Both scammers and hackers want to exploit you and your business to gain access to your money or private information. To protect your business, it is important that you are aware of common risks and make prevention a priority for all staff.
There are many ways attackers might target your business. Some are more obvious, like if your business loses money or you are suddenly unable to access your online systems. Other attacks are harder to detect, for example, an attacker may use your website or network to attack others. Luckily, there are things you can do to help prevent your business being the target of an attack.
To reduce your chances of experiencing any kind of online incident, everyone in your business needs to be aware of the risks and commit to safe practices. Make sure you set aside time to educate yourself and staff on new threats and regularly check-in with any questions or concerns.
Safeguarding yourself from cyber security threats can be easier than it seems. Some simple measures to significantly reduce risks include:
Top online security tips for your business(external link) — Own Your Online
Get Cyber Smart(external link) — CERT NZ
The latest updates or versions often patch or repair any new vulnerability to cyber attacks.
Scammers are often inventing new ways to try and trick people and businesses. But scams usually have common characteristics you can look out for.
Scams usually start when someone makes unexpected contact with you. This could be in person, by phone, letter or email.
In exchange for money or private information, they may:
Report an issue(external link) — CERT NZ
You can’t blame staff for getting things wrong if they don’t know the rules or understand what the risks are. Take time to educate your staff and make sure all your employees, and anyone else who may have access to your IT systems, are aware of the common characteristics of a scam, how to detect cyber security risks and how to avoid them.
It’s a good idea to:
Educating your staff about online security(external link) — Own Your Online
Create an online security policy for your business(external link) — Own Your Online
Create a password policy for your business(external link) — Own Your Online
Here are some common ways scammers and hackers may target your business. But remember, different scams are always being invented. A good rule of thumb is if a deal sounds suspicious or too good to be true, it probably is.
What is it?
Any unexpected email from someone asking you for money or personal information.
What to do:
Note: If you do receive an out-of-character request for private information or money from a sender you recognise, it always pays to verify with senders over the phone.
Hear tips from Paul Macpherson, head of security at Xero, on how you can stay safe when you use email — the vital tool many businesses rely on.
What is it?
Cyber criminals may intercept business emails and send false invoices to clients asking for payment to be made to their own bank account. Or they might pretend to be from your business for other reasons like gaining confidential business information.
How to stop it
Business email compromise(external link) — Own Your Online
What is it?
Ransomware — a type of malicious software designed to encrypt data and make systems inaccessible — stops systems and computers working until a password is entered. You’ll get a ransom demanding payment, usually to an overseas account, in return for a password. Ransomware also infects smartphones, often through apps downloaded via social media.
What to do to prevent ransomware attacks:
What to do if experiencing a ransomware attack:
Businesses and ransomware(external link) — Own Your Online
What is it?
Scammers use emails and texts to get you to reveal PIN numbers and passwords for things like banking, Inland Revenue and social media — and to send false invoices.
How to avoid it:
Phishing scams(external link) — Own Your Online
What is it?
Someone calls you out of the blue, saying your computer has a virus or you need to upgrade software. They tell you to download software that will help or ask for your login details to fix it. But there’s no virus or service. The software hacks your computer or the hacker logs in to your systems to steal information.
How to avoid it:
If it happens to you:
Scams and fraud(external link) — Own Your Online
Malware(external link) — Own Your Online
Cyber criminals will get access to ALL your information in one hit. And don’t use P-A-S-S-W-O-R-D or other easily guessed passwords.
Create a password policy for your business(external link) — Own Your Online
What is it?
This involves sending fake invoices to trick businesses into joining something, eg online directories or renewing intellectual property registrations. If you pay the first invoice, you’ll be invoiced for the fake listing until you spot the error.
If it happens to you:
What is it?
Scammers may contact you with an attractive opportunity in exchange for an upfront fee — but the scammer never delivers their promise. A common example is promising grant information that either doesn’t exist or can be easily found on government websites.
How to avoid it:
What is it?
Scammers may call to ask you for information about your business for a survey or directory. The information they ask for may seem harmless, but they could be collecting details to appear legitimate when they make contact with you later on.
How to stop it:
What is it?
Staff fraud is rare, but there are warning signs to watch for, including situations when an employee:
Insider threat(external link) — Own Your Online
If you aren’t sure if the person who has contacted you is genuine, a little investigation can put your mind at ease.
Depending on how they made contact, there are a number of ways you can check their legitimacy:
Search for a company(external link) — Companies Office