Protecting your IT when employees leave in difficult circumstances

So it didn’t work with your newest employee, in fact it didn’t work out would be an understatement…they left under quite a cloud! 

A recent Symantec study states that “half of the employees who left or lost their jobs in the last 12 months kept confidential corporate data and 40 percent plan to use it in their new jobs.”

  • You’ve got the work laptop/computer back, but have they deleted things?
  • How do you know what they were doing and looking at before they left?
  • They used their own devices for work, do they still have their work material?

What to do when employees don’t leave on the best terms

The vast majority of staff finish employment and move on with no issues. But occasionally people leave in less harmonious circumstances, or they are just plain dishonest. We’d like to cover off on some of the basics to ensure that your risks are minimised for if, or when, this happens to you.

Importantly, it makes a big difference what systems you use and how you are set up, so keep that in mind. For the purposes of this simple article, we assume you are a small to medium kiwi business, with a fairly simple IT setup, using one of the lower-level Microsoft 365 licences for your email document storage and sharing.

Set up the employee properly when they join and have proper security

To get the best outcome when an employee leaves you need to start when they join the company. 

Practice ‘need to know’ access to systems and data:

  • People only get access to what they need for their job
  • This includes ensuring your work, documents, emails, etc are protected by permissions appropriate to the user. If they don’t need access, they don’t get it!

Set up an off-boarding system

The obvious (we don’t want to tell you how to suck eggs with your HR, but people sometimes don’t do these things, or forget) things to do when the person leaves:

  • You probably have an induction process when someone joins, but do you have an off-boarding process for when people leave? 
  • Ensure the off-boarding process is promptly followed. 
  • Ensure the off-boarding is responsive enough to handle an employee disappearing at no, or very little, notice.
  • Promptly close off email and other systems access.
  • Promptly close off remote access.
  • Take back company owned devices.
  • Ask specifically if there is any company data in their possession and if so, make a plan with them for retrieving it.

 The not so obvious things

Of course IT being the mysterious being it is to most of us you might not consider the less obvious things to do:

  • Don’t let people use personal devices for company work – give them the tools they need, and ensure those devices are properly set up by your IT.
  • Setup your business so that ALL work data/information is only ever stored in company systems. Do not allow people to save work anywhere else. Make sure they have a company owned folder they can save drafts and working documents to, if this is needed.
  • Have remote wipe enabled, meaning you can remotely wipe the data from any devices they have accessed. The next time they connect to the Internet, the data is wiped.
  • Review activity logs; these are detailed, but can give you a picture of what the person was up to.
  • If they delete emails or files, systems like 365 and Dropbox Business keep files for a ‘retention’ period and during this time you can restore them.
  • Use a company password manager such as LastPass so that people actually don’t know their passwords, so if they leave you (or your IT support) remove their access and they can’t get into anything.

Use technology to protect your organisation

If you are on a lower level 365 licence, such as Exchange Online, Business Basic or Business Standard, then talk to your ITA partner about the benefits and costs of moving to a higher licence with more security features such as 365 Business Premium. For example, configure 365 to prevent bulk downloading of company data, etc.

In summary

Put in place protections now, so that you have them there before you have a problem. Once the person has left, it is often too late. In general, these suggestions are a good place to start with ensuring your business is protected. 

If you need a hand with any of these steps get in touch with our team at Ultra IT.

Routers = Security + Speed….

More then just that flashing box, lighting up like a disco in the corner of the room, routers play a particularly vital role in keeping your business safe, and your data secure, as well as creating efficient, and safe remote working conditions.

Here we look at the role of the router, and what you can do to ensure you have the right one for your business.

Think of your router like an important Traffic Officer only allowing approved content in and out of your business.

The difference between an entry level router and a higher quality router, that we can provide is a lot. Sometimes it pays to think outside the box, and not just take the router provided for free in the box.

Top reasons why you need a good quality Router:

  • Determines the speed with which your internet will work.
  • Speed determines the productively of remote workers.
  • A good quality router means that multiple people can work remotely at once.
  • Ensures you can connect to the office remotely.
  • Controls what sites are allowed to be accessed during work hours.
  • Allowing access to other content to protect data loss from staff.
  • Adding additional security features from software such as intrusion protection.
  • Prevention from attacks like denial-of-service attack, designed to cripple your router, or make it just give up and let hackers in.
  • Keeps your business safe from Cyber-attacks
  • Ensures that accidental clicks from staff on content does not cause a security issue.

Security and Routers:

When it comes to security, it is a good idea to take preventative measures. This is where the best secure routers come in, and where we can help you a lot with the right IT hardware. A router with built-in security controls and services that monitor your network around the clock is going to save you a lot of potential headaches. With your router protecting your area of coverage, your devices and your network safe.

SECURITY TIP

“You must always change the factory default password for the router and ensure that the firewall and other security features are in fact enabled”.

Ever been confused by the codes that come up when you go to log in to your network?

WPA2 and AES are the best settings to secure your Wi-Fi from hackers. Remember that if a hacker is able to breach your network, they could steal important information, like bank details, or even your identity.

We strongly suggest against using an open network. An open network means you won’t have a password, so anyone can have access to your Wi-Fi and all of your devices.

Make sure to apply WPA2 to your router for improved protection of your online information.

In Conclusion:

Routers can be complex and can create harmony or havoc depending on the route you choose to follow. Buying a router with the highest security is crucial to protect your network.

Remote working conditions are the new normal, which means that many of us may need to upgrade our home routers too.

By speaking to our team, you could find quick connectivity and security gains with an upgraded router. In the end this can save a lot of time and money, as well as keeping your business safe.

The Risk of Abandoned Domain names

One of the first things we all do is business owners is ponder our business name and what our domain name will be.

As our business evolves, sometimes we upgrade our business name, and our website. However, before you abandon your old website there are a few things that you need to know.

When you set up your Web presence, you select a domain name, and it’s part of all your URLs (FYI: URL stands for uniform resource locator).

For example, you are an accountant who specialises in small businesses in Whangarei, so you pick the domain name beancounter.co.nz for your business. Your emails come from Chiefbeancounter@beancounter.co.nz. From there you start building web traffic for your thriving accountancy firm.

You may even think ahead and purchase some similar domain names such as beancounter.com, or some similar names to redirect traffic and avoid losing customers to misspellings or typos.

The domain name is the basis of your business and is the foundation from where you grow. As you build the business, you may expand to new offerings and provide additional services that are beyond the scope of what you started with. For example, maybe you now also offer business counsulting so you need a more generic and umbrella type of term.

Before you abandon your old domain name  – WAIT!

Why domain names get abandoned:

  • If you have multiple domains, that can be a lot of small renewals to track and pay. Along the way, a domain renewal can easily get overlooked. So, the domain name is abandoned.
  • Domain names can also get abandoned as a result of a business rebranding or company restructuring.
  • You may decide a domain is no longer worth continued renewals.

The security risk of abandoning a domain name:

 After you stop paying for your domain name and after a certain grace period, anyone can buy that abandoned domain name.

Whilst on the face of it that doesn’t sound that bad, I mean you’ve moved on from just being a bean counter and you want to expand. You didn’t want that old domain anymore…right?

Heres the problem, you just don’t know who might snatch up your old online calling card. Bad actors buy up abandoned domain names and re-register them with catch-all emails.

What’s a catch-all email? Well, remember Cheifbeancounter@beancounter.co.nz? That was you. But maybe you also had distinct emails for accounts, sales, support, office, Mary and James. All of these were going through Beancounter.co.nz.  If someone emails someone at the previous domain owner’s business, it goes instead to the new owner. Having seized control of your old site, they gain access to all incoming emails, and they could see information you don’t want them to see.

The bad actor could also access online services once used by mary@beancounter.co.nz. All they would need to do is reset the password to hijack that account.

Security researchers have seen criminals claim abandoned domains to:

  • access confidential email correspondence;
  • access personal information of former clients and current or former employees;
  • hijack personal user accounts (e.g. LinkedIn, Facebook, etc.) linked to old domain e-mail addresses.

What to do with domain names:

Especially if you use a domain name for email, don’t let the renewal expire. We didn’t even mention pirates who look for business websites that have lapsed so they can charge exorbitant ransoms to return that domain.

When you move to a new domain address, communicate the change with all your clients and vendors. Close any cloud-based user accounts registered with the old domain email address. Also, unsubscribe from email notifications that might share sensitive data.

What to do next:

Not sure about your domain name registrations, renewals, and what’s set to expire? We can help you with this. We will make sure you don’t abandon domain names, and ensure you close any associated accounts properly to protect your security. Contact our team here.

Why you need a Password Management system

Why is a Password Management system important for Northland businesses?

With the increased need for security, and rising Cyber Security threats, it is imperative that all businesses in Northland have a strong password management system.

80% of data breaches are caused by weak, reused or stolen passwords

A password management system is able to store encrypted passwords online, making digital security accessible and simple for businesses to manage the passwords for all employees.  

In today’s world, most Northland businesses have dozens or even hundreds of passwords for different employees with different accounts, profiles, and applications.

#1. Generate secure, fool-proof passwords

With 80% of all data breaches happening because of weak passwords, having a password management system is crucial.

If you want to ensure your data safety, you must use complex passwords that include a combination of letters, numbers, symbols, and uppercase/lowercase.

A password management system will automatically generate fool-proof passwords based on your specification. This ensures you always create extremely secure passwords, thus avoiding hacks.

This also prevents your employees using generic and basic passwords such as their dogs name, or date of birth, and lets the password management system create a unique password that has all of the factors required for high security, including symbols, upper and lower case, numbers.

Let’s face it, it is much harder to hack KiUR&*!RTQ then it is Snoopy1222!

#2. Eliminate employee password reuse:

With a password management system, passwords are automatically updated and renewed with the integrated. This ensures employees practice good password hygiene.

#3. Manage passwords from one place:

There is nothing worse than trying to keep tabs on every employee’s passwords. When a staff member is on leave, the last thing you want to do is try and find the post-it note they left with the login details.

Similarly, if a disgruntled employee leaves and takes their passwords, this can create an unnecessary headache.

With a password management system, you can easily give every user their own personalized vault, while maintaining oversight of all passwords with an admin dashboard.

#4. Protect your sensitive data:

Keep everyone’s credentials, notes, and information safe using the password management system.

#5. Admin functions make managing passwords a breeze:

Have multiple employees working on a particular app? No problem. With a good password management system, you can securely share credentials where employees and clients require access and organize shared credentials by Groups.

Admin functions may include (depending on the system you use):

  • Instantly add and remove team members.
  • Safely share passwords with others.
  • Give each employee their own vault for safeguarding passwords.
  • Store digital records: WiFi logins, software licenses, employee IDs, and more.
  • Set security controls and restrictions based on your team’s needs.

#6. Notification of a data breach

A password management system will constantly monitor all of your email addresses and sends instant alerts whenever it suspects that your data has been compromised. This allows you to act promptly and change all the necessary passwords, thereby preventing your information from being used by hackers and identity thieves.

#7. Multifactor authentication for employees

Another feature available in most password systems is that is multifactor authentication. This provides a second layer of security to verify the user’s login, usually in the form of fingerprint verification, one-tap mobile notifications, SMS codes, etc. This can be used to ensure the highest levels of security in businesses.

Which password management system is right for you?

There are a number of password management systems available. Finding one that is easy for your team to use, economical and with a long track record is imperative. To find out more information about which system is right for you, please contact us here.

Top IT Tips for 2022

Top IT Tips for 2022

A New Year is a definitely a chance to kick things off the way you mean to go on.

For Northland businesses, we have compiled some key IT tips that can help your business to thrive.

#1. The Remote mobile working office is here to stay:

If Covid has taught us all one thing, it is the need for flexibility around how we work. Agility is fast becoming one of the key differentiators of a business’s success. Creating easy ways for your team to communicate by enabling an all-in-one solution for communication, collaboration, will ensure that you stay connected and productive.

#2. Security, security, security!

We know we say it all the time, but Cyber threats aren’t going anywhere. Keep the focus on security in 2022, as every business, no matter the size is at risk. Don’t risk losing time and money to a data breach or ransomware, instead talk to your IT company about the following:

  • Getting a cybersecurity audit done.
  • Securing all email.
  • Have notifications for remote workers to know when they are connecting to unsafe networks.
  • Put a disaster recovery plan in place.
  • Ensure backups of all data are secure.
  • Implement a password management system.
  • Prohibit third-party apps on work devices.

#3. Make sure I.T is in the 2022 budget

In this era, I.T is an area where you don’t want to be taking shortcuts. Budgeting for your I.T is a wise move to ensure that you have continuously upgraded internet access, software and hardware upgrades as required. Unreliable internet service can cause downtime that has a run on effect with productivity, and can even lose your business valuable clients. Skimping on your I.T budget can lead to much bigger costs further down the road.

#4. Safe and Professional Email addresses

This might sound basic, but if you haven’t already shifted to a professional email, 2022 is the time to do this. Using a gmail account or similar doesn’t make a professional first impression, and more importantly is a security risk. We can easily help you to upgrade to reliable business-grade emails. Our team at Ultra IT can easily help you to navigate this.

#5. Audit your Equipment

Taking time to do an audit of your current technology, and how it is performing can identify any potential problems and streamline processes. There are still some supply issues with computer hardware, so make sure you are aware of what your business is likely to need in 2022, including any new employees, plus upgraded equipment, so you can plan ahead. If you can give us as much notice as possible, we can make sure that we do our best to source what you require.

#6. Partner up with a managed service provider

Now is also a good time to hire a managed service provider. Partnering with an IT professional helps you make good technology decisions that can ultimately save you a lot of money. Getting advice from industry experts who understand the increasingly complex world of technology, security, and optimizing IT resources is an investment that ends up being a lot more economical then having the ambulance at the bottom of the hill.

Don’t worry if all of this feels overwhelming, our team at Ultra IT can offer you many options to help you have a stress free year with IT in 2022. If you would like further information, please feel free to contact us here.

The Christmas IT Checklist

2021 may be the Christmas that we all collectively exhale and exclaim “Thank goodness this year is over”.

However, before you rush out the office door for Christmas time, mistletoe and wine, here are a few quick IT tips, to ensure you have a relaxing break.  

Every season you’re going to need good support from IT professionals. Keep your technology in tip top shape, and you’ll have a happier holiday season. A few preparations before leaving for Christmas holidays, will ensure a relaxing time for all. Here we help you with a quick check list:

Staffing and training:

Have you got your organization covered over the Christmas and New Year period? While everyone rushes off, it pays to ensure that your organization has adequate staffing levels, and/or availability of key resources. 

If you are working on a skeleton staff, make sure that there is a backup contact in case of any information security or cyber incident. Also make sure that the staff running the show, actually know what they are doing! Many a security event has happened when staff are not adequately trained.


Business Continuity Plan:

This is also a good time to review your company’s disaster recovery/business continuity plans, to ensure they cover these scenarios:

  • Contact information for key people e.g. staff, suppliers, authorities, couriers, support.
  • Clear descriptions of responsibilities for individuals
  • Making important information readily available such as alarm codes, building access codes, passwords.
  • Have passwords and codes changed and has your plan been updated to reflect this?
  • A process for communicating important messages to your customers

Out of Office on:

Nothing irritates customers more then not getting a quick reply. Be sure to communicate your office hours clearly to your customer, along with clear back up contact numbers.

Start telling customers your availability as soon as possible. Communicate it via as many avenues as possible:

  • Social Media.
  • Email communication.
  • Invoices.
  • Posters.
  • Ensure customers receive clear contact details, back up numbers, email contacts and clarity around dates.
  • Make sure your Email out of office is switched on (possibly for external emails only), and your message is clear.
  • Add a temporary message to your mobile phone so you are not disturbed.
  • If you run social media accounts, consider archiving them for a few weeks so that you don’t have to ruin your summer monitoring social media.

Update and upgrade IT

If Christmas is a busy time for you, ensure that your technology can handle more traffic. Review system integrations to make sure front-and back-ends can communicate smoothly. Identify any issues or bottlenecks in advance to be able to upgrade or update any IT that needs help.

If you do need major IT upgrades or system changes, postpone them until after the holidays. Don’t mess with what works right now if you don’t have to do so.

Safeguard business data

Unfortunately, cyber criminals don’t seem to take a holiday. In fact, holiday season is a ripe time for cyber-attacks, as people are distracted.

In 2020, the greatest number of daily attacks in the last quarter of the year were on December 31.

Make sure you are protecting systems, detecting threats, and defending against attacks. A security assessment can help determine what you are doing well and could be doing better. Please contact your Ultra IT team member to discuss your specific concerns.

Social Media

Beware what you share!

Whilst social media is a great tool to share holidays snaps, it pays to remember Social media can be difficult to keep these connections private, with a potential audience of…um… the entire world! The impact on the privacy of your devices, your sensitive information and even your personal security plays as a key disadvantage of social networking.

There is an abundance of fake accounts, trolls and fraudsters online, who seek to obtain and collect your personal information for possible criminal activity. Be strict with your privacy settings and be vigilant of the things you post. Avoid accidentally sharing information that could hint at:

  • Login Details – email addresses, usernames and passwords. For example, potential answers to security questions ‘What was your first pets name”
  • Promoting that you’re out whilst your house/workplace is unoccupied

In conclusion…..

If it is a slow time in your office, it can also be an ideal time to clear out old data and perform maintenance on PC’s such as clean the dust, move old data, and clean up user information. Take a break!

Some people will be working over the Christmas and New Year period, and if you are we’d like to THANK YOU for keeping the country running and services/goods flowing!

But for those of us who are taking a break – PLEASE – make sure you do get to switch off and have a real break away from your business / mahi. We all need to switch off for a while every year. Be well, stay healthy and return ready for an awesome 2022!

Plan to refresh your IT/Online strategy

Things are moving so fast, and IT/online technologies are moving faster. What opportunities can you create, or gaps can you plug, with a smart IT/online strategy?

Ponder on this and give us a call in the new year to discuss how information, communication and online technologies can serve you. The team at Ultra IT wish you a happy Christmas and a wonderful New Year.

Cyber Insurance – Do you need it?

Cyber Security is a very real threat to businesses in New Zealand these days. Here we look at Cyber Insurance, what it is, what the laws are, and why you need it.

Why do you need Cyber Insurance?

Cyber attacks on businesses in Northland are increasing in both sophistication and frequency.

High profile companies like Air New Zealand partner Travelex, Fisher & Paykel Appliances, Toll Group, Garmin, Canon, Honda, BlueScope Steel, Lion, transport giant Toll Group, Twitter, MetService and most recently even the NZX, are just some of the organisations to have been targeted by cyber criminals.

However it is not just the big companies, many small businesses here in Northland are also being targeted.

It really is a matter of ‘when not if’.

What is Cyber insurance?

Cyber insurance is designed to fill the gap that traditional insurance policies don’t cover, minimising the impact of cyber incidents by providing cover for your own loss and third party costs. It provides your business with a structured crisis response plan and assists with returning to ‘business as usual’.

Won’t my general liability policy cover cyber liability?

General liability insurance covers bodily injuries and property damage resulting from your products, services or operations. Cyber insurance is often excluded from a general liability policy.

It pays to check your current policies and ask questions. You may find that your other business cover won’t respond to a cyber or data breach claim.

The law has changed:

The new Privacy Act 2020 which came into effect on 1 December 2020 means that all businesses now have legal requirements surrounding

The new Act requires mandatory data breach reporting if it’s reasonable to believe that the breach would cause serious harm to an individual. For example: If you’re engaging with a service provider to hold your clients’ personal data, for example a cloud-based CRM system, you remain responsible for the security and use of that personal information. If a Cyber breach were to occur, you would be held liable.

What does Cyber Insurance cover?

Ensuring business continuity and safeguarding your business from Business Interruption will enable you to return to the same financial position you were in before a Cyber event.

  • The benefits of Cyber Insurance will depend on the type of policy you take out but can include:
  • Access to a dedicated and experienced team of experts if an attack occurs
  • Protection from loss where you are legally liable to others
  • Cover for your financial loss if your business is interrupted due to a Cyber event.

Things to look out for in your Cyber Insurance policy:

  • Business Interruption: Look for a policy that covers the costs of any business interruption as you can lose time and money trying to get your business back up and running after a cyber attack.
  • Hacker Theft Cover: A plan that covers compensation for loss incurred, including theft or destruction of stored data, hardware, or cyber extortion from employees.
  • Restoration costs: Compensation for expenses incurred to research, replace, restore, or recollect digital assets during the period of restoration.
  • Public Relations: Reimbursement for any costs involved with public relations.
  • Network Extortion: Indemnity for the amount paid to avoid, defend, preclude or resolve a network extortion attempt
  • Data Forensic Expenses: Costs incurred to investigate, examine and analyse a computer network
  • Third-Party Liability: Indemnity for the sums claimed and incurred defending claims in relation to alleged privacy breaches, network security wrongful acts or media and social media wrongful acts.

What is the likely cost of Cyber Insurance?

Like most insurance, premiums vary by insurer, the type of cover selected and your risk profile. As an estimate a policy with $100,000 cover could cost as little as $600 per annum.

All businesses need a security plan to protect their business and they should consider a Cyber Insurance policy as an essential part of this plan.

What else can you do in the war against Cybercrime?

There are basic things that you can do to ensure good Cyber security. In this recent blog we share some top tips for your company.

Top tips to avoid cyber security threats:

CERT NZ has a number of useful and practical resources for businesses on keeping systems and data safe from cyber security attacks, including cyber security risk assessments for business, cyber security awareness for staff, phishing scams and your business and protecting your business online.

CERT NZ offers the following tips for simple, practical steps for businesses:

1. Install software updates

2. Implement two-factor authentication (2FA)

3. Back up your data

4. Set up logs

5. Create a plan for when things go wrong

6. Update your default credentials

7. Choose the right cloud services for your business

8. Only collect the data you really need

9. Secure your devices

10. Secure your network

11. Manually check financial details

For more info and links click here:

So in Summary….

Cyber Security is a very real issue facing business owners these days. If you would like to discuss your individual needs, we provide security assessments to ensure that your business has the best protection.

Please feel free to reach out to us at support@ultrait.nz

Upgrading to improve productivity & Security:

It’s hard to know where to start when prioritising the upgrade of hardware. Here are the top things we see that businesses could upgrade to improve productivity and add security.

Upgrading those ‘old school’ phones

First, let’s start with those traditional landline phones. Sure, they’ve done their job well for decades, but switching to Voice over Internet Protocol (VoIP) has many advantages. Don’t overlook the benefits of:

  • streamlining voice and data services to save on bills and long distance;
  • employees using VoIP communications wherever they have access to an internet connection;
  • accessing features such as call waiting, screening, recording, auto attendant, and voicemail transcription;
  • gaining greater flexibility to scale up and down as needed so you don’t need to pay for phone lines you don’t need;
  • integrating calls with customer relationship management software for better data insights.

Saving, Sharing, and Revising Documents

Next up, those filing cabinets. For one, they may be an eyesore, plus, they’re taking up valuable real estate in your space. Today, many printers allow you to scan many pages at once and easily scan documents into content management software.

Moving to online document management also opens you up to many productivity gains. The software often supports optical character recognition (OCR), which makes scanned content searchable. Plus, the documents are available online, where and when employees need them. This is helpful in remote or hybrid work setups, but it also helps ensure you have a backup of critical documents if disaster strikes.

If you’re still filing documents in cabinets, you may have paper-based processes, too. Forms and folders get passed around for different people to sign off at various stages. This makes it easy for workflow to bottleneck or, worse, for documentation to get lost in the physical shuffle from place to place.

In a step up from this, a business might at least move documents around via email attachments. Everyone gets a chance to see the document and make comments. Then, some poor soul takes all responses and correlates them for the next round of revisions.

Replace these old-school approaches with online business tools built to enable collaboration. Microsoft 365, for example, allows people to work on documents at the same time. There are no more worries about version control, and everyone can track the file’s progress.

Enabling Remote/Hybrid Work

Cloud-based collaboration software not only helps with document exchange. Microsoft 365 also allows users to communicate efficiently via the Teams channels. They can also start video meetings, share screens, and co-work on files and PowerPoints. Plus, integrating Outlook contacts and calendars helps efficiency and scheduling.

All this helps support employees working remotely or coming into the office only some of the time. With online documents and databases, everyone can get work done without coming on-site. Plus, VoIP business calls forward directly to phones or laptops for seamless communication.

Put Away the Post-its, Too

One last thing we’d love to see people replace in their offices? Those Post-its with handwritten passwords stuck to the bottom of computer monitors or oh-so-stealthily under the paperclip organizer in their top desk drawers.

We all have many passwords, and we understand the impulse to write them down, but a safer strategy is to use a password manager. A password manager stores, generates, and manages passwords in an encrypted database. A password management solution – such as Keeper, LastPass, or LogMeOnce – is more cyber secure than that sticky notes.

Feel free to reach out here to discuss any questions you may have about your individual business needs.

Written by Gill Brown

Cyber Security: Expect the best – prepare for the worst!

Cyber Security – “It will never happen to me!”

“Expect the best –  prepare for the worst”

Paul* runs a medium sized business in Northland.  He honestly never thought that he would be the victim of a cyber-attack. After huge expense, and lost productivity, he now speaks to anyone that he can about the importance of sorting out cyber security.

“I just wish that I had taken the time to get it sorted, as it’s so simple and yet it had such an impact on our business, costing us money in lost productivity”

Whilst we don’t want to scare anyone, cyber security is a huge concern for our clients right across Northland. Here are some recent statistics:

The weekly average number of ransomware attacks detected in June of 2021 was more than 149,000. A year prior, it was only 14,000 – making an increase of 966%!

(Source: Fortinet’s FortiGuard Labs 1H 2021 Global Threat Landscape Report)

Most companies now recognise the urgency around sorting out cyber security, however, these are still some common objections that we hear:

Top Four Reasons New Zealand businesses don’t sort out their Cyber Security:

  1. It’s just not a priority.
  2. It will never happen to me, as it only happens to large overseas companies.  
  3. It costs too much money.
  4. I don’t know where to start.

#1. It’s not a priority:

“It’s just not a priority for me right now, and I don’t have time to deal with all of that!”

Believe us when we say, we hear this often from Northland companies. We totally get it. You are doing a thousand things, time is precious, and cyber security just feels like another overwhelming ‘thing’ to take care of.

Many of our clients have felt the same way. What they have found however, is that the time it requires to be on the front foot and take care of security is far less time than it takes to sort out issues caused by attacks.

In fact, we often hear from clients who wish that their I.T provider had warned them, nagged them, and actually made them sort it out!

By the time they have had an attack, they come to us with days, weeks, and even months of lost productivity, plus the costs of having to sort the issues out.

“There was this horrible moment when I realized there was absolutely nothing I could do”

Amy Pascal, the former co-chairman of Sony Pictures on the cyber-attack on the studio that revealed her private emails.

#2. It will never happen to me:

“I’m putting my head in the sand and covering my ears singing lalalalala.  Cyber security attacks only happen to big companies – and definitely not here in little old New Zealand.”

We all want to think the best about life, and positivity is wonderful. But sometimes it is best to ‘expect the best, but prepare for the worst’. 

We know you are a great person, you work hard, and you live in New Zealand. However, Cyber-attacks do not discern where you live, what industry you work in, or how nice a person you are.

Cyber-attacks prey on those that are overly trusting, can’t be bothered, and think that it will never happen to them.

“If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.”

Richard Clarke – White House Cybersecurity Advisor 1992-2003

#3. It costs too much money:

“Sorting out my security costs too much”

Let’s break this down a little. What are the actual costs of a Cyber-Security attack?

  • In the UK, the average cost of all the cyber security breaches these businesses have experienced in the past 12 months is estimated to be £8,460.
  • For medium and large firms combined, this average cost is higher, at £13,400
  • 35% of businesses report being negatively impacted because they require new post-breach measures, have staff time diverted or suffer wider business disruption.

(DCMS Cyber Security Breaches Survey 2021).

Plus, there are the other costs like:

  • Loss of reputation
  • Loss of productivity – meaning clients may have to go elsewhere for a while until you get sorted out. They may not come back.
  • Loss of good faith and trust in your company especially if you are involved in confidential information.

The cost of taking the most prudent and essential steps might be a lot less than you think. By getting a couple of things done, many businesses could significantly increase their level of safety.

#4. I don’t know where to start…

“I’m confused, overwhelmed and have no idea where to start!”

We hear this often from clients and we absolutely understand how overwhelming it can all feel.

Here at the ITA, we have years of experience of looking after cyber security for many different companies, across varying sectors. 

The first step is for us to make a time to sit down with you for a complimentary chat, specific to your business.

This is a great starting point in order for you to get an overview.

Once we’ve discussed your individual needs, we can devise a plan together, working out what your priorities are specific to your business, any legal requirements surrounding security, and a budget and time-frame to instigate this plan.

Too easy!

Contact us here to make a time to have a complimentary chat about your own security requirements.

(*Name changed for confidentiality)

Feel free to reach out here to discuss any questions you may have about your individual business needs.

Written by I.T Alliance