Cybersecurity attacks - what to do

Cybersecurity attacks on businesses are becoming more commonplace. It doesn’t matter how big or small your firm is, make sure you’re doing everything you can to keep it safe by protecting your data, network, customer information and your reputation. Find out more about how you can protect your business from a cyber attack. 

What you need to know

Report any cyber security issue that you’re experiencing to CERT NZ and your insurer. CERT NZ will help you identify the issues and let you know what the next steps are to resolve them.

Manually check financial details

A lot of business takes place over email, and it can be hard to tell when an email sender or recipient’s behaviour is ‘phishy’. If you’re doing business online and you get an unusual or unexpected request, check it manually before you go ahead with the transaction. This means checking the request with the person or business you’re dealing with through another channel — by phone, for example. Having manual checks will prevent you and/or your clients from getting caught up in online fraud, like invoice scams.

Practical steps

Have a clear process for how you make sensitive business transactions or changes. Determine what’s sensitive for your business, like a monetary threshold or a high quantity of goods, for example. Make sure these thresholds are clear, so your staff know when to raise a red flag.

Use a separate channel of communication to verify a transaction or change before it happens. For example, if you’re doing business over email, follow up with a text message or phone call.

Have a clear point of escalation for your staff. For example, if a staff member receives an email that looks like it’s phishing, make sure they know what to do. Put a process into your incident response plan. Your process should include reporting it to CERT NZ.

If you or your practice have been targeted by a cybercriminal and are being asked to pay a ransom, you should report this to the appropriate agency:

  • Ransomware attacks are a criminal act and should be reported to NZ Police using their online reporting tool
  • CERT NZ can provide advice to victims who have been attacked and assist them in working out what they do next. Reporting incidents to CERT NZ also helps New Zealand keep track of cyber security trends.

If you are looking for up-to-date information and resources to assist with ensuring cyber security, CERT NZ has a range of articles and guidance on this important area.

Understanding your weak points

To best protect your systems and data, you need to identify and address your vulnerabilities and your important assets.

To work out whether you are doing enough to protect your practice from cybersecurity incidents, go through CERT NZ’s cybersecurity risk assessment guide. The guide will help you better understand both your business processes and the systems and data that are important to secure.

Thank you to NZIA for this information.