If you think you’ve been hacked, you’re not alone. Almost one in five small businesses in New Zealand have been targeted by a cyber attack, according to 2016’s Norton New Zealand SMB Cyber Security Survey. All businesses are exposed to the risk of cyber attacks or data breaches. If it happens to your business, identify and fix the problem first and then put steps in place to prevent it from happening again. Here’s how.
It could be strange new software on your laptop, the system slowing down, your passwords not working or content on your website you didn’t put there. There are many signs you’ve been hit by a cyber attack. But they all mean one thing: you have an urgent problem with your IT.
Hackers could attack your:
A data breach is whenever personal information is accessed by an unauthorised person or released into an unsecure environment. Unlike hacking, which always has malicious intent, a breach can be either deliberate or accidental.
The most common cause of a data breach is a mistake made by someone in your business. Robust planning on how to handle and protect personal information and other important business data is key. What’s more important is making sure all staff are in the know.
While you don’t have a legal obligation to report any breaches or hacks, it is best not to put your head in the sand.
By reporting and responding openly, you will:
How you handle the problem depends on what the issue is — but it’s not always easy to figure out what’s gone wrong. Note down everything that’s happened, including when and how you noticed the issue, what’s been affected, eg website or email accounts, and any other relevant details.
If you don’t have an IT expert on the team, there are a number of resources that can help you diagnose the problem.
CERT NZ’s online reporting tool asks you short questions to help you identify and diagnose the problem and next steps to resolve it. It’s confidential. It won’t be published that your business has been attacked.
Report an issue (external link) — CERT NZ
Netsafe and CERT NZ have advice and support to manage online challenges.
Phishing (external link) — CERT NZ
This message may say "Reported attack site" or "This site may harm your computer”. This means Google has detected something suspicious.
If you accidentally lose someone’s information or your system gets hacked, eg someone accesses your client account database, you need to think about how to manage the security breach.
It’s important to:
The Privacy Commissioner has a comprehensive guide on recognising types of data breaches and how to deal with them. They also have tips on putting processes in place to prevent future breaches.
Data safety toolkit (external link) — Privacy Commissioner
After you’ve handled a cyber security incident or breach, it may be tempting to move forward as quickly as possible. But it’s important to unpick exactly what happened and how. Put procedures in place to prevent any future problems.
There are easy, everyday practices, eg backing up data regularly and keeping systems up-to-date, you can take to protect your systems and data.
If you can’t afford to hire an IT expert on staff, your team will need to be more responsible than big-company employees when it comes to protecting data and using devices correctly. Make sure you have an IT and social media workplace policy so staff know the rules.
Use the Workplace Policy Builder to create an IT and social media policy.