What digital businesses need to know to protect themselves and their customers against cybersecurity threats
We’re used to seeing bricks and mortar shops protected with the likes of CCTV, alarms, or even security personnel, but what about protecting our websites and digital storefronts?
A cyberattack can not only cost your business financially, but can also damage your reputation and deplete hard-earned trust from your customers.
In the third quarter of 2020, 281 Kiwi businesses reported cybersecurity breaches. Waikato DHB made news headlines for several days in 2021 after suffering from a debilitating ransomware attack.
Reports of cyberattacks are increasing in frequency each year, but it’s not too late to put up protective systems to safeguard your business and customers against the worst of it.
Although it may never happen to your business, just like theft from a bricks and mortar store, preventative steps are still your best course of action. With these protocols in place, if an incident does happen, you’re better prepared to mitigate any serious losses.
Cybersecurity threats for digital businesses
Although there are dozens of different types of online scam, hack, and malware that can affect individuals as well as organisations, there are three main categories of cybercrime that businesses need to watch out for:
- Data breach via hacks or leaks
This could involve the loss of commercially sensitive information, client lists and contacts, financial information, or your customer’s payment details. A data breach can occur as a result of a leak within your organisation (either intentionally or due to poor handling of data/records), or from a hacker exploiting a weakness in your network.
- Financial loss via ransomware or malware
Malware is a form of software designed to cause damage, while ransomware encrypts or locks your system until you can pay an extortionate fee to save your files from deletion or publication. These are usually downloaded by accident, hidden in a suspicious attachment or corrupted program. In either scenario, the loss of access to your business systems puts a halt on your operations and costs a significant amount to recover.
- Disruption to operation via DDoS (Distributed Denial of Service)
A DDoS attack is designed to overwhelm a website and cause it to crash, rendering it unusable to your customers for the duration of the attack. Typically, it involves the hacking of multiple devices which are then directed to the victim site, causing it to overload. When your website is disrupted, it becomes impossible for legitimate users to access or buy from.
As well as having an immediate financial impact, each of these cybersecurity issues also has a longer-term effect on your business reputation. Before a customer provides you with their data and dollars online, they need to be sure that they can trust you to protect it. Putting in place a good cybersecurity protocol is as much about building trust with and protecting your customers as it is about safeguarding your own investment.
Making a cybersecurity protection plan
To protect against as well as mitigate any potential damage caused by a cyberattack, there are several important actions you can take.
- Minimise human error
Educate staff about the risks of cyberattacks and set guidelines in place such as not clicking links in unknown emails, not responding to possible scams, and double checking email addresses when sending sensitive or financial information. If staff are working from home, make sure they’re using a secure WiFi network or a VPN to protect data from being intercepted.
- Create a device and digital policy
Ensure all staff adhere to a digital policy including the use of antivirus protection, 2-Factor-Authentication for passwords and installing updates as soon as they’re available. Be aware of what programs you are using to store data and how secure these are.
- Ensure consistent backups
An off-site backup of mission-critical data is essential not only for cybersecurity, but also in the event of a natural disaster, fire, or other practical incident at your place of work. Make sure you’re backing up regularly and using encryption – a policy that outlines who is responsible for backups, how and when can help.
- Create a response plan
Knowing what to do if you’ve been compromised can help your business to recover more quickly and mitigate any immediate damage. Assign roles and responsibilities, including who to contact, how operations might continue, and how to openly address the matter with your customers.
- Partner with a security team
An experienced IT team can create a personalised online security system for your business to ensure that the right protocols are in place and any potential risks are managed, taking some of the weight off a busy owner’s shoulders.
For more guidelines on dealing with and protecting your business against cybersecurity threats, see CERT – the Computer Emergency Response Team – established by the NZ government.
To help figure out where the weak points could be in your business, see CERT NZ’s cybersecurity risk assessment for businesses.
Keeping your customers’ trust
Now that your business processes and data are protected, it’s important to establish with your customers what you’re doing with their data, to help them feel safe when they shop with you.
Three steps to increase trust in your online business:
- Publish a customer-friendly version of your digital policy: what happens to customer data, how it’s protected, and what your protocols are in the event of a breach. You don’t need to share all of your internal practices, but enough to reassure them that you know what you’re doing and their information is secure.
- On the checkout page, add a disclaimer to let customers know how their data will be used, stored, or encrypted once they checkout.
- Provide a way for people to contact you with any security concerns.
