Looking to shape your Business and IT Strategy? You've come to the right place!

Home » IT Operational Processes » Keeping Safe Online

Keeping Safe Online

The media are constantly reminding us about data breaches occurring almost daily. These breaches put millions of people at risk, yet people are still making the same dumb mistakes on how they protect themselves online.

Cybersecurity should be a priority for Businesses, and the government.

Small businesses make up a large part of our economy here in NZ and according to the Ministry of Business:

Small businesses of less than 20 employees are an important part of the New Zealand economy. According to the latest data from Statistics New Zealand, they account for:

  • 97% (487,602) of all enterprises
  • 29% (599,880) of all employees
  • an estimated 26% of New Zealand’s Gross Domestic Product.

More often than not, businesses of all sizes and government agencies have begun to fall victim to cyberattacks and data breaches at an alarming rate, and whether you know it or not, this reality is putting the entire economy at risk. As large companies spend endless amounts of time and money to fortify their digital assets, cybercriminals, hackers and fraudsters have turned their attention to those small and mid-sized businesses that can’t afford the hefty cost that comes with cybersecurity protection.

According to Esmée O’Brien, head of communications at Kordia, a leading provider of business-critical technology and cyber security solutions.

“Over half of New Zealand businesses now acknowledge their risk of falling victim to cyber-crime. Two thirds of businesses updated or reviewed their policies in the wake of the recent high-profile ransomware attacks. And, more than half of all businesses are planning to increase their budget for information security in the year ahead.”

According to the survey conducted by Kordia, 46 per cent of businesses have been targeted by ransomware, malware or phishing attempts in the last 12 months.

This is undoubtedly a big concern to small business stakeholders, but perhaps the bigger question, is if this has an effect on the national economy as a whole. To date, there has been little to correlate small business cyberattacks to any business confidence indicators. The contributing factors of recessions are generally driven by events such as rising interest rates, inflation, international conflict or high oil prices, among other geopolitical activities.

As the cyberattacks continue to grow causing disruption, significant revenue losses, employee layoffs and closures, the negative effect could realistically flow up into the mainstream, hamper consumer confidence, especially among the elderly trying to keep up with the ever changing technology.

Entrepreneurs are pretty laid back about online security because they believe that only big corporations are the hackers’ targets. And that big companies have enormous security budgets, which makes them a challenge for hackers’ to crack. In hindsight that’s why hackers turn their attention to small businesses collectively – a challenge is the least of a hacker’s end goal.

You can just as easily compromise your data by allowing physical access to your devices. It doesn’t matter whether you are the ‘Mr or Mrs Blogs’ or Entrepreneur. Cyber attackers can find a good use for any personal and financial information they can get their hands on.

According to a recent survey the U.S. economy loses between $57 billion and $109 billion per year to malicious cyber activity. In NZ $50 million would seem like a drop in the ocean in comparison, but in terms of our size it’s a substantial hit.

There are things we can do, and do the right way: The government can assist small businesses by starting with tax incentives to spur innovation and help businesses acquire cybersecurity tools

Cyberattacks can be broken down into several types which can be mitigated with experienced resources and tools, and include:

Cryptojacking, a means by which hackers take control of your computer’s processing power to mine for cryptocurrencies like Bitcoin.

It’s harder to detect and reduces hardware and network performance of your machines. There are tools that you can use for routine performance monitoring of your systems.

Formjacking, a hacker injects a piece of code into a website. The code reads the transaction details and extracts the customers’ personal and financial data.

Difficult to detect and dangerous to vulnerable systems and databases. It is almost impossible to spot because the transaction will go through normally, a regular audit of your forms will uncover any malicious code.

Insider attacks, one of the most popular cyberattack It can be very difficult to stop disgruntled employees with malicious intent. Constant monitoring and putting robust employee disembarking processes in place.

Phishing, who has never received a phishing email? If you have an email account, you’ve been phished.

This is also another very popular form of cyberattack – an email is sent to your account pretending to be from an authentic source, purporting that a password-reset is required on for example on your Apple account, Paypal account. Any platform that the masses in your country or area use i.e. banks, tax office, Facebook, Amazon, Fedex etc.

The email suggests that your information has been stolen, and then trick the user into clicking on a link to a fake website that collects your details. Well-engineered websites come very close to looking like the real thing, bar the domain name.

Social engineering, Social engineering typically involves specific research into a targeted individual or business and is sometimes known as “spear phishing.”

Hackers often use social media accounts to gather personal data in order to target individuals rather than randomly collect information. They can even befriend you on social media and have you tell them inadvertently a vital part of information about yourself.

We folk usually use personal information to protect our details online. Everybody knows you use your child’s birthday or name, wedding anniversary, wife’s birthday or name as your password. (123)

Ransomware, Ransomware is a type of malware that blocks access to your data until a ransom is paid to have it returned. The best protection against ransomware is consistent backup of your data to prevent the malware from blocking access to your business-critical data.

Spoofing, Email spoofing is when an email’s identifying fields, such as the From, Return-Path and Reply-To addresses are modified to appear to be from someone other than the actual sender (typically your own email address).

This technique can be used for legitimate reasons, however, is popular among spammers. By spoofing legitimate addresses, a spammer increases their chances of a victim opening a spam email and clicking on their malicious links.

If a spammer sends out emails and spoofs your email address, any spam emails which are rejected by a recipient server may bounce back to your email address.

The whole industry of cybercrime has become increasingly sophisticated, GDPR Report, and far more comprehensively funded.

When all is said and done, yet less than 20% of small business said they were confident in their cybersecurity readiness, and barely half had a clearly defined cybersecurity strategy at all. I would recommend a quarterly security audit, it can be costly, but can identify weaknesses from which a company can use to create a plan to mitigate any future vulnerabilities – may prove to save your business in the long run.

Consulting firm, Accenture has estimated that in the U.S. a malware attack costs an organization an average of US$2.4 million excluding the not so obvious like, business reputation, data integrity etc.

There are ways to protect yourself and your business from cyberattacks, such as promote individual strong passwords (longer than eight symbols, containing lowercase and uppercase – alphanumeric) for each service being used. If you use the same password in all your registrations and logins, it means that if one of them gets hacked, your entire online presence will be at risk. So, to mitigate the risk, of one of your multiple passwords from being hacked, use a password manager with two-factor authentication.

A VPN (virtual private network), is also useful tool, as long as you get the best one available. It allows you to create a secure untraceable connection to another network using an Internet connection. It gives you a significant degree of anonymity and prevents transparency to hackers especially on free Wi-Fi hotspots

So be smart and protect yourself and your business online, as you currently do with your personal safety in your own home….

Comments are closed.

Search:

Categories

Archives

Opportunity

Knocks twice

Please follow us :)

Facebook
Twitter

Business Strategy & Innovation - Assisting you on your Business & Digital Transformation Journey

Private Bag A102 Auckland, NZ 1010