Let's face it: running a small business in New Zealand is tough. You're juggling a million things at once, from sales and marketing to HR and finance. Cyber security might not be at the top of your to-do list, but the reality is, it should be. In fact, our recent research revealed that 73% of small businesses are concerned about cyber security, and one in four say they’ve been affected within the last two years.1
Cyber-attacks aren’t just for big corporations. Small businesses like accountants, architects, legal firms, creative and media services, IT service providers, specialist trades, medical practitioners and the like are increasingly becoming targets for cybercriminals. Should a cyber-attack happen to your business, there may be financial, operational reputational and legal consequences that arise and often these impacts are crippling. Customer or business data can be stolen, business operations disruption could incur significant loses in time and revenue and your business reputation could be adversely affected. These are just some of the impacts your business may face with the average cost of a cyber-attack being an eye-watering $159,0002 according to a survey. And the worst part? It can happen to anyone, no matter how small your business is.
Here are some tips for your small business to minimise the risk of being subject to a cyber-attack:
We suggest starting with the basics. Make sure your software is up-to-date. This includes your operating system, antivirus software, and any other applications you use. It might seem like a hassle, but these updates often patch security vulnerabilities.
This might sound obvious, but it's worth repeating. Always use strong, unique passwords for all your online accounts. A good rule of thumb is to aim for at least 12-16 characters, use a combination of upper and lowercase letters, numbers, and symbols is best and makes a password harder for perpetrators to crack. Please do not use generic passwords like ‘password123!’!
Wherever possible, enable MFA to add an extra layer of security beyond passwords. This significantly reduces the risk of unauthorised access to your accounts and sensitive data.
Regularly back up your important data. Store backups both on-site and off-site. This way, if your computer or system is compromised, you can recover your data.
Phishing scams are common. Be cautious of unexpected emails, especially those asking for personal information or requesting urgent action. If you're unsure, delete the email or contact the sender directly using a verified phone number or email address. Netsafe has a great guide on how to spot phishing scams.
Make sure your team know the basics of cyber security. Encourage them to be cautious online and report any suspicious activity.
To accept payments online securely, use secure payment gateways and encrypt sensitive data during transactions. Monitor transaction activity regularly for anomalies to detect potential threats early. We recommend speaking with your payment provider to determine the best solution for your needs.
The more users and devices you have on your network, the more opportunity there is for hackers to penetrate into it. Keep it secure by implementing firewalls, use VPNs for remote access, and keep devices updated with the latest security patches to protect your network and devices from cyber threats. If this is too technical for you, we recommend you consult with a professional.
Encrypt sensitive data both at rest and in transit. Implement strict access controls and conduct regular audits to ensure data protection practices are effective.
Educate your team about ransomware and its risks. Implement measures such as robust backup solutions, employee training on spotting suspicious attachments, and having a response plan in place in case of an attack.
Thinking ahead
Our Cyber Insurance can help your business with costs associated with responding to, and recovering from, a cyber-attack or incident, including ransomware, business email compromise, phishing and AI-assisted scams. Should something happen, we’ll help you address the financial, operational, reputational, and legal consequences of a cyber-attack to get your business back to normal as fast as possible. With your policy, if you provide your URL you’ll receive a free Cyber Vulnerability Assessment from UpGuard to discover your digital vulnerabilities. Get a quote online in minutes.
Consider hiring a cyber security consultant to assess your business and provide recommendations tailored to your specific needs.
Keep up-to-date with the latest cyber threats by following reputable news sources and industry blogs. Great sources of information include CERT NZ, Own Your Online, Business.govt.nz, and Netsafe.
Remember, cyber security is an ongoing process for you and your small business, not a one-time fix. By taking small steps and being vigilant, you can significantly reduce your risk of a cyber-attack.
1 Quarter One Cyber Security Insights 2024
2 2021 HP New Zealand IT Security Survey
This article is intended to provide general information only, and should not be substituted for any legal, financial, or other professional advice. The information in this article is generally sourced from third-party websites and IAG New Zealand Limited does not guarantee or accept any liability for the accuracy of that information. Any references to third party websites in this article are not intended to constitute a recommendation or any endorsement by IAG New Zealand Limited.
