We’ve all heard the buzz words “AI” and “Chat GPT” floating around the last year with regards to new advances in technology. It’s the rise of artificial intelligence which serves as a reminder the importance of have good cybersecurity habits in your business. But what does it all mean? And what impact can a cyberattack have on your business?
According to CERT NZ’s Q1 2023 statistics, losses of $5.8 million resulted from cyber attacks in New Zealand between 1 January 2023 and 31 March 2023.
Fortunately, having a cautious mindset and being aware of potential cyber threats, can save you time and money in the long run.
So, what are the common types of cyberattacks I need to be aware of?
Phishing: These are emails which look like they’re from legitimate organisations with the intent for users to click a link to gain access to your data. Phishing emails are likely to impact people who are in a rush or may not know how to tell the difference between legitimate and illegitimate emails. Below is an example one I have received claiming to be from Connected Accountants.
Malware attacks occur when malicious software (such as a virus) is installed into your system, sometimes you may not even know that it’s been installed in the system. They can come from files in emails, downloads from the internet or installed with a USB drive. The intent is to gain access to the system to blackmail, ransom or steal confidential information.
This occurs when hackers will shut the user out of their own system. They will typically do this by flooding the system with false requests. Similarly, to malware attacks, the hackers are typically profit motivated. The difference, however, is that the user knows that the attack is occurring as they will have no access to files, or the server may be slow and unresponsive.
What can I do in my business to prevent these attacks from happening?
Here’s a few simple things that you can easily implement to mitigate your cyberattack risk.
- Stay up to date with software updates.
Software updates from your operating system typically include security updates. You can update your operating settings to automatically download new updates as they become available and update outside of normal working hours.
- Implement 2 factor authentication.
2FA is becoming more and more common as a compulsory login requirement for software. You may have already noticed it when logging into Xero. It’s an extra layer of security to authenticate yourself when logging into programs. Typically, this is entering a code created by an authenticator application on your phone, the code changes frequently so that if your details or device is stolen, you can prevent unauthorised people from accessing your information.
- Back up your data.
This seems simple but often we get so busy with life we forget to back up important documents and information to a secondary hard drive. It’s often overlooked but could be a lifesaver if your systems ever got shut down by a malware or denial-of-service attack. This could be backing up data to a physical hard drive, or making sure all information is stored in the cloud.
- Create an incident response plan when things go wrong.
Just like you would in a fire, it’s just as important to have a plan for a cyberattack, as this can save you money and stress when dealing with a cyber incident. The CERT NZ website has many helpful guides to help you through this process which are broken down into simple steps for you including coordinating the response, communicating to staff and reporting the incident. You don’t have to be an IT genius to complete this!
The key thing to note is while we can’t always prevent attacks from occurring, being vigilant will create security and certainty around your data, which will allow you to carry on business as usual. Managing cyber risk is also a continuous process that is looked at and improved as time goes on, so start with 1 thing and continually add to your cybersecurity measures.
Feel free to reach out to the Connected Accountants team if you’d like to discuss risk management for you and your business.