Kiwi Businesses Data Security: Are You Playing Russian Roulette?
In recent years, cyber attacks have become an increasingly prevalent issue, with businesses of all sizes falling victim to data breaches and other forms of cybercrime. Unfortunately, it seems that many New Zealand companies are still not taking cyber security seriously enough, putting both their own operations and their customers’ personal data at risk.
Even the NZ Institute of Directors reported that there has been a slip in focus on cyber security as a priority in businesses. In the article, they highlight “There is an ‘it won’t happen to us’ sentiment evident from the survey” proving that too many businesses are caviler about security and clients' data.
One of the main reasons for this lack of attention to cyber security is that many companies in New Zealand still view it as an optional extra, rather than an essential aspect of their operations. They may believe that the cost of implementing robust cyber security measures outweighs the potential risks, or that they are too small to be targeted by cybercriminals. However, this could not be further from the truth. Every business, regardless of size or industry, is vulnerable to cyber attacks, and the costs of a data breach can be devastating, both in terms of financial loss and damage to reputation.
Another issue is that many companies may be unaware of the regulations that they are required to comply with in terms of cyber security. The NZ government has set out a number of laws and guidelines to protect the data of the citizens, such as the Privacy Act 2020, the Unsolicited Electronic Messages Act 2007, the Harmful Digital Communications Act 2015, the Network Security and Cryptography Act 1996, and the Computer Emergency Response Team Act 1996. but these regulations are not always well understood or implemented by businesses.
The problem is also compounded by the fact that many companies are too relaxed about the way they handle sensitive data. They may not have adequate security measures in place to protect customer information, or they may not properly train their staff on how to handle data securely. This can lead to data being leaked through simple mistakes, such as an employee sending an email to the wrong person or leaving a laptop unlocked.
According to a study by the Ponemon Institute, around 60% of small businesses that experience a data breach are forced to close their doors within six months of the incident. Furthermore, according to a study by IBM and the Ponemon Institute, the average total cost of a data breach for a company is $3.86 million, and it takes an average of 280 days to contain a data breach.
In order to protect against cyber attacks and data breaches, businesses in New Zealand need to take cyber security seriously and make it a priority. This means implementing robust security measures, such as firewalls, antivirus software, and encryption, and regularly training staff on best practices for handling data. It also means staying up-to-date with the latest cyber security regulations and guidelines and ensuring that their business is compliant.
It is clear that many New Zealand companies are still not taking cyber security seriously enough. With the increasing frequency and sophistication of cyber attacks, this is a serious problem that needs to be addressed. By making cyber security a priority and complying with relevant regulations, businesses can protect themselves and their customers from the potentially devastating consequences of a data breach.
Cert NZ has a great article titled “Top 11 tips for cyber security” that is worth a read. Ideally, all companies should be following and complying with the ISO/IEC 27001 standards. There is some good data on it here as a one-page document and here if you want to learn more.
Fun fact: A breach notification should be made to the Office of Privacy Commissioner no later than 72 hours after you become aware of a notifiable privacy breach. More info on reporting a data breach and what needs to be reported can be found here
