SMEs Must Manage Cyber Risks, Insurance Council Warns


This week is Cyber Smart Week and the Insurance Council of NZ is appealing to small and medium sized business owners to take a look at their cyber security.

Insurance Council Chief Executive, Tim Grafton, said SMEs that manage cyber risks will succeed in today’s modern, digital world.

He said there has been a large increase in incidents reported to government organisation CERT NZ, that provides cyber security advice.

Insurance Council Chief Executive, Tim Grafton

“It drives home just how important it is for businesses to have the right cyber security in place and plan for how they’ll manage their risks if something goes wrong,” said Grafton.

Although many adviser practices are small businesses, Cyber Smart Week also presents advisers the opportunity to inform their SME clients about protecting their businesses online.

As Minister for Broadcasting, Communications and Digital Media, Kris Faafoi, is urging Kiwis to make sure they have some form of cyber protection in place.

Minister for Broadcasting, Communications and Digital Media, Kris Faafoi

“We live in an increasingly digital world, where everything and everyone is connected. Our relationships, our jobs, our finances — everything is online. And, while we all enjoy the benefits of our digital lives, our online security deserves more than ‘set-and-forget’,” said Faafoi.

According to CERT NZ’s second 2018 quarterly report, cyber incident reporting by organisations has increased 143% since Q1 2018. In that period, 507 cyber incidents were reported by organisations. Direct financial losses from all cyber incidents for the period were $2.2 million.

“It’s important to remember that this is just what CERT is aware of,” said Grafton. “$2.2 million is probably a conservative number; there will be many people who don’t report cyber incidents to CERT or may not realise they suffered a cyber attack.”

“$2.2 million is probably a conservative number; there will be many people who don’t report cyber incidents…”

ICNZ recommends SMEs do 8 things to help manage their cyber risks:

1. Make sure all employees regularly update their passwords and don’t write them down anywhere or use passwords they’ve used for other services. Where you have default passwords in use for admin tools, these should be changed. If you can, enable two factor authentication on website or system logins.

2. Buy and install good quality anti-virus and anti-malware software – don’t just rely on what comes default with your system. Make sure you protect tablets, cellphones and any other devices you can that connect to the internet.

3. Change your office WiFi password regularly and don’t leave printed copies of it lying around. Access to your WiFi could open up access to your files and systems if someone dishonest got in.

4. Don’t connect company devices to open or free WiFi networks or install and use unauthenticated apps. These networks allow anyone connected to them to see other connected devices and could make your device a target for hackers.

5. Make sure employees only download apps from the Google Play or Apple stores if they’re conducting any work on their devices. Unauthenticated apps could contain security vulnerabilities.

6. Keep your software up to date. Vulnerabilities in unpatched software make for easy entry for hackers.

7. Set up logs to detect unusual activity and verify any strange business requests you get by phone if you’re unsure of them.

8. Get cyber insurance – cyber insurance covers you for cyber attacks and helps your business get back on its feet faster. With $2.2 million in direct financial losses from cyber attacks last year, it makes sense to protect yourself.

Now in its second year, Cyber Smart Week is New Zealand’s cyber security awareness week and runs from 8 – 12 October. It is organised by CERT NZ, which is collaborating with more than 70 public and private sector partners to help keep Kiwis safe online.