Date: 17th October 2019
In the past year, CERT NZ received more than 2,000 cyber security reports from New Zealand businesses and organisations. The reported financial loss was over $5.2 million. It’s Cyber Smart Week on 14-18 October 2019 so we’re taking the opportunity to fill you in on some tips on keeping your business smart online.
But first, let’s alert you to a new type of scam that’s been doing the rounds. While the scam is fairly sophisticated, and looks legitimate, the way to avoid is simple (more about that below).
Last year, CERT NZ received a report from a small business that was receiving emails from an attacker pretending to be a recognised supplier. The emails contained fake invoices and were attempting to trick the business into paying the invoiced amount into an attacker’s account.
The emails seemed legitimate. For example, they included information about recent goods the business had requested and the right costs. However, there were small differences in the sender’s email address that fortunately staff noticed before any payments were made.
With the help of their IT provider, the business discovered that an employee’s email account had been hacked.
The account had a simple password, making it easy for the attacker to get into the account and forward any emails containing words like “account”, “invoice” and “pay” to an external address belonging to the attacker.
The information in these emails gave the attacker enough details about the business’s billing cycles and behaviours to create fake invoices that looked legitimate.
The solution? A stronger password.
Many businesses think a cyber attack won’t happen to them. To help keep you and your business safe, put the following four measures in place.
Have a strong and different password on each of your accounts, like email and software programmes. You might use a password manager, an app that securely stores account logins. That way you only have to remember one password.
Add an extra layer of security to your business email accounts by applying two-factor authentication (2FA). It’s often a password and something else, like a code that is sent to your mobile phone.
Updating your social media privacy settings to only friends and family makes it hard for cyber criminals to find out information about you.
Don’t ignore software updates when they are available. Try to action them as soon as possible. It’ll help protect against bugs and viruses.
Report any issues to CERT NZ right away. You’ll be asked to describe the cyber security issue you’re experiencing. CERT NZ will then identify it and let you know what the next steps are to resolve it.
Along with providing you with help, CERT NZ uses the information you share to create advice and guidance for others who might be going through the same issue. Any information you provide is confidential, unless you give consent to share the details of your report.