Elizabeth Harbison, Crombie Lockwood Cyber Practice Leader, and Peter Bailey, Aura Information Security General Manager, share insights on the threats facing businesses of all sizes.
Crombie Lockwood's Elizabeth Harbison has heard all the cybercrime myths; it won't happen to us; we're just a small business. Everything's on the Cloud. Everything's outsourced...
Unfortunately, all of these arguments are immaterial when facing up to global cybercrime threats.
Peter Bailey from Aura confirms the risks of this complacent attitude and says social engineering, reliance on computers and trust in automated systems means the modern cybercriminal has a number of pathways into a business or individual's data. Technological evolution and complacent attitudes mean the size of the company or the levels of system security measures in place become irrelevant.
“There are behavioural and legislative aspects to the threat in New Zealand,” Bailey says. “Firstly an ‘it's not going to happen to us’ mentality persists in local business culture as well as having no requirement for New Zealand-registered companies to report breaches.
“In March 2020, New Zealand cybersecurity legislation is set to change, meaning that companies will be required to report cyber-attacks to the Privacy Commissioner. Corporate entities will be forced to become more transparent and face up to potential liability around data theft.
“Entities failing to report attacks could be fined up to $10,000 under the new legislation.”
“Given it takes just one email – which can be very sophisticated with genuine-looking logos, contact details and subject matter, plus even phishing style text messages are now being used, too – it's hardly surprising the risk and number of incidents is constantly growing.”
Bailey and Harbison agree that most cyber-attacks can be prevented through education and conversations within businesses about best-practice principles.
Tips to reduce cyber risk in your accountancy business
- Make staff aware of phishing threats; encourage them to pay close attention to whether emails are out of context, poorly written, have grammatical errors or are sent from a public domain (e.g. gmail).
- Be extra vigilant if there are attachments or links you're being encouraged to click on or if there's a sense of urgency in completing tasks or responding.
- Install reputable anti-virus software and always keep it and your operating systems up to date.
- Use strong passwords and twofactor authentication.
- Be prepared with the right cyber insurance.