Cyber security - the threat no business can ignore
By David Eaton, Chief Technology Officer, Hewlett-Packard New Zealand
While large scale cyber security attacks create headlines, cyber security is an everyday threat that no business, large or small, can afford to ignore.
Breaches can cost small businesses tens of thousands of dollars, and for enterprises it can be even more, however the cost to reputation can be far more difficult to quantify.
As companies invest in new technologies such as mobile, social media and cloud, their vulnerability grows. With cyber-attacks being one of the greatest threats to any business, it is critical to understand the value of an evolving and proactive security strategy.
This year, Hewlett-Packard New Zealand is once again proud to support Connect Smart in helping to promote better cyber security awareness in New Zealand.
It is pleasing to see Connect Smart moving to a year-round initiative, as cyber security is a constant threat and scams are only becoming more sophisticated.
Digital engagement with customers, suppliers and stakeholders is a vital part of being a successful 21st century business in New Zealand.
Increased cyber security practices are a necessary cost of the increasingly digital nature of today’s business environment and with an increasingly mobile workforce and the integration of cloud services into almost every business, protecting your organisation’s data is a concern that needs to be addressed.
While cyber security is an issue that all businesses need to be aware of - no matter what their size, it is important to put this in context. There are still a lot of myths and misconceptions around cyber security. This creates risk as people can both downplay or over-emphasise the impact of the dangers that come with Internet connectivity.
Both organisations and individuals need to be realistic about cyber threats so they can prepare and are capable of reacting to them when they occur.
An increasing amount of time is now spent working online and individuals are progressively more computer savvy. Technology users who are online on a day-to-day basis are educated about what they should be looking for and are generally experts at spotting the latest simple scams.
However scams and viruses are difficult to track; for every scam seen, there are lots that cannot be seen. As people feel more digitally literate, it is easy to get complacent with cyber security. While most Internet users are certainly smart enough to spot the obvious ones, subtle phishing scams can sneak by even the smartest people.
The reality is that while many organisations and individuals think they are immune to attacks, it is estimated 80% of New Zealanders have already had a cyber-breach.
The cost of these breaches range from embarrassment to severe financial, business and personal compromise - not to mention loss of reputation and damage to your brand. It should also be noted that, particularly as it relates to the exposure of citizen data, organisations may face legal action from affected parties.
For businesses, cyber security processes are essential to protect corporate information. Company information and intellectual property are at risk from disclosure, unauthorised access and interference from employees.
Anyone who is connected to the Internet has a part to play in keeping a business cyber secure, so the collective must take responsibility for the organisation. Key actions an organisation can take to protect its data include:
1. Controlling access
Whether data is managed by a third-party service or managed in-house, it’s critical to control and restrict access to the organisation’s data. Make sure an appropriate person within the organisation is managing data access authorisation and regularly keeping tabs on user rights and permissions.
Be careful when differentiating the people who administer the system and do not need to see the data, against those who legitimately need access.
Encryption is a key technology that can protect the contents of data from administrators and others who do not have a legitimate requirement to access the data.
If company information is clearly categorised it can be delivered only to those who have a legitimate reason to see it, and the company is less exposed to an accidental breach by an insider.
2. Back up your data
Out of sight, out of mind is the wrong way to approach data, whether it's in the cloud, or anywhere else.
Make sure you have a solid backup plan in place for your business data, that you encrypt everything and have the ability to easily restore your data in the event it is compromised or lost. Remember that you don’t have a plan unless you have tested and verified that it works.
3. Avoid phishing scams
Don’t open anything from those you don’t know, and even if you do, be careful clicking on any links where you are not absolutely sure of the contents. Remember to make sure virus software is operating properly. It sounds simple, but defeating phishing attempts starts with the basics.
4. Question everything
Many phishing or virus-embedded emails lead to what look like legitimate websites. Pay close attention to a website's URL - hovering over any links to see where they lead is a sure fire way to catch strange domain name spellings and other idiosyncrasies. Remember that simply because an email “knows” something about you does not make it legitimate.
Even with the best security practices, breaches have the potential to access resources, networks, and data. Therefore, businesses should consider their incident response processes to help identify threats, uncover those that may have got past perimeter security, and create plans to prevent future attacks.
The Internet is a vital part of New Zealand’s economy, but it also provides new risks. Initiatives like Connect Smart are important in building both awareness and online capability for New Zealanders; and in creating a community where commercial organisations and the public sector can share resources, knowledge and insights, to reduce risk and increase awareness.