Addressing the weakest link in business cyber security
Software is one form of protection from business cyber attacks. But the weakest links are often business owners and employees.
Despite the constant threat of another global cyber-attack, 40 percent of New Zealand SMEs still have no virus protection installed on company smartphones or computers.
And while software is one form of protection, Spark’s cyber security team say the weakest links are often the business owners and employees themselves.
Spark’s Head of Security Josh Bahlman says there is a lack of education among SMEs when it comes to cyber security and this leaves business systems vulnerable to attacks.
“SMEs are time-strapped and looking for an easy ‘silver bullet’ solution, which security software companies will happily promise,” says Bahlman.
“But cyber criminals are smarter than that. They are constantly adapting and changing their tactics and if business personnel aren’t clued up, they are putting their networks at risk.”
The latest data from Spark Lab highlights this gap in cyber security education.
Concerningly, 82 percent of businesses have no concern that staff can connect to public wi-fi on business computers and 42 percent of businesses are allowing staff to download any software with no restrictions.
“Many business owners still haven’t clicked when it comes to personal responsibility for cyber security,” says Bahlman.
“As humans, we are the weakest links in the cyber security system. We aren’t programmed to always make the best decisions online – we click through to unfamiliar URLs, repeat familiar passwords and access unsecure WiFi when working remotely.”
The data comes from Spark Lab’s partner, Digital Journey. The information is pulled from the Digital Journey assessment tool, available through the Spark Lab website. The assessment tool has a total sample size of 7,000 NZ SME business people (SME defined as 0-100 FTEs) and is promoted by the Ministry of Business, Innovation and Employment.
Of further concern is that if (or when) something does go wrong, the survey shows 69 percent of Kiwi SMEs don’t have a crisis plan in place in the event of a cyber security incident.
“It’s a case of what you don’t know, can come back to hurt you and your business,” says Bahlman.
Spark Lab is helping SMEs educate themselves through online tools, resources and practical advice.
In the latest series of Spark Lab events open to Spark Business customers, Bahlman has been advising SMEs to work on getting the basics right.
“It’s not to say that security software and tools don’t work – they do. But only when the people in a business are actively engaged with security practices and procedures.”
So, what are the top tips for SMEs when it comes to cyber security?
• Use a passphrase instead of a password — and change it often.
• Use two-factor authentication (2FA) — where your phone is sent a code as part of the login process. An attacker might be able to learn your password, but with 2FA they also need your phone in order to receive the code and enter it.
• Be wary of phishing calls and emails — this is when an attacker will seek information from you or your staff, then use it to build credibility and gain more information.
• Always patch. Software providers release patches to strengthen your systems against attack. These are usually included in software updates, so when you’re prompted to run an update, don’t delay.
• Back everything up. If you do fall prey to an attack, having all your information securely backed up will ensure you’re back on your feet again sooner.
Other Articles
Antipodes takes out Wellington Exporter Of The Year
Kiwi start-up utilises home-grown legal marketplace
