The risk of falling victim to a cyber-attack increases as companies become reliant on technology. Cyber security is now seen as a known risk that can affect not only the current business but impacts future planning for any business. It’s now seen by most leaders as a critical consideration for business continuity at all levels of the organisation.
Factors considered part of normal risk planning should include policies that consider:
Password and data security ideally employing latest technologies such as Multi-Factor-Authentication.
Cloud Security, a policy outlining cloud-stored data security and associated responsibilities.
For up to date information provided by the New Zealand Government on the effects of Covid-19 on security, please visit The New Zealand National Cyber Security Centre
For information on the proposed changes to the Privacy Act Visit the New Zealand Business page, and the Ministry of Justice and NZ Parliament pages. Current proposed changes: The New Zealand Privacy Bill
Questions you could be asking to understand the risks, and now even more important with new remote working practices:
Are you aware that hackers can get access to work data through your employees’ personal devices?
Does your company have a policy in place for how employees should use work laptops / smartphones for personal use?
How confident are you that your employees understand the importance of ‘good password practice’?
Does your business have any breach reporting requirements under GDPR?
General practices to be safe:
Appoint a privacy officer. Every business should have a privacy officer, according to the Privacy Act. This is someone who has a general understanding of the Act and can deal with privacy issues when they arise.
Review your privacy statement and make sure it’s up to date. If you don’t have one, the Office of the Privacy Commissioner has a free tool to help you create a privacy statement that tells people how you will be collecting, using and disclosing their information. Use Priv-o-matic to assist.
Ensure everyone understands the importance of ‘good password practice’. Share this widely and often.
Use Multi-Factor-Authentication for greater security during member/staff login to your platform.
Provision access rights, and report on changes in permissions for access to company data.
Establish reporting practices that can capture breaches, if and when they occur.
Determine and enable the security needed to protect your data stored in the cloud.