He wewete pōhēhē haumarutanga tuihono mō te pakihi

Myth busting online security for business

There's a lot of information around about online security, but what's real and what's just a myth? We've rounded up some of the most common misconceptions out there for you.

Aerial view of a woman lying down on a bed with devices and a cup of coffee

It won’t happen to me

It’s easy to think, “it won’t happen to me” when it comes to online security – it’s just something you hear other people talking about, or read about in the news. 

But, online scammers and attackers don’t discriminate. They generally don’t target specific people or businesses. Instead, they cast as wide a net as possible to see who will take the bait. So it’s important to be vigilant, and do as much as you can to protect your business online. Knowing the risks and how to stay protected is what will keep your business safe, not assuming online security incidents only happen to other people.

Common risks and threats for business

The only real threat is phishing

Many people think that phishing – a type of email scam that asks you to click a link and enter personal information, or open an attachment in the email – is the only real threat to be aware of online. While it is very common, it’s not the only threat out there. 

The type of attacks we see happening online change constantly. New threats appear, and existing threats become more and more sophisticated. So it’s important to stay up to date and aware of what the risks are, and how you can protect your business against them.

Top online security tips for your business

Get protected

Only big companies are targeted online

Like we said, scammers don’t discriminate. Big companies, like tech organisations or service providers can (and often do) experience online security incidents. But they’re not the only ones – any business can be targeted by an attack online. 

Small businesses can sometimes be affected by an online security issue if they have a connection with a bigger company. For example, if you provide third-party services to a larger organisation that’s affected by an online security incident, the details they hold about your company could be compromised too, giving attackers a way into your network or systems. 

Online security risk assessments for your business

A good antivirus is all you need to keep your business safe online

Having good security – like antivirus software and firewalls – on your devices is really important, and it definitely helps to keep them safe and secure. But it’s only one piece of the puzzle, and nothing is foolproof. 

What you need to do is build up layers of security to protect your business online. Think of it like swiss cheese; each layer has holes in it, but the holes aren’t all in the same place. So if an attacker gets through a hole in one layer, the next layer should stop them. If not, then the next layer is there as protection, and so on. The more layers you have, the less likely it is that an attack will get through.

Patching and two-factor authentication (2FA) are the two most important things to think about for business security.

Protect your business with two-factor authentication (2FA)

Patching advice for IT staff – CERT NZ

No one will be able to guess your password

It’s easy to think that being compliant with something means you’re protected. Take passwords, for example. Some sites have ‘strength calculators’ designed to check how strong a new password is when you set up an account. But really, they’re just checking you meet the rules set up around creating a password, not how strong or secure the password actually is. It might meet all the requirements – like, ‘your password must be a minimum of 12 characters with a number included’ – but that doesn’t mean it’s a good, secure password. It could still be something that’s easy for an attacker to crack. Make sure your staff know this too!

Create a password policy for your business

Using a password manager in your business

Educating your staff about online security

You’ll know if your network is infected

Sometimes it’s not until something like a ransomware attack happens that you’ll know your network has been compromised. Often, by the time it becomes obvious that this has happened, someone else may have been accessing your network and systems for some time. For example, they could have:

  • been sending emails to your clients without your knowledge and redirecting invoice payments into their bank account
  • compromised your locally-hosted website, and moved from your website into your IT system. 

To help prevent this from happening, keep up with your security protections and consider network segmentation. For example, if you set your Internet of Things (IoT) devices up on a different network to your main business network, it can help ensure the systems you need to run your business are protected.

Secure your small business network

Setting up security is expensive

While the cost of getting good security set up for your business can be off-putting, there’s a lot you can do for free. And, you don’t need an IT security provider to do everything for you either – many of the steps we recommend are straightforward. 2FA is a really effective method for preventing online attacks, and it’s a simple thing to set up. You could also choose to use cloud-based services as they come with security protection built in, giving you one less thing to worry about.

Protect your business with two-factor authentication (2FA)

Using the cloud

Online security is an IT issue

It’s tempting to leave everything to your IT team (if you have one), or your IT service provider. But really, we all need to play our part – online security is everyone’s responsibility. It needs to become a way of life, another bit of ‘business admin’ you give regular time to rather than something you only think about occasionally. The threat landscape changes constantly, attacks get more sophisticated, and prevention methods change.

So, use our practical tips and how-to guides to get an understanding of the risks your business faces, and learn what you need to do to keep it safe and secure online. Remember: it’s much easier to prevent an attack than it is to recover from one.

Know the risks

Get protected