Kiwi exporters finding 'She'll be Right' doesn't fly in Europe
Cybersecurity expert Daniel Watson says international customers are demanding more rigorous cybersecurity from NZ firms.
The most significant change to Europe's data protection rules in more than 20 years is putting Kiwi exporters under increasing pressure to match world cybersecurity standards.
Author of the book She'll Be Right (Not!): A Cybersecurity Guide for Kiwi Business Owners, and SMB cybersecurity expert, Daniel Watson says that until now, Kiwi companies have managed to slide past certifications and compliance levels by showing that they had, at least, some measures in place.
"The EU's General Data Protection Regulation (GDPR) Compliance has been around since 2018, but the EU has stepped up enforcement sevenfold in the last year," says Watson.
"Local companies are suddenly at risk of losing business, getting hit with hefty fines or having their ability to trade restricted. EU regulators are imposing record fines, making local companies that trade with Europe sit up and take notice. On top of this, multinational lenders, banks, and insurance companies are putting pressure on businesses to apply best practices for cyber and data security."
Watson says if you're doing business with an extensive European company and your cybersecurity is lax, you compromise that company and its other suppliers and clients.
He says cybersecurity is having a significant impact on the ability of local exporters to win and keep clients. And that he's aware of cases where international insurance companies have demanded answers from local companies about their policies concerning issues, such as the alteration of bank details (he says business email compromises are massive), two-factor authentication, staff access and awareness.
"Cybersecurity is not a widget. It's more than machines and software because the biggest vulnerability is people at every level of the business," says Watson.
"If your staff aren't trained in cybersecurity protocols and policies, and if they're not kept up-to-date with cyber threats, you're going to fall short of international standards. Increasingly, overseas customers are asking New Zealand companies to provide certifications and compliance levels with respect to international standards."
Watson suggests that companies doing business overseas, or contemplating developing international markets, take steps to:
- Assess the privacy of client data: Be clear on the types of data you are collecting and the process. Is the collection anonymous, or is the identity known? How is data collected, and how is it stored? Who has access to that data, and are third parties involved? Do you have a process for dealing with data breaches?
- Write clear policies: He says to use the assessment to write clear policies to define how staff behave. For example, how they use social media and who can access customer data.
- Secure your current state: Securing your current state is about ensuring your software and technology are adequately protected. Look ahead at potential threats and attacks that may occur, anticipate what they are and make sure your systems can withstand, adapt or recover from an attack.
"If you're a senior leader in a company or a business owner, it is important that you keep up-to-date with the cybersecurity threat environment and that you keep your staff informed," Watson adds.