Managing cyber risks is key for small and medium enterprises (SMEs) hoping to succeed in a modern, digital world, said Insurance Council of New Zealand (ICNZ) chief executive Tim Grafton.
He was speaking on the occasion of the country’s cyber security awareness week which runs from 8 – 12 October.
Mr Grafton highlighted the very large increase in cyber incidents reported to CERT NZ, New Zealand’s government authority on cyber security. “It drives home just how important it is for businesses to have the right cyber security in place and plan for how they’ll manage their risks if something goes wrong,” he said.
According to CERT NZ’s 2Q2018 quarterly report, cyber incident reporting by organisations has increased 143% since 1Q2018. In that period, 507 cyber incidents were reported by organisations. Direct financial losses from all cyber incidents for the period were NZ$2.2m ($1.42m).
“It’s important to remember that this is just what CERT is aware of,” says Grafton. “NZ$2.2 million is probably a conservative number; there will be many people who don’t report cyber incidents to CERT or may not realise they suffered a cyber attack.”
“In an increasingly digital world, the likelihood is these attacks will continue and small businesses are vulnerable because they’re less well resourced than their large counterparts.”
ICNZ had these recommendations for SMEs to manage cyber risks:
- Make sure all employees regularly update their passwords and not write them down anywhere or use passwords used for other services. Where there are default passwords in use for admin tools, these should be changed. If possible, enable two factor authentication on website or system logins.
- Buy and install good quality anti-virus and anti-malware software – don’t just rely on the default ones for the office system. Protect tablets, cellphones and any other devices that can connect to the Internet.
- Change the office wifi password regularly and don’t leave printed copies of it lying around. Access to wifi could open up access to your files and systems if someone dishonest gets access..
- Do not connect company devices to open or free WiFi networks or install and use unauthenticated apps. These networks allow anyone connected to them to see other connected devices and could make devices a target for hackers.
- Make sure employees only download apps from the Google Play or Apple stores. Unauthenticated apps could contain security vulnerabilities.
- Keep software up to date. Vulnerabilities in unpatched software make for easy entry for hackers.
- Set up logs to detect unusual activity and verify any strange business requests if unsure.
- Get cyber insurance – cyber insurance covers for cyber attacks and helps businesses get back on their feet faster.