New Zealand has embraced digital technologies faster than many other countries. We’ve raced into the Cloud, and per capita we are one of the highest users of Microsoft Office 365 and Google Suite. But our security has not adapted to this modern environment at the same rate.
The way we do business has changed dramatically. We moved online, started sharing our lives on Social Media, putting our critical business data in the Cloud and began working from our cars, homes and hotels. The Modern Workplace provides us with new ways of working.
But at the same time, it has introduced new risks. Just as cyberspace has no borders, neither does cybercrime. Cyber-attacks are on the rise and New Zealand businesses are a prime target. In 2017 New Zealand lost an estimated NZD$177 million to cybercrime. The cybersecurity arms race is on – basic threat protection measures such as antivirus and firewall no longer provide sufficient protection.
Cybercriminals have a range of approaches as well as an agile and growing tool set. The potential rewards are huge, and the risk is relatively small.
These cyber threats are not new, but they are becoming more frequent. Like Health and Safety, Cybersecurity is a very real risk and has the potential to affect the viability of your business and the livelihood of your staff. We need to raise the level of the cybersecurity conversation, not just with our users and IT support teams, but with executives and boards.
We recommend focusing on three key areas to help keep your systems safe:
People are your first and last line of defence. All the security technologies and processes in the world can be brought down by a single well-meaning employee in a careless moment. Human error has become a major weak point; one that is easily exploited by cyber criminals. It is vital that businesses have some form of cyber security training in place to educate their employees on the importance of protecting sensitive information and what malicious threats to look out for.
Are your internal business processes secure, how do you verify supplier requests for a change to their bank account details? If a request was made to transfer money overseas; how is that request verified? It is key to ensure you have in place processes that are detailed, known and well understood.
No tool by itself can effectively secure your data. Manage your people and technology with multiple layers of protection such as firewalls, anti-virus protection and mobile device management.
Security is not something that can be achieved in isolation using bigger firewalls. Cyber Security needs a holistic companywide approach.
• Work with your staff to ensure they take the appropriate precautions when working with your systems.
• Implement processes that help to identify unauthorised or unusual behaviour.
• Invest in technologies that improve security standards to automatically block hackers or unsafe files from your networks.
• Conduct ongoing security awareness training; analysing previous attacks and how these examples can be used to increase your safety.
To feel confident in today’s threat landscape, you need a multi-faceted approach that also includes a security framework, staff training, data protection and more. You can only adequately address cyber risks by increasing security awareness across your entire business.