More
Blog_banner_ecommerce_4000px1000px_060921

How to keep your business cyber secure

Security may not be the most glamorous subject, and passwords can be frustrating, but taking your business’ cybersecurity seriously is more important than ever before. The world is more technologically dependent than ever before, and cyber threats are becoming more severe. According to a recent report by CERT NZ, businesses in New Zealand experienced a direct financial loss of nearly $4 million in Q2 2021, representing a 30% increase from the previous quarter.

A data breach can have a significant and lasting impact on a business’ reputation, leading to the loss of customers, sales and profits. Even if your business uses just basic technology, such as email or a website, it is vulnerable to cyberattacks.

Fortunately, most cyber security breaches can be prevented by implementing technology safeguards, establishing appropriate policies and properly educating your staff on cyber security awareness. We have put together a few strategies for technology, policy and people that you can begin implementing immediately to help mitigate the risk of cyberattacks on your business.

Technology

Hackers are becoming more skilled at finding loopholes in security systems to gain access to confidential and protected data, posing a significant cyber security threat to businesses of all types and sizes. Here are our top tips for keeping your technology safe, secure, and up-to-date:

1. Regularly back up your data. Archiving and backing up your business data properly and regularly ensures that you still have access to all of your information even if you face a cyberattack. You can use a removable storage device, like a hard drive, or sign up for a cloud-based system to keep your data stored in a safe and separate place.

2. Always update your operating system and apps when new versions become available. Updates aren’t just about adding new, fancy features. They also contain critical patches to security holes to help reduce your risk of cyber attacks, data loss and privacy breaches. Regularly check your devices to ensure they’re all up-to-date, or set your operating systems to install new updates automatically.

3. Limit user access rights. The principle of least privilege involves limiting and restricting user access for accounts, users, and processes to only what is required for a person to perform their job. Consider limiting your user access rights to minimise the potential misuse of information or data and restrict the number of things an attacker can do if a user’s account does become compromised.

4. Schedule antivirus scans or install antivirus software to run natively on your work devices. Performing antivirus scans or installing antivirus software will detect and remove viruses and help secure your business’ data against all different types of attacks.

5. If you own or operate a website, make sure you have a security certificate or a SSL (Secure Sockets Layer) certificate. A SSL certificate is a digital file from a trusted third party that indicates that your website is secure and helps provide privacy, security and data protection to both you and your users’ personal information. You can obtain an SSL certificate online if you don’t already have one, but remember to take note of your certificate’s expiration date and preemptively renew it before it expires.

6. Get cyber insurance. Cyber insurance typically covers your business’ liability for a data breach of sensitive customer information, such as credit card details or personal health records. If your business relies on sensitive information, consider getting cyber insurance to help cover losses triggered by a cyberattack.

7. Conduct security audits on a regular basis. A security audit is an evaluation of your business’s systems and security practices. We recommend conducting your own internal security audit or calling on agency auditors or an independent security organisation at least once a year to help you assess your organisation’s systems and stay on top of the changing nature of security threats.

 

Policies

Cybersecurity policies are crucial for setting the standard of behaviour, ensuring employees understand how to maintain the security of data and applications at work, and maintaining the public image and credibility of your organisation. Here are some important considerations for creating, implementing and updating your organisation’s security policies:

1. Develop a comprehensive cybersecurity policy that you can audit against. Your cybersecurity policy should form the foundation of your organisation’s entire approach to security, listing all cybersecurity plans and procedures. Check out the CERT NZ website to learn more about creating and implementing internal and external cybersecurity policies.

2. Plan ahead for different scenarios and put an incident response plan in place. An incident response plan is a documented, step-by-step plan that helps your organisation navigate through different cybersecurity scenarios and minimise their impact. Learn more about developing an incident response plan here.

3. Ensure your security policies are accessible to everyone in your organisation. Even if you create strong security policies, they will be ineffective if employees don’t see them or don’t know where to find them. To prevent this from happening, distribute your policies effectively so that everyone in your organisation has a copy or knows where to find one.

4. Keep your policies up-to-date. Your security policy should be a living document that is constantly updated as things change or become irrelevant. Be sure to notify your staff of any changes to your policies.

 

People

It’s critical that your staff understand your organisation’s cybersecurity risks and how they can play a part in keeping your business safe. Here are some leading tips on how to educate your employees about the importance of cybersecurity:

1. Make security training accessible and engaging. Security awareness training is an effective way to reduce your business’s risk of a cybersecurity incident. There are plenty of security awareness training companies and online courses available that can teach your employees about how to avoid and protect against cybersecurity threats.

2. Encourage staff to lock their devices when stepping away from their desks or the office. This helps protect against unauthorised access to personal or confidential information.

3. Create a strong password policy for your business. Weak passwords are a company’s biggest vulnerability. Encourage your staff to set strong and unique passphrase combinations for each of their accounts – something that is at least 12 characters long and a mix of letters, numbers and symbols. Consider using a password manager like LastPass to help your employees remember their passwords.

4. Encourage employees to implement two-factor authentication (2FA) and single sign-on (SSO). Adding 2FA and SSO to accounts is an easy way to add another layer of security to important business information.

5. Educate employees about phishing attacks. Phishing attacks are becoming increasingly sophisticated. Make sure your employees understand the different techniques that hackers use so they know how to detect and avoid opening emails and clicking on attachments from suspicious senders.

6. Discourage staff from connecting their work devices to unsecured networks like free and public Wi-Fi. Using free public Wi-Fi comes with a number of serious security risks such as theft of passwords, data breaches, and cyber attacks. Ask your staff to refrain from using public Wi-Fi networks to reduce their personal and business risk of being hacked.

 

Being proactive about cybersecurity is the only way to reduce your risk of a cyber attack. Implementing these strategies can help reduce the risk of a security incident happening at your organisation. Stay cyber aware and keep your organisation safe.

Let’s talk

We can help ensure that your site is secure.