Cyber security FAQs

What Is Cyber Security?
 

Just like you’d protect your business premises with security (locks, gates, doors, security cameras), cyber security protects your business’s internet-connected IT environment from malicious (and accidental) attacks. Attacks can be designed to gain access to or destroy your data, disrupt your business operations, or attempt to extort money. Examples of good cyber security measures to adopt include using strong passwords, multi-factor authentication, educating staff, and having plans in place for when things go wrong.

What is a data breach?
 

A data breach is when someone gets access to, or uses, information such as customer records and personal information, intellectual property, or business secrets without permission. Having pre-prepared plans for handling this situation can make the challenging task of having to inform customers and suppliers of what has happened, easier. 

What is malware?
 

Malware is short for ‘malicious software’. It is software designed to cause disruption, damage, or allow unauthorised access to your IT environment.  A common way malware is introduced is through someone clicking on links or opening files in phishing correspondence. Having a plan for detection, for example anti-malware software, and handling malware, such as disconnecting the infected system from your network, can prevent and minimise the potential harm caused.  

What is a phishing?
 

Phishing is correspondence generally received through email, text message or social media contact. It is designed to trick you into doing something you don’t want to do. This something could be opening a file that has malware, or disclosing information such as names, date-of-birth, banking details, email and social media account usernames and passwords. Have a plan for detecting and handling phishing communication, and regularly educate staff on the danger.

What are business email compromise?
 

Business email compromise is when someone has access to your business email account without permission. They then use this access to perform scams, such as sending fake invoices pretending to be from a business.  A simple but effective security measure to prevent this from happening, is to enable multi-factor authentication on all email accounts. To detect if an email account has been compromised, regularly review your email access logs and look for unusual login behaviour, such as a change in log in times or a foreign IP address.

What is ransomware?
 

Ransomware is a form of malware that once installed aims to deny you access to your information or IT system, unless you pay a ransom. A common way for ransomware to be introduced into an environment is through someone clicking on links or opening files in phishing correspondence. Install anti-malware software and know how to disconnect fast to reduce the chance it happens to you.

What is a denial of service?
 

A denial-of-service is when your computer/laptop or your network crashes because someone or something has flooded your devices with unwanted traffic or information. It literally denies you access to the internet and your data, with the attack typically consuming all your hard disk space, memory or server capacity. Usually, the attacker demands money in exchange for ceasing their attacks, calculating the financial and reputational damage of you being shutdown is worse than the ransom. 

Who do I contact if I’ve been hacked? The police, the bank, someone else?
 

First, if you’ve been hacked, get it fixed! Either your in-house or external IT support person. If you don’t have anyone, there are lots of consultants and IT support businesses you can call. Then report it to CERTNZ (the Governments ‘Computer Emergency Response Team’), on 0800 CERT NZ (0800 2378 69) Monday to Friday 7am-7pm or report an issue online. Other people to tell include Netsafe, and the NZ Police if you believe it’s serious enough by phone using 105, online to 105 or in person. Finally, don’t forget to tell staff, customers and the bank.

Do I need cyber insurance?
 

Cyber-risk insurance depends on your risk profile. You’re less likely to need it (or not as much cover) if you have robust cyber security measures, such as good awareness with staff and a well-defined process for restoring business systems, in place. Cyber cover protects you from financial loss and can cover you for claims if your use of the Internet caused someone else to suffer a loss.

How do I write an incident response plan?
 

It is important to get the basics right first. Ensure the plan is written down, everyone knows where it is, and it is short and easy to understand. Next, list out the types of incidents most relevant to your business such as phishing, ransomware, business email compromise, or a data breach, that the plan covers. Finally, create the plan and ensure it includes information on: 

• Process to be followed to report a possible incident when it is identified
• Steps to determine if it is an incident, and if it is the response required
• The different roles and responsibilities of people inside your business
• Actions to ensure business as usual activity is maintained
• Who to contact and how
• Approach for managing the response and communicating the incident
• Maintaining incident records including lessons learnt
   

CERTNZ has a great guide to aid you in the developing an incident response plan.

Who can help me with practical cyber security advice?
 

If you have internal staff or an external IT provider that manages your cyber security then great, otherwise we suggest go to https://www.cert.govt.nz/. It’s the agency called the Computer Emergency Response Team (CERT) to improve access to information on potential or real-time cyber-attacks. They have a great summary of six common cyber threats to businesses here. Use the Two Factor Directory to check what IT services use multi-factor authentication, which is a recommended pre-requisite for accessing critical data.

What is Multi-Factor Authentication (MFA)?
 

MFA is an additional step taken when logging on (authenticating) to an IT system, or when carrying out a sensitive requests like making a high valued payment. This additional step is used to prove (validate) that it’s you at the other end.  It could involve two factors of authentication (2FA), such as login credentials and a code that is sent to you by text, while three-factor authentication (3FA), is even more secure. Each factor for both 2FA and 3FA, are typically knowledge factors (something you know, like a PIN, user name or password), possession factors (something you have with you, like a phone that gets sent a one-time password, a key fob or ID card) and  inherence factors (something biological, such as a finger print, retina or voice recognition). CERTNZ has a great guide on how to implement MFA.

How do I know I’ve been hacked?
 

It’s not always obvious, but some common hints you’ve been hacked include an inability to log in to an account, unknown programmes opening when starting your computer, pop-up windows, lots of spam emails, social media posts appearing that you didn’t write, or your computer isn't performing as it usually does (slowed down or crashes more frequently).

Should I back up my data?
 

If you experience a security incident then restoring your data from backups is critical, and the fastest way to get back to normal operation. When implementing a data backup process ensure it:

• Covers all the data your business holds
• Clearly notes who is responsible for doing your backups
• Is automatic and the backups are regularly tested
• Has the backups stored somewhere safe

CERTNZ has a great guide for Businesses on backups.

What should I do now?
 

View our checklist to tick off the main cybersecurity dos and don'ts to keep your business safe.