For small business owners, the risk of cyberattack is snowballing. Last year cyberattacks increased by more than 42% in New Zealand. You ignore the risk at your peril. Even if you’re not a confident technology user, you can help reduce your risk with a few practical steps and the right support.
First, identify your digital assets and keep them backed up
When considering cyber risk, it’s important to know what’s at stake. You can start by identifying what digital assets you have. This includes transaction and systems data. Importantly, you have an obligation to protect information about customers in line with the NZ Privacy Act (2020).
Backing up your data is essential. Fortunately, you can set your systems to back up automatically and choose the timing that ensures you capture critical changes. For some businesses, this may be a few times a day. Others may do it every day or even every couple of days.
Of course, you need to store your backups in a separate location or server from your usual one. For small businesses, storing things in the 'cloud' may be a practical option. Programmes such as Microsoft Outlook, Google Workspace, Xero, and many others give you this option.
Train staff and empower them to take extra care
Like good health and safety practices, cyber-resilience only happens when the whole team is on board. Building a culture of cybersecurity means training your people and making sure they're confident to speak up if they're worried.
Up to 90 per cent of successful data attacks start when someone is tricked into passing on information, called a 'phishing' attack. When something looks unusual, then checking through another channel matters. Staff should be ready to make extra manual checks, such as calling a client to verify a surprise request.
Create a plan to address incidents
A plan can give you peace of mind and help you rest easier. Every business owner needs that!
Taking time to write down how you'll respond to any incident means you'll be able to move faster and more deliberately if you face a crisis. A good incident plan should be short, clear and specific so that everyone knows who does what. It should also be on paper and kept where people can find it easily - not on your computer!
You may need additional plans to match the complexity of your business systems. If you have an IT provider, they'll be able to offer you some guidance. Don’t forget to plan how you’ll communicate any incidents with staff and customers.
Keep your software up to date
Maintaining the current versions of your software helps with security. Software updates often fix weak spots or ‘vulnerabilities’ in different programmes. It’s worth keeping up with the latest versions. Staff using their own devices should do the same, including for apps on their phones.
If you have an IT provider, find out how they’ll keep your software current and manage any testing before it’s rolled out.
Double your security with two-factor authentication and encryption
You can double your protection with two-factor authentication — ‘2FA' for short. This requires people to have two lots of 'credentials' to log into anything. For example, 2FA means a user would need more than just their password to log in to your accounting system; they must also check a text sent to their phone.
Most leading software allows two-factor authentication. It’s a good idea to create a policy that makes it mandatory for all software your company uses.
Encryption is another feature you can use routinely. It secures information as it’s transferred across the internet. Similarly, using a ‘Virtual Private Network’ – VPN means you’re securing entry and exit points to your system. An IT provider can help you put these in place.
Get expert help and consider insurance
In the same way that your business can benefit from a Mentor's experience, your cyber-resilience can be strengthened with expert help. An IT provider should show you how to make the most of your resources to protect yourself.
Most general insurers now offer plans for cyber risk. Your insurer should be able to help you find a policy that fits your needs.
Finally, New Zealand has several agencies set up to protect us against cybercrime. They collaborate to make sure you find the help you need. Each one has plenty of useful resources.
As your business grows, so will your digital assets. That means you'll need to take further steps to protect your business. A Business Mentor can help you navigate the growing complexity of business and allow you to benefit from their experience. To find out more, visit www.businessmentors.org.nz today.