As data breaches and online threats become more common, it’s important to take active measures to safeguard critical systems and sensitive information. These practical cyber security and data safety tips will help you keep your data safe and secure.
Proper storage and regular backups will help protect your important information from system failures or improper use. But an increasingly complex online world means you need to also protect your data from unauthorised access, whether it’s an accidental breach by someone in your business or by a hacker.
Ignoring cyber security threats and data breaches puts your reputation — and bottom line — at risk.
Recovering from a cyber attack or data breach could be an expensive undertaking. Take precautions so you don’t fall victim.
Cyber security is the measures you take to protect information, devices and systems from unauthorised access, attack or other risks.
Common threats to a business’s data and systems include:
CERT NZ has more details on common cyber security threats.
To best protect your systems and data, you need to identify and address your vulnerabilities and your important assets.
To work out whether you are doing enough to protect your business from cyber security incidents, take Connect Smart’s short online questionnaire. Based on your results, you will receive an action plan that sets out steps to better secure your business.
How cyber secure is your business? (external link) — Connect Smart
If you have lots of holes and don’t know how to manage them, consider paying a security specialist to help you set up a security process.
Protecting important data is all part of continuity planning — being prepared to recover from any problems. Follow these steps:
Connect Smart’s toolkit is designed specifically to help small and medium businesses plan to stay safe online.
The Privacy Commissioner also has a step-by-step toolkit on how to plan and respond to data breaches.
Data Safety Toolkit (external link) — Privacy Commissioner
There are a number of easy things you can do to protect your information. The key is to commit to safety measures. If you have staff, make sure they are trained and kept up to date on any new risks or protective steps.
Do not store passwords or passphrases on your online systems or devices — this makes them too easy to find. Instead use a password manager. There are many free or low-cost options available. Make sure you choose a reputable one.
Change these to strong passwords or passphrases — and make it part of your off-boarding process to change them each time someone leaves the business.
Add a further security layer by encrypting data with a key. Check if a cloud service will do this for you, as doing it yourself can be time-consuming and costly.
Installing paid antivirus software on computers is an easy way to protect your data. Keep your software up-to-date to fight off the latest malware. Install patches and updates from your internet service provider.
Consider getting protection from malware, a term covering software threats, including:
Digital Resources has more tips on antivirus software and security.
Anti-virus software (external link) — Digital Resources
Encryption makes data indecipherable to those who don’t have authority to access it.
A firewall is software or hardware that protects your computer or device against online threats. It helps you monitor who or what is allowed to access your system. It will also notify you if your computer or device is trying to access something suspicious online. Think of it as a door between your computer and the internet. It helps you let the right things in and keep suspicious activity out.
Software providers release regular updates to patch — or guard against — the latest hacks and bugs. They’re easy to ignore or put off, but it’s time well spent to keep your systems safe.
Two-factor authentication (2FA) makes it much more difficult for hackers to crack into your systems. 2FA ensures a user can only gain access if they have an extra credential above a valid username and password. This extra credential may be a PIN number, access to a physical security key or token, or a unique identifier, eg a fingerprint. You should enable it for your most important systems, accounts and devices.
If your business relies on sensitive information, it’s a good idea to think about cyber insurance, which can cover data breaches, website hacking and IT scams. Closely question whether a policy covers your areas of risk. Your broker should help you understand what a policy does/doesn’t cover. If you’re sorting out your own insurance, read the fine print to make sure it covers a cyber attack.
CERT NZ has more practical steps you can take to keep data safe and secure online.
This is a list of the 10 most critical web application security risks.
Security breaches can often be caused by an employee doing something they shouldn’t, usually inadvertently. If employees use computers and mobiles devices at work, or work devices out of work:
The Privacy Commissioner has short online courses, including Privacy ABC, to train people on privacy best practices.
eLearning (external link) — The Privacy Commissioner
Create an easy IT and social media policy (external link) — Workplace Policy Builder
Internet and social media use (external link) — Employment Agreement Builder
Make sure everyone in your business knows how to keep important data and systems secure.