All businesses can operate, provided they can meet the rules to operate safely. Businesses are still required to display the official QR codes for the NZ COVID Tracer app at all alert levels.
For more information, check out the business.govt.nz page for Workplace operations at COVID-19 alert levels
As data breaches and online threats become more common, it’s important to take active measures to safeguard critical systems and sensitive information. These practical cyber security and data safety tips will help you keep your data safe and secure.
Proper storage and regular backups will help protect your important information from system failures or improper use. But an increasingly complex online world means you need to also protect your data from unauthorised access, whether it’s an accidental breach by someone in your business or by a hacker.
Ignoring cyber security threats and data breaches puts your reputation — and bottom line — at risk.
Recovering from a cyber attack or data breach could be an expensive undertaking. Take precautions so you don’t fall victim.
Consider doing a cyber security risk assessment about your business. It will help you identify what you value, what your risks are and how to mitigate them.
Cyber security is about protecting information, devices and systems from unauthorised access, attack or other risks.
Common threats to a business’s data and systems include:
CERT NZ has more details on common cyber security threats to New Zealand business, including how to prevent them and what to do if they happen to you.
Common threats(external link) — CERT NZ
To best protect your systems and data, you need to identify and address your vulnerabilities and your important assets.
To work out whether you are doing enough to protect your business from cyber security incidents, go through CERT NZ’s Cyber security risk assessment guide. The guide will help you better understand both your business processes, and the systems and data that’s important to secure.
If you have lots of holes and don’t know how to manage them, consider paying a security specialist to help you set up a security process.
This makes it harder for attackers to find an account with access.
Protecting important data is all part of continuity planning — being prepared to recover from any problems. Follow these steps:
The Office of the Privacy Commissioner also has a step-by-step toolkit on how to plan and respond to data breaches.
Privacy breach guidance(external link) — Office of the Privacy Commissioner
It’s easier for cyber attackers to gain access to shared accounts because the password is often weaker or it’s easier to find. It’s easier for computers to run a task and guess lots of passwords, so the stronger the better.
Create a good password(external link) — CERT NZ
There are a number of easy things you can do to protect your information. The key is to commit to safety measures. If you have staff, make sure they are trained and kept up to date on any new risks or protective steps.
Do not store passwords or passphrases on your online systems or devices — this makes them too easy to find. Instead use a password manager. There are many free or low-cost options available. Make sure you choose a reputable one.
Change these to strong passwords or passphrases — and make it part of your off-boarding process to change them each time someone leaves the business.
Software providers release regular software updates to fix and bugs or weaknesses that have been found. It’s one of the easiest and best things to do to mitigate against cyber attacks. You may want to put off software updates for later, but it’s time well spent to keep your systems safe. This includes updating everything – your devices, printers, routers, and internet connected TV. CERT NZ recommends turning on automatic updates, so you don’t have to think about it.
The latest updates or versions often fix any new vulnerabilities to cyber attacks.
Add a further security layer by encrypting data with a key. Check if a cloud service will do this for you, or you can look into free software that will help you do this yourself.
Installing paid antivirus software on computers is an easy way to protect your data. Keep your software up-to-date to fight off the latest malware. Install patches and updates from your internet service provider.
Consider getting protection from malware, a term covering software threats, including:
Digital Resources has more tips on antivirus software and security.
Anti-virus software(external link) — Digital Resources
Encryption makes data indecipherable to those who don’t have the key to access it.
A firewall is software or hardware that protects your computer or device against online threats. It helps you monitor who or what is allowed to access your system. It will also notify you if your computer or device is trying to access something suspicious online. Think of it as a door between your computer and the internet. It helps you let the right things in and keep suspicious activity out.
Two-factor authentication (2FA) makes it much more difficult for hackers to crack into your systems. 2FA ensures a user can only gain access if they have an extra credential above a valid username and password. This extra credential may be a PIN number, access to a physical security key or token, or a unique identifier, eg a fingerprint. You should enable it for your most important systems, accounts and devices.
If your business relies on sensitive information, it’s a good idea to think about cyber insurance. It can cover data breaches, website hacking and IT scams. Make sure a policy covers your areas of risk. An insurance broker can help you understand what a policy does or doesn’t cover. If you’re sorting out your own insurance, read the fine print to make sure it covers a cyber attack.
CERT NZ has more practical steps you can take to keep data safe and secure online.
Security breaches can often be caused by an employee doing something they shouldn’t, usually inadvertently. If employees use computers and mobiles devices at work, or work devices out of work:
Cyber security policy(external link) — CERT NZ
Insider threat(external link) — CERT NZ
The Office of the Privacy Commissioner has short online courses, including one on the new Privacy Act 2020, to train people on privacy best practices.
eLearning(external link) — The Office of the Privacy Commissioner
Create an easy IT and social media policy(external link) — Workplace Policy Builder
Internet and social media use(external link) — Employment Agreement Builder
Make sure everyone in your business knows how to keep important data and systems secure.