Data breaches and cyberattacks are no longer just an online issue as, increasingly, sinister players use personal information to gain leverage over individuals and organisations online and offline.
The author of a cybersecurity guide for Kiwi business owners, Daniel Watson, says many Kiwis may be too comfortable when it comes to supplying their personal information online.
“Free offers, downloads, trial transactions, apps and other online offers designed to capture personal details proliferate,” says Watson, an SMB cybersecurity expert and managing director of Vertech IT Services.
Most Kiwis don’t think anything of providing their names, email addresses, job titles, company names, and even phone numbers online, making them and their employers vulnerable to exploitation.
“The problem with this is that hackers don’t only use the Internet. Just a tiny amount of information enables criminals to use both the phone and email to gather even more information about you for sinister purposes – hackers have been known to call colleagues posing as a friend or relative.”
Watson said that there are cases overseas where the compromising information of family members was used to gain leverage by bribery or blackmail. “For example, nude photographs kept on a PC, social media or file-sharing services, could be used to blackmail family, friends and colleagues into helping hackers access otherwise protected systems.
“There is a tendency for some New Zealand SME owners to dismiss these risks as something only big organisations and corporates needs to worry about, but in the online criminal world, there is no such thing as small fry.
“Bear in mind that bots carry out most cyberattacks and criminal activity. These automated attacks do not discriminate because they’re essentially scripted algorithms that comb the Internet looking for vulnerabilities – big, small or insignificant, information is leverage.”
He offers the following advice:
- Protect your data
Watson said that every New Zealander should pause and think before providing their details online because nothing is ever free, and if you aren’t paying money, then it’s your data that’s funding the transaction.
“Make sure you are satisfied with the credibility of whomever you are providing your information. Make an effort to be more selfish with your personal information.”
- Beware legacy software
“If you have old software that has not updated for some time, nor has it been reviewed by cybersecurity specialist, then get it reviewed or get rid of it. Systems that are not updated regularly will have vulnerabilities.”
- Know where your data lives
“If you don’t know where your data is, and that’s not unusual in New Zealand, you won’t be able to put the right protections in place. If budget is a problem, prioritise your most sensitive and most vulnerable data and put protections in place – review regularly and continuously improve.”
Watson says it isn’t unheard of for hackers to approach competitors with sensitive information about a company and for those competitors to succumb to the temptation.
“More and more we’re seeing how online data breaches enable criminals and even state players to extort, spy and impersonate.”