Protect your business from cyber crime

Written By Carole Smith

Your IT systems and software are the backbone of your business. With so many parts of your operations now in the digital domain, it’s vital to protect your cybersecurity.

Malicious hackers will always be looking for an opportunity to access your systems or steal your sensitive customer information. So, it’s vital to do everything you can to boost your security.

Cybersecurity resources from the NZ government

Small businesses are the target for nearly half of all cyber crime in Aotearoa New Zealand, with one in three experiencing at least one cyber attack. That’s a sobering stat, if you’re unsure about the quality and effectiveness of your cybersecurity measures.

Fortunately, the NZ government has published a ‘Protect your business from cyber crime’ site, with links to a selection of resources and videos to improve your cybersecurity.   The site includes advice on:

  • Protecting your business online - Learn why it’s important for your business to prioritise online security and how to start getting your business in better shape.

  • Protecting your online accounts - Find out about the most important protections you can put in place for your online accounts and cloud-based finance tools.

  • Protecting your data and systems - Understand how to protect your data and your customers’ data, and how to best recover from an online attack.

  • Protecting your website and social media - Get advice on putting protections in place for your website and your social media accounts.

  • Spotting and avoiding phishing - Learn about the most common online attack – phishing – and how your business can avoid getting caught by it.

Cybersecurity measures are no longer a ‘nice to have’. They’re a vital part of your governance and risk assessment as the owner and director of a business.

Our own recent experience

Last week, one of our staff members received an email that appeared to be from a trusted client, containing a link to a document. As this email link was not expected, the staff member replied to the email requesting confirmation that this email was for us.  A reply was received, from the clients email address, confirming that the attachment was for us.  Unfortunately, this was a sophisticated phishing attempt, and once the staff member clicked the link, even though they did not enter any login details, the email account was briefly compromised and used to send similar emails to others.

We acted immediately:

  • Our IT team blocked and secured the email account.

  • They removed any malicious content and reset credentials.

  • A full scan of the laptop was completed and confirmed nothing had been downloaded and there was no breach of data.

  • We liaised with affected recipients and advised them to take precautionary steps.

Going Forward: Our New Document Sharing Policy

To enhance security and protect your information, we are implementing the following changes:

Pre-arranged links only: If you receive a link to a document from us, it will be preceded by a separate email confirming that the link is legitimate.

Annature for digital signatures: When we send documents for digital signing, you will receive an email from Annature from noreply@chestergrey.co.nz. We will notify you in advance so you know to expect it.

Received links:  If we receive a link from a client, and it has not been pre-confirmed, we will not open the link until we have spoken to the client to confirm.

Data security is our priority, and we’re committed to maintaining safe and trusted communication. If you ever receive a link from us that you weren’t expecting, please call us directly before opening it.

We use an external IT Team and if you have any concerns about the IT security of your business, we would be happy to refer them to you.

Carole Smith
Next

5 red flags you are fuelling entitlement at work