Paul Walker, associate partner, external audit, Findex.

OPINION

New Zealand has a well-practised and celebrated “she’ll be right” attitude which can lead to a belief that bad things won’t happen us.

This approach works in certain circumstances but ultimately leaves us exposed, especially online. More and more business owners believe that their business is too small to be the target of cyber-crime, which couldn’t be further from the truth.

Cyber-attacks happen everywhere.

Any business that holds customer data is a cyber-attack target regardless of whether the data is considered highly sensitive, such as health and financial data.

Take the recent MediaWorks breach from March 2024 - the stolen data was collected from running online competitions.

Although the data may not have included health or financial information, it can still be sold for ransom or used for other identity theft.

This may seem relatively innocent as a standalone attack, but these thefts are not done in isolation.

With competition entries, certain responses could be used to pick answers to common security questions, matched up to passwords and usernames stolen from other data breaches, and used to defraud.

Unlike health providers or financial institutions, MediaWorks may not have been considered a high-risk target for cyber-attacks. Still, the data it held could be valuable when used in certain ways.

What does this mean for you?

Take cyber security seriously, no matter what line of business you are in.

Give some consideration to the data that you collect, how it is stored, and for how long. In the MediaWorks case, people’s data was held for several years after the competitions had ended, perhaps a lot longer than necessary.

Cyber security is not a one-and-done job. The digital landscape is (rapidly) evolving, and your security needs to keep up with the changes and continuously review and refine your systems and priorities.

Working with an experienced adviser is important as they can provide the right advice and tailor the approach to match your business’ size, complexity, and risk.

