Both scammers and hackers want to exploit you and your business to gain access to your money or private information. To protect your business, it is important that you are aware of common risks and make prevention a priority for all staff.
There are many ways attackers might target your business. Some are more obvious, like if your business loses money or you are suddenly unable to access your online systems. Other attacks are harder to detect, for example, an attacker may use your website or network to attack others. Luckily, there are things you can do to help prevent your business being the target of an attack.
To reduce your chances of experiencing any kind of online incident, everyone in your business needs to be aware of the risks and commit to safe practices. Make sure you set aside time to educate yourself and staff on new threats and regularly check-in with any questions or concerns.
Defence against cyber attacks
Safeguarding yourself from cyber security threats can be easier than it seems. Some simple measures to significantly reduce risks include:
Backing up systems and data regularly.
Encrypting important systems and data.
Keeping all software up-to-date.
Installing security software to protect from viruses and other malicious programs.
Using strong and unique passwords or passphrases across all your accounts.
Top 11 cyber security tips for business — CERT NZ | Get Cyber Smart — CERT NZ | What to do if you’ve been hacked | Storing and backing up data | Protecting business data | Protecting customer and employee information
Spotting a scammer
Scammers are often inventing new ways to try and trick people and businesses. But scams usually have common characteristics you can look out for.
Scams usually start when someone makes unexpected contact with you. This could be in person, by phone, letter or email.
In exchange for money or private information, they may:
make you an attractive offer, eg connections to angel investors if you pay an upfront finder’s fee, or access to crypto currencies
say you urgently need important products/services, eg critical software updates
pretend to be someone they’re not, eg your bank, a supplier or a senior leader within your own business.
If you think you’ve been scammed
Stop all contact with the scammer.
If you’ve provided any financial details, call your bank.
Report the scam.
Train your staff
You can’t blame staff for getting things wrong if they don’t know the rules or understand what the risks are. Take time to educate your staff and make sure all your employees, and anyone else who may have access to your IT systems, are aware of the common characteristics of a scam, how to detect cyber security risks and how to avoid them.
It’s a good idea to:
Get staff to read the content on this page so they are familiar with common risks and how to avoid them.
Make sure staff know when it’s appropriate to share private information and financial details, and with who.
Set policies around payment for products and services.
Set out the dos and don’ts for new staff as part of getting them on board.
Keep regular updates about new security risks and scams.
Create a password policy
Have a cyber security policy.
Cyber security awareness for your staff — CERT NZ | Create a cyber security policy for your business — CERT NZ | Create a password policy — CERT NZ | Four simple steps to help your staff get Cyber Smart — CERT NZ
Common scams and how to deal with them
Here are some common ways scammers and hackers may target your business. But remember, different scams are always being invented. A good rule of thumb is if a deal sounds suspicious or too good to be true, it probably is.
Malicious spam emails
What is it?
Any unexpected email from someone asking you for money or personal information.
What to do:
Don’t reply — if you do, it confirms your email address is active and ready for further ‘offers’.
Don’t open attachments from senders you don’t know — the same goes for clicking on links, which can infect your computer with malicious programs.
Don’t forward hoax emails — if you get an email that looks like a hoax, it probably is.
Note: If you do receive an out-of-character request for private information or money from a sender you recognise, it always pays to verify with senders over the phone.
Steer clear of hoax emails
Hear tips from Paul Macpherson, head of security at Xero, on how you can stay safe when you use email — the vital tool many businesses rely on.