collective reliance on digital tools and online services. These technologies and facilities generate enormous productivity and efficiency dividends for businesses and provide customers with flexibility and convenience. They do, however, also offer bad actors a wealth of opportunities to gain access to business critical high-tech infrastructure and a treasure trove of sensitive business and customer data.

Small and medium sized businesses are squarely in their sights: they’re the target of nearly half of all cybercrimes in New Zealand, and one in three experienced at least one cyberattack in 2024[2]. And, in many instances, it’s cost them dear. The estimated cost of a data breach, for example, now sits at $173,000, a sum many SMEs may struggle to scrape together at short notice.

Getting serious about privacy and protection

It’s the NCSC’s position that businesses need to harden their defences against bad actors and ensure they have robust measures in place to protect their systems and data from unauthorised access and breaches.

Fair to say there’s plenty of scope for improvement.

NCSC Director Mission Enablement, Michael Jagusch, believes many SMEs are continuing to focus ‘on the ambulance at the bottom of the cliff rather than on building the fence at  the top’.

More than a third don’t do routine back-ups of their data and patching software is not a regular practice for many.

‘We really need businesses to have their defences up for the very first attack, rather than being better prepared for the second one,’ Jagusch wrote last year.

Strengthening defences across the enterprise

If you’re an SME owner or leader, it’s important to be aware that increased vigilance should be extended right across the enterprise to encompass the physical security solutions that are deployed to protect your business.

If you’re currently reliant on a melange of older, standalone systems, it’s unlikely they’ll support cybersecurity and privacy best practices.

That’s where a unified security platform can help. The term is used to refer to a centralised solution that collects data from multiple security systems and synthesises it into a single-source-of-truth.

Most come equipped with robust data protection features to help organisations safeguard sensitive information and personal data – think encryption, role-based access controls and automated security updates.

Leveraging this technology enables organisations to apply consistent security policies across the enterprise. It also simplifies compliance by automating key tasks and reducing the incidence of human error.

Setting your organisation up for a more secure future

Falling victim to a cyberattack or running afoul of local and international data protection regulations are things New Zealand businesses can ill afford to do. With bad actors amping up their attacks and regulatory bodies increasingly adopting an enforcement posture, compliance needs to be a pressing priority.

So does the deployment of tools and technologies that make it tougher for careless and malicious actors to gain access to company systems and databases and the sensitive personal data they contain.

Implementing a unified security platform is a straightforward way to centralise controls and reducing the risk of compliance gaps. Having one in place can enable your business to respond to potential risks in real time, not hours, days and weeks after the fact. If maintaining rigorous data and cyber protections is an organisational objective for 2025, it’s enabling technology that should sit at the heart of your SME’s ICT stack.

[1] https://www.cert.govt.nz/insights-and-research/quarterly-report/quarter-three-cyber-security-insights/a-closer-look-at-our-numbers-2/

[2] https://www.cert.govt.nz/news-and-events/businesses-in-aotearoa-need-to-prioritise-cyber-security/