New Zealanders are continuing to be impacted by cybersecurity incidents and attacks are increasing in sophistication and complexity says Rob Pope, the director of CERT (the government's Computer Emergency Response Team) in the organisation's June quarter update.
Cyber attacks were already on the increase before the pandemic. But people scattering to home offices during lockdowns has created new opportunities for hacking and the number of online intrusions is rising faster than ever before.
CERT fielded 1351 reports of security incidents in the June quarter - a period that saw a 150 per cent increase in ransomware attacks, and a 37 per cent rise in unauthorised access incidents compared to the same quarter a year ago.
Pope has a blunt warning: Because many fear the embarrassment or brand damage that can come with admitting a breach, "the (report) numbers are just the tip of the iceberg."
That's the bad news. The better news is that you can protect yourself, your family or your business online by following good security advice.
As we become increasingly reliant on technology, strong cyber defences are "not a nice-to-have, but a must-have," says Laura Ross, Head of Cyber Security Strategy & Architecture at Vodafone NZ.
The company has been protecting New Zealand organisations for more than 15 years, and now has over 60 experts in security practice, which includes dedicated cybersecurity centres.
Part of its approach is to front-foot situations. For example, in the first week of March 2020, two weeks before the rest of the country went into its first Level 4 lockdown, Vodafone emptied its offices for a massive work-from-home drill involving 1500 staff – to not only prepare itself, but understand the security and remote-working challenges that would soon follow for all New Zealanders.
Vodafone also works with strategic partners including US security giant Palo Alto Networks, Arbor Networks, a specialist in preventing DDoS attacks that try to overwhelm a website with connection requestions and CrowdStrike, whose technology stops ransomware attacks and other security breaches.
The recently-launched Vodafone Secure Access, powered by Palo Alto Networks, protects hybrid workforces split between offices and remote-work locations, allowing them to share data securely and offering advanced, cloud-based protection from corporate to home networks.
Ross says her company's in-house team, and its security partners, help to keep every customer and every device on Vodafone's network safe.
She says the setup also provides easy access to world-leading security technologies - especially for SMEs who may find such a sophisticated level of protection unaffordable, or out-of-reach for those who lack an inhouse security person.
Vodafone's eight steps to better security:
Hackers are not always out to steal data. Sometimes the end goal is to encrypt or erase it or threaten to do so. Regular backups - and remember to test them - mean you always have a recovery option.
2. Keep all software and apps up-to-date
Software and app developers publish updates on a regular basis that provide security patches. It's essential every device you own or work on is kept up to date. Ross recommends shutting down a laptop each day. When it restarts, it will automatically install any patches released overnight.
3. Practice good password management
Don't use the same password for different services. Longer is stronger. Make sure each password is at least eight characters long, includes at least one lower case letter and one special character. A passphrase you can easily remember is best.
4. Turn on 2FA (Two factor authentication)
2FA is a second authentication step - such as entering a code texted to your cellphone. It's a good safeguard to require 2FA for any new device used to access one of your accounts.
5. Install or turn on antivirus and firewall software
Antivirus software is designed to stop malicious software being installed on your device. A firewall screens data traffic, looking for pattern indicating a hacker is trying to break in.
6. Monitor accounts and privileges
In the office, staff should only have access to the information they need to do their job. Keep a full list of privileges, and review it regularly. At home, make sure no family members can access devices used for work.
7. Embrace education
The above tips are no use if staff don't know them. An education regime should include a mandatory training session for every employee.
8. Beware of phishing scams
Phishing emails or texts can look and feel real and try to trick you into giving away personal information or money. Don't take the bait! Report and delete spam.
For more information, please visit vodafone.co.nz/business/security-services/