RSM New Zealand

Cyber security important in times of change

It’s unfortunate that in a time of crisis, when we’re all looking at ways to work together and unite against COVID-19, cyber criminals are taking advantage of the disruption COVID-19 has caused. 

This of course, is just another aspect of business that not-for-profit and for-profit organisations need to be aware of, at this time. In this article we explore some helpful points to manage your organisation’s exposure to cyber risk. 

Do a systems check 

Right now, most New Zealand organisations are doing their best to work from home.  Those of you who are working from home would have had a mad rush transitioning IT capability from work to home. System changes would have occurred to allow more capacity and offer the mobility needed to still remain operational. 

Now that workforces have settled into their routines, it’s a great opportunity to complete a systems check to ensure that safeguards are in place. Review antivirus software, access controls, password protection, encryption requirements etc, are still operating in the same way before we went into lockdown. 

Educate your team 

Working from home will inevitably allow teams to be more casual in their behaviour. Although training for computer and device security is usually conducted at induction, any significant change to working environment is a great opportunity to reinforce IT system and software security requirements and expectations.

Training could include checking the authenticity of emails, checking the validity of email requests, ensuring team members are aware of risks of using video conferencing apps. Equally important is how suspicious emails are handled; if in doubt refer to your IT team and in lieu of having in-house IT help, verify the email by picking up a phone to double check requests. Remember - the cost of being cautious is free. 

Be aware and keep communication up 

Although online scams may differ in nature, the underlying objective remains the same. A fraudster wants access to your personal or financial details for their gain. Email phishing scams appear to be the current form of online scams.

Scammers are using COVID-19 online posts as a cover to embed viruses in emails and posts you’d not normally have concerns about. As a nation, we’re consumed with absorbing information from all sources. Unfortunately this helps creates a perfect opportunity for scammers. 

The common strategy of scammers is to use ‘volume’ so it’s likely that more than one person in your organisation would have received the same or similar email. Keeping your team aware of potential phishing emails and ensuring team members are not blindly clicking on links (remember, links can sometimes have malware embedded) will keep the team alert for any suspicious email activity. 

Have a team member check Netsafe New Zealand regularly to keep you updated on what’s ‘current’ in terms of online scams and fraudster behaviour. Stay ‘online’ safe New Zealand.

Keep things simple and keep it routine 

This is important because as business owners you want behaviours to be consistent across the whole team. Whether you elect to have a small part of a team meeting dedicated to considering online risks / current scams or have a periodic email sent out to the team or keeping the message to a simple phrase ‘think and check before you click’. Whichever you choose, the goal remains the same. This is to keep the issue of cyber security and cyber risk fresh in the minds of your employees so that they now how to identify suspicious behaviour and know what to do if it is identified. 

Concluding comments 

We are fortunate in New Zealand to have good sources of education around cyber security and key issues for business. In amongst an environment of change or a departure from business as usual practice creates an opportunity for fraudsters. Prevention is a major step in ensuring your business reduces the risk and potential pain of dealing with a virus, email phishing, paying fictitious suppliers. 

Useful Links:

Netsafe New Zealand Website

Would you like to discuss this topic further?

Please email us to submit a question or click on the author below to directly discuss this article

CONTACT us

Authors

Brendon Foy
Audit Partner
Don Aue
Associate Director - Audit