Passwords and passphrases
Make sure you do the following:
- Always use strong passwords or passphrases to protect your devices and data.
- Use passphrases, rather than passwords. Passphrases are unique, at least 15 characters long and a combination of different character types – for example: IAte23OfDiana'sSandwiches!.
- Change any default passwords and usernames that come with a new device as soon as you get it.
- Don’t use the same password or passphrase for more than one of your systems or staff. Hackers could get into all your most sensitive information in one hit.
- Don’t leave factory or administrator passwords in place on your Wi-Fi, modem or any devices. Make it part of your off-boarding process to change them each time someone leaves the business.
Software updates
Software providers release regular software updates to fix bugs or weaknesses that have been found.
It’s one of the easiest and best things to do to mitigate against cyber-attacks.
Don’t put off software updates.
This includes updating everything – your devices, printers, routers, and internet connected TV. You can turn on automatic updates, so you don’t have to think about it.
Encryption
Add an extra security layer by encrypting data with a key. Check if a cloud service will do this for you, or you can look into free software that will help you do this yourself.
Always encrypt sensitive data, no matter how you decide to store it.
Encryption makes data indecipherable to those who don’t have the key to access it.
Antivirus protection software
Installing paid antivirus software on computers is an easy way to protect your data. Keep your software up to date and install patches and updates from your internet service provider.
The software protects you from malware including:
- viruses – code that can copy itself and infect computers and other devices
- Trojan horses – programs designed to breach and take over parts of a system
- ransomware – software that blocks access to a computer until a ransom is paid
- spyware – software used to secretly get information sent from a computer about how it’s being used
- adware – software that automatically downloads or displays often unwanted adverts.
Firewalls
A firewall is a software or hardware that protects your computer or device against online threats.
It will:
- help you monitor who or what is allowed to access your system
- notify you if your computer or device is trying to access something suspicious online.
Think of it as a door between your computer and the internet. It helps you let the right things in and keep suspicious activity out.
Two-factor authentication
Two-factor authentication (2FA) makes it much more difficult for hackers to crack into your systems.
2FA ensures a user can only gain access if they have an extra credential above a valid username and password.
This extra credential may be a PIN code, access to a physical security key or token, or a unique identifier – for example, a fingerprint.
You should enable it for your most important systems, accounts and devices.
Best practice from cyber security experts
Transcript
Video transcript: Cyber security tips for your business
[Visual: Blue introduction screen with white business.govt.nz logo on the right-hand side of the screen. The sentence “Cyber security tips for your business” in smaller, thinner text is on the left-hand side of the logo, separated from the logo with a thin white vertical line. The screen changes to a mid-shot of the presenter standing in a board room holding and speaking into the microphone. I-Film Science Logo is in the top right-hand corner for the entire video.]
I’m going to put you all on the spot and ask[BT1] you to think of one practical thing that businesses can take away from what we’ve heard tonight, or what you think is the number one thing a small business can do to stay safe online once they’ve finished with this webinar.[BT2]
[Visual: The screen changes to a shot of the presenter standing in a board room, in front of a panel of four speakers. One presenter sitting in a desk chair to the left of the table, three other presenters sitting at a table and an audience of two visible people.]
Stuart, I’ll start with you.
[The presenter on the right-hand side speaks.]
I’ve mentioned backups already, does that count?
[The presenter standing up speaks.]
We can go with backups. Would you also say, “Use a security online tool for free at Digital Journey”?
[The presenter on the right-hand side speaks.]
Yes, I would do!
[Visual: The screen changes to a mid-shot of the speaker on the right-hand side.]
Obviously, use our tool as that’s a good starting point. It’s a great way to give you a snapshot of how you’re doing when it comes to security. But from all the times we’ve been helping businesses that have [BT3] gone through ransomware - and ransomware is one of those classic things that “I’ve got Office 365 or I’ve got my files on Dropbox, I can see all my files on the cloud, it’s all safe”.
Ransomware doesn’t care about that. It takes over your machine, if it’s One Drive, or Dropbox, it’s still going to be infected. You’re starting off looking at that blank screen with a clock ticking on it saying you’ve got to pay some ransom. So, I cannot emphasise enough that having a good backup, that is not connected to your machine, and is kept offsite, is absolutely critical.
[Visual: The screen changes to show the presenter, speakers, and two visible audience members. The presenter standing up is speaking.]
That’s an offline backup. Thank you [BT4] very much Stuart. Paul?
[Visual: The screen changes to a mid-shot of the third speaker.]
I’m going to cheat and say two things. I can’t stress strongly enough my recommendation that if two-factor or multi-factor authentication is available to you on an account, use it. If it’s not available to you, I’d say look to a service that has it. And the other thing is the value of education and awareness, especially when it comes to avoiding scams.
Knowing that email is dodgy so therefore [BT5] I shouldn’t click on that link or open that attachment. That is[BT6] the primary way people are getting into your organisation, getting the malware in, getting your machine infected with ransomware or stealing your information.
[Visual: The screen changes to show the presenter, speakers, and two visible audience members. The presenter standing up is speaking.]
Excellent. Really practical. Look for that two-factor authentication in the security settings or in preferences, and make sure you use it if it’s there. Sai?
[Visual: The screen changes to a mid-shot of the second speaker. Black introductory banner with a red horizontal line above appears from the left-hand side and then disappears, showing the name and company of the speaker: “Sai Honig, isc2 Xero”.]
I would say keeping your devices updated. Too often I’ve seen where the updates are turned off, that includes these little guys too [indicates mobile phone]. When you get an update or a notice of an update, nine times out of ten it’s not just new features,[BT7] it’s also including [BT8] new security protections that have been developed over time. So, you want to have the latest on your devices.
[Visual: The screen changes to show the presenter, speakers, and two visible audience members. The presenter standing up is speaking.]
Thank you so[BT9] much. Make sure you update the software you’re using. Finally, Steve.
[Visual: The screen changes to a mid-shot of first speaker. Second speaker also appears in shot on the right-hand side. Black introductory banner with a red horizontal line above appears and then disappears, showing the name and company of the speaker: “Steve McCabe, PwC”.]
I’m not sure what you’re leaving me here! We’ve done education, we’ve done hygiene. Don’t ignore it.
[Visual: The screen changes to show the presenter, speakers, and two visible audience members.]
Couldn’t have summed it up in a better way. And it’s around the continuum that Steve was talking about. Don’t be one of the businesses [BT10] that just shuts this out of your life until it happens to you, and suddenly [BT11] you haven’t stored your data somewhere else, you haven’t checked your two-factor authentication, so suddenly they’re accessing all the different programmes that you’ve got. Make sure that you’ve got good practices and processes in place, and don’t ignore it.
[Visual: The screen changes to a white outro screen with blue bolded business.govt.nz logo on the right-hand side of the screen. The words “Make business easier” appear on the left-hand side of the screen in thinner text, separated by a blue vertical line from the logo on the right.]
[Video ends.]
Learn more about