It’s easy to fall for and can go unnoticed. But if you know what to look for and put these four security measures in place, you’ll be in a good position to keep you and your business safe.
Last year, CERT NZ received a report from a small business that was receiving emails from an attacker pretending to be a recognised supplier.
The emails contained fake invoices and were attempting to trick the business into paying the invoiced amount into an attacker’s account.
The emails seemed legitimate. For example, they included information about recent goods the business had requested and the right costs.
However, there were small differences in the sender's email address that fortunately staff noticed before any payments were made.
With the help of their IT provider, the business discovered that an employee’s email account had been hacked.
The account had a simple password, making it easy for the attacker to get into the account and forward any emails containing words like "account", "invoice" and "pay" to an external address belonging to the attacker.
The information in these emails gave the attacker enough details about the business’s billing cycles and behaviours to create fake invoices that looked legitimate.
The reported financial loss was over $5.2 million.
Many businesses think a cyber attack won’t happen to them. To help keep you and your business safe, put the following four measures in place.
Have a strong and different password on each of your accounts, like email and software programmes. You might use a password manager, an app that securely stores account logins. That way you only have to remember one password.
Add an extra layer of security to your business email accounts by applying two-factor authentication (2FA). It’s often a password and something else, like a code that is sent to your mobile phone.
Updating your social media privacy settings to only friends and family makes it hard for cyber criminals to find out information about you.
Don’t ignore software updates when they are available. Try to action them as soon as possible. It’ll help protect against bugs and viruses.
Report any issues to CERT NZ right away. You’ll be asked to describe the cyber security issue you’re experiencing. CERT NZ will then identify it and let you know what the next steps are to resolve it.
Along with providing you with help, CERT NZ uses the information you share to create advice and guidance for others who might be going through the same issue.
Any information you provide is confidential, unless you give consent to share the details of your report.
Report an issue (external link) — CERT NZ
CERT NZ will be holding Cyber Smart Week on 14-18 October. More information on how to get involved and help keep your business safe online will be available from late September.
Cyber Smart Week 2019 (external link) — CERT NZ