How to assess the cyber security risk of your business

Taking steps to protect your IT systems isn’t just about keeping your business safe from online threats, but also about safeguarding your customers. With changing ways of working and more employees connecting to systems remotely, having the right protection in place has never been more important.

The recent cyber attack on the Waikato DHB has also been a reminder to many Kiwi businesses about the vulnerability of the technology they rely on for their day-to-day operations. But having robust security isn’t just a consideration for big organisations. No matter the size of your business, if you use IT solutions and have access to personal, financial or intellectual data, you need to consider the potential cyber security risks you’re exposed to.

Cyber security solutions are currently focused on mitigating three main risks: malware, ransomware and phishing. In 2020, cyber security incidents stung Kiwis to the tune of around $16.9 million. And sadly, attacks are on the up, with 7809 cyber security incidents reported to CERT NZ in 2020, the top three reported as being:

• 3410 phishing and credential harvesting reports, up 76 percent on 2019

• 1920 scams and fraud reports, up 11 percent on 2019

• 1560 malware reports, up 2008 percent on 2019

Anti-virus protection and encryption methods can get you so far, but gaps in your protection could still leave you open to malicious attacks. To ensure you’re protected and prepared, a security assessment can help you identify any downfalls and mitigate bigger risk and prevent:

• Data breaches and data loss

• Compliance issues

• Productivity loss from downtime

• Potential negative PR and media exposure

Performing a security risk assessment

Every organisation faces unique challenges, depending on both their data and technology platforms in use. Engaging an IT expert for a security assessment will help you identify and evaluate risks specific to your operations and the data you have access to, and could involve considering things like: 

• Security policies and education for staff

• Passwords and two-factor authentication

• Out of date apps or operating systems

• Access and restrictions to sensitive information

• Data storage and recovery processes

• Anti-virus protection and firewalls

• Use of secure private networks for remote access

• Protection of hardware from theft

• Managing risk with third-party systems

The importance of a security policy

A security policy shouldn’t be a set-and-forget entity. As technology continues to innovate, so too do hackers, who are quick to identify vulnerabilities to tap into unsecure systems. A security audit can help you outline robust policies around things like app usage, file transfers, passwords and identity authentication, but it should be reviewed regularly to align with new risks and changes to software, hardware and wider business operating policies. 

Remember too that not all threats are malicious. Gaps in your security approach can also lead to mistakes made by your own employees which could compromise confidentiality or data integrity. On-going reminders, training and education around protocols are a good way to keep your business front-line protected - especially if remote work is involved.

Keep security in check

An audit gives you a snapshot of where your business is at now, as well as an indication of what level of security and compliance you should be aiming for. As your IT partner, we can run regular security reviews, track your progress and provide recommendations.

Don’t let a security breach be the reason you step up your protection - take action to mitigate your exposure to risk, before you’re faced with it. If you’re concerned about your existing procedures, or think it’s time to put some good policies in place, get in touch. We’ll run your systems through our risk assessment, and help you ensure you protect what matters most to your business.