With more people working from home, Courtney McCullough of Auckland IT firm Think Concepts says not all home WiFi networks are secure and can be easily exploited, especially when linked to personal phones and other devices.
“There are further risks here than just attacks by hackers or cyber criminals; kids or family members using work equipment could inadvertently access private company data or mishandle it on shared devices,” says McCullough
“In 2021 it’s more important than ever for business to be proactive about their cyber risk. From leaked data and loss of consumer trust to total site shutdown, the consequences of unprotected IT systems are substantial.”
McCullough says that with more sophisticated scams, increased remote working, and more data than ever at risk, cyber security must be an ongoing and proactive process that involves the continuous evaluation of systems and people.”
This year, cyber-attacks are at an all-time high, says McCullough, who has outlined the top five cyber security risks for businesses:
- Phishing schemes: Phishing emails lure users to click on links that expose their computers to unauthorized access or introduce malware. In the era of “BYOD” (bring your own device) and cross-device data sharing, employees are gatekeepers of their organization’s data, even when not at work. Awareness, training, and cultivating good IT hygiene practices are vital in protecting everyone from phishing schemes.
- Ransomware: This is a data-encrypting program that demands payment to release the infected data. In 2020 alone, $1.4 billion was demanded in ransom, with an average cost of $1.45 million required to rectify the damage.
- DDoS attacks: Sites or services are targeted with a flood of network traffic, resulting in crashes and inaccessibility. This is sometimes used in combination with a ransom demand.
- Unpatched third-party software: Any cyber service you or your business uses can leave your data vulnerable to threats. In January, the Reserve Bank of New Zealand’s customer data was breached after an attack on a third-party file-sharing service.
- Remote workers: Even if on-site IT infrastructures are protected, remote systems may not be shielded from cyber attacks in the same way.