30 September 2021

A number of prominent New Zealand businesses have been subjected to cyber attacks in some form over the past year, including the Waikato DHB, ANZ, Kiwibank, New Zealand Post, Inland Revenue, the Stock Exchange and the Metservice.

Cybersecurity threats have undoubtedly grown since the start of the COVID-19 pandemic. An increase in remote working during lockdown periods can create additional vulnerabilities in otherwise secure internal computer systems.

Basic security measures that might have been adequate previously may not be enough to address these threats moving forward.

So how do you protect your business against cyber attacks? We’ve outlined some practical tips below.

Train employees

Unfortunately, it is not uncommon for employees to inadvertently give cybercriminals access to a company’s networks. Therefore it’s crucial that businesses train their employees on ways to protect valuable data, and set this out in an easy-to-understand information policy.

All employees should be trained in how to handle business information securely whether working in the office or at home, and they should know what steps to take if a cyber security incident occurs.

Ensure employees know to look out for strange email addresses, misspellings, or dubious-looking formatting, and think twice about opening attachments from people they do not know.

Vigilant employees can be a business’s best protection against information security threats.

Back up your data and install updates

Backing up your business’s data will help you recover any information you lose if you experience a cyber security incident. It’s essential that you back up your most important data and information regularly. It’s a good idea to use multiple back-up methods to help ensure the safety of important files, and that you regularly check that you can restore your data from the back up.

It’s best to back up your data through a cloud storage solution. It should use encryption when transferring and storing your data, and provide multi-factor authentication for access.

Keeping devices and software up to date is another simple and effective method of protecting against cyber attacks. Running regular updates will not only fix bugs, they will also fix weaknesses and vulnerabilities. It’s these vulnerabilities that attackers target to gain access to your devices and data.

A good way to stay on top of updates is to set your system preferences to install updates automatically so that employees don’t have to do this manually.

Use strong passwords

Many people stick to a few different passwords that they repeatedly use. The problem with this is if an attacker obtains access to one of your passwords, it can help them access your other accounts as well.

Make sure your employees protect company information with unique passwords that are long and strong. It’s best to use a different password for every online account. Using a short phrase or adding a few random words together to create a passphrase is usually more secure than a standard password. Adding a mix of letters, numbers and symbols will further strengthen the passphrase, and make it harder to guess.

Password managers are particularly useful when using multiple strong passwords, as they can generate these and sync them across your devices to make it even easier to log in. You only need to remember one password to access the manager, which securely stores all your usernames and passwords.

Enable multi-factor authentication

Multi-factor authentication (MFA) – also known as two-factor authentication (2FA) – can help to protect your online accounts from attackers. It provides an extra level of security by requiring an authentication code as well as the user’s email address and password to verify that the person logging in is who they say they are.

You can choose to have a code sent to or generated on a device, like your phone, that you then use to authenticate who you are when you log in. That way, even if someone gains access to your account password, if they don’t have your phone to receive the code they won’t be able to get into your accounts.

Businesses should activate multi-factor authentication on accounts where valuable data is stored, such as email, CRMs and accounting systems.

Consider cyber insurance

Business owners without cyber insurance can end up suffering huge financial losses if they experience cyber attacks and data breaches.

Depending on the policy, cyber insurance can cover costs such as revenue loss, business disruption, legal fees, equipment damages, forensic analysis, and public relations expenses.

When looking for cyber insurance, businesses should seek trusted providers with proven experience in helping businesses understand and calculate their cyber risk.


For further guidance about protecting your business from risk, speak to a Nexia advisor. You can find our general contact details here: nexia.co.nz/contact-us

Find updates