How to keep your business cybersafe

Aaron Bugal provides four reminders that businesses should keep in mind to ensure their data is always secure and away from hackers.

In the latest cyber security incidents report (1 April – 30 June 2019), CERT NZ revealed a 21 percent increase in cyber attacks from quarter one. In total, 1,197 incidents were reported to CERT NZ from businesses and individuals across New Zealand, resulting in an estimated $6.5 million in direct financial losses.

Whilst not at an all-time high, cyber incidents in New Zealand are still on the rise, meaning organisations across the country need to be paying attention.

With scams and fraud, phishing and credential harvesting, and unauthorised access causing the highest incident rates, businesses must act to keep themselves protected. In addition to implementing tools for threat-protection and response, organisations must look to their employees as their first line of defence in today’s ever-growing threat landscape.

Here are four reminders businesses should keep in mind to ensure their data is always secure and away from hackers.

1. Educate employees. While cybersecurity solutions are designed to thwart attacks, employees should also play their part in minimising the risk of a data breach. Cybercriminals are becoming more sophisticated and innovative with their attack techniques, targeting specific people within departments; for example, disguising themselves as a potential business lead to the sales team or as the CFO to the finance team. Train and test your employees to be on the lookout for suspicious emails, ensuring they’re not clicking on any links they aren’t sure of.
2. Ensure all business-connected devices are updated. Yes, updates and patches can seem endless; but updates and patches should never be dismissed as a task for another day – make them a priority and install them as soon as possible. Updates fix issues and vulnerabilities that attackers could use to gain access to your system. By not updating devices, the door is left ajar for criminals to enter.
3. Implement best practice password controls. It’s no longer good enough to create one strong password and use it to access all accounts – each business login should be matched with a different password. Organisations must educate staff on basic password hygiene, for example using different and complex passwords, including a combination of words, numbers and symbols. Hygiene also includes not writing passwords down and instead installing a password manager, to help remember all of the different combinations alongside multi-factor authentication for added security.
4. Keep up to date with the latest security news. Make sure that as an organisation, you’re across the latest attacks and techniques hackers are using. For example, the latest CERT NZ report notes a 150 percent increase in suspicious network traffic incidents and 48 percent increase in scam and fraud reports from quarter one. By understanding what your peers are facing, you will be best placed to protect your own organisation.  

When it comes to cybersecurity, it’s important that organisations are proactive and don’t assume they’re “too small” to be the target of a cyber attack. The only way to stay safe is by developing an in-depth cybersecurity strategy that is regularly reviewed and updated, which puts employees at its core.

These four steps will put businesses on the right path and, in addition to the right technology partnerships, will help drive a more secure culture across New Zealand.

Aaron Bugal (pictured) is the global solutions engineer at global cybersecurity provider Sophos ANZ.