Why do you need to create a Cyber Security policy for your business?

If you own a business, it is important to have a cyber security policy.  This is not only a guide and reference to be used internally with your employees, but also as a reference point to deal with any external data from customers. 

Your Cyber Security policy should be thought of as a moving, changing entity that will need to be updated regularly to keep up with technological advancements, and any changes within your business. 

What does your Cyber Security policy need to cover?

Firstly no two cyber security policies will be the same. Your Cyber Security policy will be unique to your business, depending on your particular type of business, and what kind of data you deal with. 

The first thing you need to do is to identify the particular risks for your business. If you are an accountant for example, your focus is on how you deal with customers’ personal information, bank details, IRD number etc. 

Once you have worked to clarify your specific risks, you can then prepare for what to do if something goes wrong. Your IT Alliance member has knowledge of a wide variety of industries, and will be able to assist you to clarify what you need to be mindful of. 

Having a clear plan in place, means that everyone in your organisation knows what to do, who is responsible for what, and what processes you have in place to mitigate the risks.  

You will also need to create two cyber security policies. One, an internal one for employees, and the second one is a public one for customers. 

What needs to be included in the Policy?

The below information has been taken from the Cert nz website

Cert NZ suggests that you break your internal policy down into different areas.

Data

This should cover how you handle data safely and securely — both your business’s data and your customers’. Think about:

• how much to collect
• where you’ll store it (locally or in the cloud)
• how to protect it, for example keeping data at-rest (when stored) and in-transit (when communicating) encrypted
• how often you’ll back it up, and who’s responsible for doing backups.

Systems

It’s important to identify what systems you have, and which ones are critical to your work. Consider:

• setting some rules around updating, or patching, your systems — how to make sure they’re done regularly and who’s responsible for making sure it happens
• what systems your staff can use, including any cloud applications or software running inside your business’s network
• how much access your staff need to your systems. You should make sure your staff only have the minimum level of access in each system they need to do their job. This is what’s called the ‘principle of least privilege’.

Security and protection

Security and protection covers how your staff and customers access your systems and data. It means thinking about:

• how they can access your systems. For example, your staff may want to work remotely. They should do this by using secure tools, like VPN with 2FA.
• how they authenticate themselves on your system. This includes your password policy and use of two-factor authentication
• what devices your staff can use at work. This covers whether staff can use personal devices for work, or if you’ll provide devices to them.

People and users

You need to think about what you consider to be acceptable use of your business’s systems. How do you expect your staff and your customers to interact with them? Make sure you set expectations so they know:

• what their responsibilities are
• what kind of things they should report to you
• how you expect them to take ownership of their accounts and their devices.

Physical devices and systems

When you think about protecting your business’s devices and systems, make sure you cover both:

• protection against loss — if something is stolen, and
• protection against the environment — for example, if your business is flooded during a storm and your devices are water damaged.

You can set rules around how your staff can protect their devices against theft by defining guidelines for their use. As an example, you could have all staff protect their devices by:

• having strong passwords on them
• using device encryption
• setting rules for them about use outside the office.

Problems and incidents

You’ll need to define what you and your team will do when things go wrong. This means creating an incident response plan to map out what you’ll do during, and after, a security incident. It can be a stressful time for both you and your staff, so it’s good to be prepared in advance.

What next?

We can help you in creating a Cyber Security policy for your business. Reach out to our team here to discuss this further.

Cyber Security is a very real issue for businesses in New Zealand these days. Here we look at Cyber Insurance, what it is, what the laws are, and why you need it.

Why do you need Cyber Insurance?

Cyber attacks on businesses in New Zealand are increasing in both sophistication and frequency. High profile companies like Air New Zealand partner Travelex, Fisher & Paykel Appliances, Toll Group, Garmin, Canon, Honda, BlueScope Steel, Lion, transport giant Toll Group, Twitter, MetService and most recently even the NZX, are just some of the organisations to have been targeted by cyber criminals. However it is not just the big companies, many small businesses are also being targeted. It really is a matter of ‘when not if’.

What is Cyber insurance?

Cyber insurance is designed to fill the gap that traditional insurance policies don’t cover, minimising the impact of cyber incidents by providing cover for your own loss and third party costs. It provides your business with a structured crisis response plan and assists with returning to ‘business as usual’.

1. Won’t my general liability policy cover cyber liability?

General liability insurance covers bodily injuries and property damage resulting from your products, services or operations. Cyber insurance is often excluded from a general liability policy.

It pays to check your current policies and ask questions. You may find that your other business cover won’t respond to a cyber or data breach claim.

2. The law has changed

The new Privacy Act 2020 which came into effect on 1 December 2020 means that all businesses now have legal requirements surrounding

The new Act requires mandatory data breach reporting if it’s reasonable to believe that the breach would cause serious harm to an individual. For example: If you’re engaging with a service provider to hold your clients’ personal data, for example a cloud-based CRM system, you remain responsible for the security and use of that personal information. If a Cyber breach were to occur, you would be held liable.

What does Cyber Insurance cover?

Ensuring business continuity and safeguarding your business from Business Interruption will enable you to return to the same financial position you were in before a Cyber event.

The benefits of Cyber Insurance will depend on the type of policy you take out but can include:
– Access to a dedicated and experienced team of experts if an attack occurs
– Protection from loss where you are legally liable to others
– Cover for your financial loss if your business is interrupted due to a Cyber event.

Things to look out for in your Cyber Insurance policy:

• Business Interruption: Look for a policy that covers the costs of any business interruption as you can lose time and money trying to get your business back up and running after a cyber attack.
• Hacker Theft Cover: A plan that covers compensation for loss incurred, including theft or destruction of stored data, hardware, or cyber extortion from employees.
• Restoration costs: Compensation for expenses incurred to research, replace, restore, or recollect digital assets during the period of restoration.
• Public Relations: Reimbursement for any costs involved with public relations.
• Network Extortion: Indemnity for the amount paid to avoid, defend, preclude or resolve a network extortion attempt
• Data Forensic Expenses: Costs incurred to investigate, examine and analyse a computer network
• Third-Party Liability: Indemnity for the sums claimed and incurred defending claims in relation to alleged privacy breaches, network security wrongful acts or media and social media wrongful acts.

What is the likely cost of Cyber Insurance?

Like most insurance, premiums vary by insurer, the type of cover selected and your risk profile. As an estimate a policy with $100,000 cover could cost as little as $600 per annum.

All businesses need a security plan to protect their business and they should consider a Cyber Insurance policy as an essential part of this plan.

Top tips to avoid cyber security threats:

CERT NZ has a number of useful and practical resources for businesses on keeping systems and data safe from cyber security attacks, including cyber security risk assessments for business, cyber security awareness for staff, phishing scams and your business and protecting your business online.

CERT NZ offers the following tips for simple, practical steps for businesses.

1. Install software updates
2. Implement two-factor authentication (2FA)
3. Back up your data
4. Set up logs
5. Create a plan for when things go wrong
6. Update your default credentials
7. Choose the right cloud services for your business
8. Only collect the data you really need
9. Secure your devices
10. Secure your network
11. Manually check financial details

For more info and links click here:

Cyber Security is a very real issue facing business owners these days. If you would like to discuss your individual needs, we provide advice to business owners and security assessments to ensure that your business has the best protection.

Please feel free to reach out to us here.

A cheat sheet to help you make the most of your subscription

Written by: Peter Marshall, Voicecom Technologies

If you have Microsoft 365 for business, we want to make sure you’re making the most of it. You’re already paying for the subscription so why not take advantage of a whole suite of integrated applications that can streamline your workflows?

While remote work has been a key driver for Otago businesses to adapt the way they work and assess the systems they use, along the way they’ve realised that these apps not only offer remote capabilities but also the opportunity to integrate apps and business processes to allow them to better serve customers, streamline work, and improve employee productivity.

Four apps you’re paying for but missing out on

Microsoft SharePoint – SharePoint can seem overly complicated because it can offer so much. But it doesn’t need to be so scary. You can start small and use more functionality as needed or as you grow. Basically, it’s a platform that offers content management and collaboration. It helps with reducing duplicate files, gives you remote access (needed more than ever!) and allows you to work on the same document at the same time. Find out more about SharePoint here.

Microsoft Power Automate – Microsoft Power Automate allows you to automate workflows across applications. You can use it to connect email and instant message alerts, synchronise files between applications, copy files from one service to another, collect data from one app and store it in another, and much more. Templates are available to get you started. Efficiency is key for sustained success across businesses and Power Automate assists this by simplifying workflows with the automation of repetitive tasks.

Microsoft Forms – Forms allows you to create shareable surveys, quizzes, and polls in just minutes. You can then invite others to respond to it using almost any web browser or mobile device, see real-time results as they’re submitted, use built-in analytics to evaluate responses, and export results to Excel for analysis.

Microsoft Planner – A simple, visual, task management app that helps remove chaos from the team collaboration environment. You can create multiple task lists associated with different projects or set up daily to-do checklists.

Other apps to take advantage of.

Microsoft Teams – a chat-based workspace that integrates people, content, and tools into a single platform. Find out more about Teams here: https://ita.co.nz/microsoft-teams-more-just-video-conferencing

Microsoft OneDrive – OneDrive is essentially an online folder system for file storage. Similar to SharePoint however SharePoint offers much more in the way of collaboration. You might use OneDrive to save your personal drafts and then move them to SharePoint when you’re ready for collaboration.

Microsoft Lists – Helps you track information, organise your work and easily share with others. Lists are simple, smart, and flexible, so you can stay on top of what matters most to your team. Track issues, assets, routines, contacts, inventory and more.

Microsoft Stream – Your central destination for your business video content. It’s like an internal, secure YouTube for your business. This is the perfect place to keep things like training videos or marketing content for staff to easily access.

Microsoft Sway – Sway is a cloud only story-telling application similar to PowerPoint but provides more narrative options than a slide show.

Microsoft Whiteboard – A digital version of the traditional whiteboard that allows collaboration and brainstorming with your team in an interactive and engaging manner.

Microsoft MyAnalytics – Uses your data to provide insights into two of the key factors in your personal productivity: how you spend your time and who you spend it with. MyAnalytics takes a look at your everyday work patterns, finds areas that could benefit from your attention, and provides you with the tools to achieve more thoughtful use of your time.

Microsoft Power Apps – If your business needs a specific app to do a specific job, this is what PowerApps can do. Using simplified development techniques and with the help of your IT expert, you can create sophisticated applications using features, procedures, and processes found in Microsoft 365.

If you want to find out more about how any of these Microsoft 365 applications can benefit your business, contact us today on +64 3 443 5499. If you’d like to visit or email us, you can find our details here.

How a proactive approach can save you money and mitigate risk
Written by: Phil Strang – Technology Partners

Do you find yourself so caught up in other areas of your business that you tend to only manage your IT when things go wrong or it becomes an absolute must?

This is called reactive IT Management. With it, brings a mountain of stress, disruption and blown budgets.

A proactive approach to IT management doesn’t have to be difficult or expensive. In fact, it can save you money and keep you focused on doing what you do best.

This is where a Managed Service Provider steps in. They’re not just the guy you call in for computer repair, they’re essentially an extension of your team. An MSP is there to support you and ensure the IT side of your business is efficient, cost-effective and low-risk. Let’s look at some of the benefits of proactive IT management and why businesses in Otago might want to move away from a more reactive response.

Preventing blown budgets

Large, unexpected IT bills can often be avoided with a good plan in place. A Managed Service Provider can help prevent the unnecessary cost of fixing things by implementing a plan with regular, scheduled maintenance. Additionally, they can give you the tools to effectively manage your IT life cycle, forecasting hardware and software upgrades. With a fully prepared life cycle, IT budgets can be planned in detail for years to come. Everything from printers to operating systems can be prepared on a tightly controlled schedule. Adopting an IT life cycle is a great way to eliminate unwanted surprises and make the most out of your IT budget.

Productivity / Minimal disruption

There’s nothing worse than when you get halfway through the day and you realise you’ve spent most of it troubleshooting or dealing with an IT issue. Can you imagine how frightening the numbers would be if you calculated the total number of hours lost due to IT-related disruption? A Managed Service Provider’s core purpose is to lessen this disruption and would likely pay for themselves rapidly. An MSP often does routine maintenance outside of hours so when you log in the next morning, you’re good to go! They’re your Clark Kent, unobtrusively making things happen in the background and quickly embracing their capes should anything big arise.

Knowing your business

Something stops working at the worst of times and you find yourself giving an IT technician your full operational history to help you both connect the dots of where things went wrong. Sound familiar? The great thing about an MSP is that they get to know your business, and more importantly, have a detailed documentation process. The team will get to know your business and you’ll often be dealing with the same technicians who know you and your systems. Having an intimate knowledge of your site’s configuration and a detailed service history means they’ll spend less time troubleshooting and more time working on the job. Familiarity when working regularly on a system means clients are not paying for a technician to relearn the basics for each job or call out. As an added bonus, when you partner with an MSP, the charge is often much less than the hourly rate of one-off call outs.

A practical and trusted approach to technology

In the technology space, there are changes and updates left, right and centre, often leaving you overwhelmed. This leads to you either falling behind with your IT services or purchasing things your business may not need. A Managed Service Provider is across all things IT, so you don’t have to be. You have the option to meet on a regular basis to discuss and review appropriate changes or updates that should be considered to your IT infrastructure. They know what’s happening in the industry and can guide you according to your specific needs. They’re not about telling you that all your computers need to be updated with the highest spec and most expensive models. In fact, an MSP will get to know how you operate with an audit and provide you with a plan on where you can best spend and save money. They’re about plans with priorities and delivering a solution according to budget.

If you’d like to find out more about how a Managed Service Provider can help you move from reactive to proactive IT management, contact us today on +64 3 443 5499. If you’d like to visit or email us, you can find our details here.

Big-business quality IT for SME’s
By Delia Gill

The IT Alliance are a group of nationwide partners that banded together to offer businesses high-quality, flexible support with a local touch. They are small enough to feel part of your team but backed by a bigger organisation and network of support. It doesn’t matter if you’re located in Otago or on the road across the country, they have the infrastructure set up to ensure you’re covered with all things IT.

Your Local Partner

How great is it that technology allows us to remote in and help clients at the drop of a hat? Although remote support is an excellent tool, sometimes an on-site visit is what you need. After all, it might be a little too much to expect Frank from accounts to troubleshoot why his keyboard isn’t connecting to his docking station, which isn’t connecting to his laptop, which is only connecting to one of his two screens, which seem be missing some cords?…you get the idea!

All of the partners in the IT Alliance pride themselves in providing, fast, high-quality local support. They’re focused on building long-lasting client relationships and working with you to ensure IT is strengthening your business, not obstructing it.

Nationwide Support

As a group of 12 independent IT companies across New Zealand, the IT Alliance work together as a group to deliver products, projects, training and support throughout New Zealand. Regular meetings during the month are held where specialist knowledge is shared among members and then passed onto clients from a local source.

Having partners that can reach the entire country means there are no limitations to servicing your business. Whether you’re travelling and need help, or have staff based around New Zealand, they can provide you with flexibility by supporting you no matter where you are.

Flexible and Responsive

The issue with partnering with a single, large IT company is that you can often get lost in the noise. Partnering with a member from the IT Alliance means you’re getting the benefits of small and local but also the access and knowledge of big and broad. Smaller and local offers agility, with the capability of changing and adopting new technologies at a faster pace, bypassing lengthy procedure. Additionally, you’re not paying a premium to support a single large organisation that has substantial overheads to cover.

Collaborative Knowledge

A collaborative approach is critical with the fast-paced nature of the IT space. The IT Alliance team are backed with a wealth of knowledge and varying specialties. This means they each bring something unique to the table and can share the most important information with each other rather than wading through the sea of updates and changes the industry consistently presents. The core purpose of the partners coming together frequently is to brainstorm, explore all points of view, share experiences, stretch perspectives and challenge the way things are down. All with the objective to ensure the best possible IT solutions are offered to their customers.

If you’d like to find out more about how the IT Alliance works or can help your business, contact us today on +64 3 443 5499. If you’d like to visit or email us, you can find our details here.