How to protect your business from Cyber attack

25 July 2016

Some recent surveys of business leaders, including the Executive Perspectives on Top Risk for 2016, by Protiviti, identify cyber threats as a top five core risk confronting businesses, but one that the 'human element' makes difficult to fix.

"Cyber security is no longer about nuisance viruses. It's a massive and sophisticated criminal economy," says Auckland information technology and cyber security consultant for Lume Ltd, Richard Cheeseman.

"While there are layers upon layers of security tools and processes available to protect an organisation, the biggest liability is people, particularly for small, medium and even mid-market companies that don't have dedicated IT departments and rigorous processes."

Types of cyber threats facing NZ businesses

Some of the more common threats facing SMEs and mid-market companies include identity theft and ransomware attacks that hold your data hostage in return for payment.

Ransomware is a type of malware that restricts access to your computer or computer network in some way, and then demands that you pay a ransom to have the malware restrictions removed.

"Half of respondents would rather have flights and accommodation for a mystery break (55%) or $1,000 gift card from their favourite store (54%) instead of a year’s worth of life and income protection insurance." - Therese Singleton

"Business that don't have dedicated IT teams, systems, processes and rules to protect against cyber attack, are made vulnerable when somebody clicks on something because they want free software, for example, a video viewer of Adobe Photoshop. Or perhaps they click on a news item on Facebook and go through to a site that is not what it purports to be.

"This can lead to malware attacks, viruses and toolbars that mine your information, including credit card numbers and passwords."

Using the same password creates vulnerabilities

Mr Cheeseman says another common mistake is to use the same password over and over again. If sophisticated criminal networks can access the password just once, it could potentially give them access to all your information, including bank accounts.

Six steps to help protect against cyber attack

He offers the following tips to help protect the business from cyber-attack:

  1. Educate your staff to increase awareness, knowledge and understanding of cyber security best practise, like using lots of different passwords;
  2. Talk to your insurance broker about what cyber cover can help protect your business;
  3. Implement good IT governance, including processes and rules about what staff can and cannot do. Clicking a news item on Facebook, for example, should not be allowed on work computers;
  4. Make sure that all your software systems – not just your virus protection – are kept updated and current;
  5. Back-up your IT systems. Make sure your back-up is not permanently connected to your computer or network;
  6. Avoid clicking on links. Hover over the link to reveal the URL address so you can be sure that it goes to where it says it does. Where possible, type in the URL address instead of following the link.

"Don't forget that this is a business for some people. Where they used to go out and rob a bank, they now visit the dark web for software that can mine your information or hold your computer hostage.

"Credit card numbers, email addresses and lists of passwords are just some of the commodities sold on the black market. It's as important to be as alert and vigilant about your cyber security as you are about your physical safety," Mr Cheeseman said.

Insurance protection from cyber threats

AMP's Head of General Insurance, Rob Dibley, said that insurance protection from cyber threats is a relatively new area for New Zealand.

"There are products you can buy, but it is important to know which is appropriate to your business. These products are designed to respond to loss of information, system damage, hacking, multimedia liability and extortion amongst other cover options.

"My advice is that you talk to an insurance Adviser about what product would be best for your business."

Mr Dibley said that AMP is looking into what it can provide in this space.

"It could be very much a product designed for SMEs in New Zealand; particularly locally operated companies with 20 staff or less," he said.

Get tailored insurance for your business

Contact your Adviser or make an enquiry now.

Enquire now

Important information

Show more

The content provided is intended to be used as information only and does not constitute financial advice. Before acting on any of the results provided, we recommend that you seek advice which takes your individual circumstances into account.