sb-nz logo
Story image

Law firm gets behind CERT NZ's findings about phishing

28 Aug 2017

MinterEllisonRuddWatts is the latest New Zealand business to shine the light on New Zealand’s vulnerability to cyber attacks, citing results from its own surveys, the PwC New Zealand CEO Survey and CERT NZ’s recently Quarterly Report.

The company says that 91% of CEOs are concerned about cyber attacks according to PwC’s study, while a MinterEllisonRuddWatts poll at its Corporate Governance Symposium found that less than 30% of directors and executives were prepared for an attack.

The company notes that the government invested $22.2 million to set up the national Computer Emergency Response Team (CERT). Recently CERT released its first Quarterly Report, which showed that in just three months, there were 364 reported incidents and local businesses had lost more than $730,000.

According to MinterEllisonRuddWatts, the CERT report also showed that many of the cyber attacks on New Zealand businesses come from successful phishing attempts.

“A significant issue highlighted by the report is that 33.6 per cent of the incidents reported related to phishing. This is a global trend as one of the easiest routes for hackers is through e-mails. This means if your staff aren’t vigilant and don’t know what a phishing email might look like, your business and its operating systems are at real risk,” the company says in a statement.

It has also put together a list of tips for encouraging and educating staff about threats.

1) Ensure passwords are updated frequently - A crucial step is to update passwords regularly. Every 2 months is a good benchmark. It’s also important to ensure passwords are strong and unique. For example, if your password is as simple as "ABCDE" or the standard "Password" it amazingly takes a hacker around 0.29 milliseconds to uncover it. A good tip is to see how good your current password is using free online tools.

2) Regular back-ups - In larger organisations, this will be something the IT department carries out. For smaller businesses or sole traders, you may have to do this yourself. While back-ups in the cloud are great, it also pays to back up key documents on removable hard-drives. After all, if your passwords are compromised it is likely hackers will get into your cloud back-ups too.

3) Remind staff not to ignore system updates - Make it your company policy that however inconvenient it might be, when operating system updates appear, install them straight away. The major software companies such as Microsoft are doing what they can to send patches to fix the weak points in their systems that cyber criminals are exploiting. So if you keep your systems up to date, you are at least making it harder for criminals.

4) Educate staff to be careful of suspicious links - If your staff receive an e-mail or link they were not expecting, then they need to be vigilant and report it, rather than click on it. However, this can be hard to spot which is why they need help and guidance.

5) Support staff with regular training - There is a great deal of confusion around what is a system threat and what isn’t. A simple yet efficient option, training can even be done annually online. This will help your staff to keep your systems safe particularly from threats such as scams and phishing.

6) Share stories of cyber-attacks - If you have a company newsletter or briefings then have an item which shares a recent incident you’ve had or one that has been in the press. This helps to keep it top of mind for everyone and reinforce what your staff need to be on the lookout for.

Story image
Check Point exposes Android malware vendor using dark net to rebrand products
Check Point security researchers have exposed an Android malware vendor using a marketer on the dark net to rebrand its products, with the intention of supercharging business and throwing off security vendors. More
Story image
As digital transformation grows in A/NZ companies, misconceptions about their role in cloud security abound
While an 81% majority of A/NZ organisations are accelerating their digital transformation, a giant 99% of surveyed respondents say they believe their cloud security provider provides enough protection, according to a Trend Micro study. More
Story image
Check Point invests in local cloud capabilities in A/NZ
As public cloud usage in Australia and New Zealand grows, the company says it will continue to invest locally to support businesses.More
Story image
Top security threats for 2021
2021 will see several themes develop into full blown security threats, many of them borne from the struggles of pandemic-stricken 2020, writes Wontok head of technology Mick Esber.More
Story image
The current state of ransomware — and its future
Discoveries made by analysts at Sophos have unearthed a new development: ransomware code appears to have been shared across ‘families’, and some of the ransomware groups seemed to work in collaboration more than in competition with one another. More
Story image
Malware variants becoming increasingly prevalent, sophisticated and evolved
"The modern threat landscape and ongoing evolution of malware are loud factors pushing every business to understand and identify modern malware threats and the necessary precautions to take to protect against them."More