While the COVID-19 pandemic has accelerated technology adoption, it has simultaneously exposed many businesses to cyber security vulnerabilities and incidents.

Phishing and payment redirection scams are common attacks by cybercriminals. These are high impact attacks that have accounted for significant financial losses for many businesses across New Zealand. According to the CERT NZ Q1 Cyber Security Insights report, cyber attacks resulted in losses exceeding in $17m in 2021.

A cyber security incident that impacts a small business can be devastating. Luckily cyber security doesn’t need to be difficult and there are some simple measures that can be implemented to help avoid or reduce the impact on a business.

ScotPac’s IT expert, Michael Taylor, provides these 5 top tips all businesses should implement to help protect themselves and their business;

  1. Use Multi-Factor Authentication (MFA) wherever possible. MFA is an electronic authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, website or online account. MFA makes it much harder for attackers to steal your information by impersonating you. It’s way more secure than just a password that an attacker can guess.
  1. Use strong passwords, and never re-use passwords between different systems/websites. Even better, use a password manager Passwords provide the first line of defense against unauthorised access to your system and personal information. The stronger your password, the more protected you will be. If an attacker gets your password to one system, they will often use it to guess your password to other systems. A password manager lets you lock all your passwords in a safe location so you don’t need to remember dozens of different passwords.
  1. Always confirm a request to change banking details via a phone call. Attackers will often impersonate companies you owe money to and send fake emails with incorrect banking details. Be wary of phone calls, SMS’ and emails that claim to be from a bank or other institution. Also be alert for payment redirection scams and ensure your customers and other businesses in your network are are applying the same vigilance. Monitor your accounts and check any request to update payment.
  1. Never open attachments or link in emails unless you know the sender and are expecting the email. About 80% of successful security attacks start with a phishing email. Never assume that an email from a known sender is safe; their emails may have been compromised by an attacker.
  1. Ensure ALL your staff are aware of all of the above. It only takes one click on a phishing email or one poor password to allow an attacker into your systems where they can steal information and money or hold your data to ransom. An educated workforce is your best defence against cyber attacks.

You can also find useful information and guides at the National Cyber Security Centre (NCSC) website.
CERT can also help keep you informed of current scams and statistics.