With cyber attacks on businesses growing increasingly common, smaller brokerages are among the most vulnerable to sustaining losses as a result of a breach. Business owners are being reminded to take a fresh look at their cyber security as part of Cyber Smart Week, with CERT NZ offering guidance on how best to protect your business from loss.
According to CERT, cyber attacks tend to be opportunistic and won’t usually target one individual or business directly. Attacks are designed to exploit chinks in the armour, and hackers are not picky about who they target.
“Think of securing your online self like you’d secure your home,” CERT stated. “You wouldn’t lock the front and back door of your house, then go out and leave the bathroom window open – anyone could get inside. It’s the same online.”
CERT’s second 2018 quarterly report showed that incident reporting by businesses has increased by 143% since the first quarter with 507 cyber incidents being reported, and estimated financial losses from cyber incidents were $2.2 million.
According to the Insurance Council of New Zealand (ICNZ)’s chief executive Tim Grafton, the total number of losses is likely even higher than reported due to a lack of awareness around the topic.
“It’s important to remember that this is just what CERT is aware of,” said Grafton. “$2.2 million is probably a conservative number; there will be many people who don’t report cyber incidents to CERT or may not realise they suffered a cyber attack.
“In an increasingly digital world, the likelihood is these attacks will continue and small businesses are vulnerable because they’re less well-resourced than their large counterparts.”
ICNZ has recommended the following steps to help your brokerage manage its cyber risks.
- Regularly update passwords, and if you can, enable two-factor authentication.
- Install strong anti-virus and anti-malware software, and ensure your tablets, smartphones and other connective devices are protected.
- Change your office WiFi password regularly, and don’t leave printed copies of it out in the open. Access to WiFi can open access to your files and systems.
- Don’t connect company devices to free or open WiFi networks, as this could make your devices a target for hackers.
- Ensure employees only download apps from Google Play or Apple stores, as unauthenticated apps could carry security risks.
- Always make sure your software is up to date, as outdated software can be easier to hack.
- Set up logs to detect unusual activity, and verify any strange business requests.
- Get cyber insurance to help with recovery in the event of an attack.