SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Google says NZ's lack of cybersecurity knowledge is putting users at risk
Tue, 7th Sep 2021
FYI, this story is more than a year old

Seven in ten (69%) Kiwis are not always taking deliberate steps to improve their online security, despite one in three (30%) admitting that they are aware they have had a password compromised or hacked and one in five (20%) having fallen victim to phishing or an online scam, according to new research from Google New Zealand.

Of those who said that they do not always take deliberate steps to improve their security online, the main reason for not doing so was not knowing what steps to take, or where to start (37%).

A further 21% believe a password is enough to keep them safe and 15% said they would rather prioritise protection in other areas, such as physical property.

The data also revealed that millions of Kiwis could be putting themselves at risk of financial or social harm by simply not understanding the pitfalls of online security.

When it comes to keeping high-risk passwords safe, 13% have shared their password with a family member or friend, and a further 6% have texted or emailed it to someone. Just one in four (26%) use a password manager, a tool designed to provide strong passwords that are safely secured.

Furthermore, nearly one in five people (18%) didn't know what two-factor authentication, the addition of app or text approval to access an account, meant, with just one in ten (9%) always using this layer of protection that is widely recognised as best practice, for online accounts.

More than half (52%) of adults around the country believe it is in some way likely that they could fall victim to a third party data breach, whereas just one in three (33%) think it is likely they could do so to a personal online phishing attempt.

In reality, online scams have had a significant impact on the lives of Kiwis, as reported by recent NetSafe data that shows 2,891 Kiwis have lost money, or had their personal data compromised, due to online scams in the three months from 1 April to 30 June 2021.

The organisation estimates Kiwis lost $5.23 million in that same period. What's more, Google blocking 100 million phishing attempts on inboxes globally each day demonstrates the very real threat.

Encouragingly, 92% recognised the secure website symbol, but 22% admit to not knowing what it means, and 17% know what it means but don't look for it when purchasing online.

“With some recent high profile cases, it's easy to think that phishing attempts only happen to  big companies, or that they would be easy to spot, but with ever advancing technology the personal risk can have significant financial and social implications at an individual level," says Ross Young, government affairs and public policy at Google New Zealand.

“We keep more users safe by blocking malware, phishing attempts, spam messages and potential cyber attacks than anyone else in the world, but it's also important that people take advantage of tools to increase their protection. While online security can seem confusing, or boring, the good news is that there are some very easy things people can do," he says.

“The Google Safety Centre was developed to share some simple solutions that go a long way - like guidance on two-factor authentication. If a password is locking the house, twofactor authentication is the alarm; a second layer of protection."

Google's top five tips for staying safe online:
● Use a password manager to create and store strong passwords for every account. For example, Google's Password Manager, built directly into your Google Account, uses the latest AI security technology to protect your passwords.
● Turn on 2-Step Verification 
This helps to keep out anyone who shouldn't have access to your account by requiring you to use a secondary factor on top of your username and password to log in to your account.
● Make sure site connections are secure
If the url is secure the Chrome browser will display a grey fully locked icon in the url field.
● Always validate URLs and suspicious links
Double-check the URL by hovering over the link or long-pressing the text on mobile — to make sure that the website or app is legitimate; and make sure that the URL begins with 'https'.
● Double check files before downloading
If you come across a suspicious attachment, use Chrome or Google Drive to open it. They automatically scan the file and warn you if we detect a virus.