A data breach involves any unauthorized access to confidential, sensitive, or protected information, and it can happen to anyone.
Internationally well known companies such as Apple, Meta, Twitter, and Samsung have all disclosed cybersecurity attacks this year.
In the most recent quarter, CERT NZ responded to 2,001 incident reports about individuals and businesses from all over New Zealand.
In New Zealand Phishing and credential harvesting remains the most reported incident category (from CertNZ).
This graph shows the breakdown by incident category for the past quarter in New Zealand.
Australian telecoms company Optus – which has 9.7 million subscribers, suffered a “massive” data breach this year. According to reports, names, dates of birth, phone numbers, and email addresses may have been exposed, while a group of customers may have also had their physical addresses and documents like driving licenses and passport numbers accessed.
IBM found the cost of a breach hit a record high this year, at nearly $4.4 million.
Data breaches happen mainly when hackers can exploit user behaviour or technology vulnerabilities.
The threat surface continues to grow exponentially. We are increasingly reliant on digital tools such as smartphones and laptops. With the Internet of Things (IoT), we’re adding even more endpoints that unauthorized users can access.
Popular methods for executing malicious data breaches include:
Here are some key tips for mitigating risks to your business. If you require help with these, please reach out.
Data breaches cause business downtime and can cost your reputation and bottom line. Once you’ve had a data breach and it has been made public, your customers may lose faith in your ability to protect their private information.
A managed services provider can install protection and take precautions against data breaches. Contact our team here to discuss this further.
If you own a business, it is important to have a cyber security policy. This is not only a guide and reference to be used internally with your employees, but also as a reference point to deal with any external data from customers.
Your Cyber Security policy should be thought of as a moving, changing entity that will need to be updated regularly to keep up with technological advancements, and any changes within your business.
Firstly no two cyber security policies will be the same. Your Cyber Security policy will be unique to your business, depending on your particular type of business, and what kind of data you deal with.
The first thing you need to do is to identify the particular risks for your business. If you are an accountant for example, your focus is on how you deal with customers’ personal information, bank details, IRD number etc.
Once you have worked to clarify your specific risks, you can then prepare for what to do if something goes wrong. Your IT Alliance member has knowledge of a wide variety of industries, and will be able to assist you to clarify what you need to be mindful of.
Having a clear plan in place, means that everyone in your organisation knows what to do, who is responsible for what, and what processes you have in place to mitigate the risks.
You will also need to create two cyber security policies. One, an internal one for employees, and the second one is a public one for customers.
The below information has been taken from the Cert nz website
This should cover how you handle data safely and securely — both your business’s data and your customers’. Think about:
It’s important to identify what systems you have, and which ones are critical to your work. Consider:
Security and protection
Security and protection covers how your staff and customers access your systems and data. It means thinking about:
People and users
You need to think about what you consider to be acceptable use of your business’s systems. How do you expect your staff and your customers to interact with them? Make sure you set expectations so they know:
Physical devices and systems
When you think about protecting your business’s devices and systems, make sure you cover both:
You can set rules around how your staff can protect their devices against theft by defining guidelines for their use. As an example, you could have all staff protect their devices by:
Problems and incidents
You’ll need to define what you and your team will do when things go wrong. This means creating an incident response plan to map out what you’ll do during, and after, a security incident. It can be a stressful time for both you and your staff, so it’s good to be prepared in advance.
We can help you in creating a Cyber Security policy for your business. Reach out to our team here to discuss this further.
What should I be doing to secure my business?
One of the first things about Security is realizing that security is much more than stopping people “hacking in”.
It is fundamental to any business to have a business continuity plan (BCP). If you plan for a power outage what happens? Your IT systems will be down.
Can I use the same plan if an outage occurs to my IT systems and it’s not a power problem?
Security is the foundation of resilience.
The hardest part about security is getting started. Often, it’s on the “to do list” until it’s too late.
Hopefully you have already talked to your IT Alliance partner and had the security business continuity conversation.
If not “What should I do first” is a common question? Rather than recommend one single thing, the answer should be – “Have a plan”
So, what does your plan need to cover?
Look at your plan as being a holistic business continuity plan, that is a living document. Continually revisit, update, fire drill, and improve.
Many of the incidents we see disrupt business are due to poor Cyber hygiene not some advanced nation state hack.
Do the following to enhance your security:
Can my staff trust that the Cyber workplace is as safe and secure as possible? If it is, you will see productivity and creativity flourish, staff retention rises as well as the ability to recruit new staff.
“She’ll be right” – Is not a plan! “No surprises” is a plan.
For further advice, contact your local IT Alliance member to discuss creating a plan for your business.
By Paul Caldwell – Microsoft Security BDM
Cyber Security is a very real issue for businesses in New Zealand these days. Here we look at Cyber Insurance, what it is, what the laws are, and why you need it.
Cyber attacks on businesses in New Zealand are increasing in both sophistication and frequency. High profile companies like Air New Zealand partner Travelex, Fisher & Paykel Appliances, Toll Group, Garmin, Canon, Honda, BlueScope Steel, Lion, transport giant Toll Group, Twitter, MetService and most recently even the NZX, are just some of the organisations to have been targeted by cyber criminals. However it is not just the big companies, many small businesses are also being targeted. It really is a matter of ‘when not if’.
Cyber insurance is designed to fill the gap that traditional insurance policies don’t cover, minimising the impact of cyber incidents by providing cover for your own loss and third party costs. It provides your business with a structured crisis response plan and assists with returning to ‘business as usual’.
General liability insurance covers bodily injuries and property damage resulting from your products, services or operations. Cyber insurance is often excluded from a general liability policy.
It pays to check your current policies and ask questions. You may find that your other business cover won’t respond to a cyber or data breach claim.
The new Privacy Act 2020 which came into effect on 1 December 2020 means that all businesses now have legal requirements surrounding
The new Act requires mandatory data breach reporting if it’s reasonable to believe that the breach would cause serious harm to an individual. For example: If you’re engaging with a service provider to hold your clients’ personal data, for example a cloud-based CRM system, you remain responsible for the security and use of that personal information. If a Cyber breach were to occur, you would be held liable.
Ensuring business continuity and safeguarding your business from Business Interruption will enable you to return to the same financial position you were in before a Cyber event.
The benefits of Cyber Insurance will depend on the type of policy you take out but can include:
– Access to a dedicated and experienced team of experts if an attack occurs
– Protection from loss where you are legally liable to others
– Cover for your financial loss if your business is interrupted due to a Cyber event.
Like most insurance, premiums vary by insurer, the type of cover selected and your risk profile. As an estimate a policy with $100,000 cover could cost as little as $600 per annum.
All businesses need a security plan to protect their business and they should consider a Cyber Insurance policy as an essential part of this plan.
CERT NZ has a number of useful and practical resources for businesses on keeping systems and data safe from cyber security attacks, including cyber security risk assessments for business, cyber security awareness for staff, phishing scams and your business and protecting your business online.
CERT NZ offers the following tips for simple, practical steps for businesses.
For more info and links click here:
Cyber Security is a very real issue facing business owners these days. If you would like to discuss your individual needs, we provide advice to business owners and security assessments to ensure that your business has the best protection.
Please feel free to reach out to us here.