Cyber crime and the risks associated with it are no longer the domain of big business only. As auditors, we see an increasing risk for small and medium-sized businesses (SMEs) and Not For Profit (NFP) organisations throughout New Zealand. This dark and sinister turn of events shows us that having a clear cyber security plan in place is vital to protect the revenue, cashflow and digital assets for SMEs and NFPs.

If you are running one of these organisations, there are a few simple measures and practical steps you can take to protect against cyber crime.

The five most important cyber-attack risks facing small businesses/organisations in NZ

The first step to protecting your organisations against cyber crime is to understand the risks that you face. Using our experience as one of Auckland’s market-leading auditing services, we’ve put together a list of the five most important cyber-attack risks your organisation will face:

Data breaches:

Small businesses and Not For Profit’s often store sensitive customer information, including financial data, without adequate protections, such as firewalls etc. These can be valuable to cybercriminals.

Crypto virus:

Cybercriminals can use malware to lock the systems and data of a small business, demanding payment in exchange for unlocking it.

Financial losses:

A cyber-attack can result in financial losses, including costs associated with downtime, repairing systems, and recovering data.

Reputation damage:

A cyber-attack can harm reputation and negatively impact customer trust.

Compliance violations:

If a small business or Not For Profit stores sensitive information, such as personal data, it may be subject to regulations that require proper data protection. A cyber-attack can result in compliance violations and costly penalties.

What you can do about it to protect your organisation

To protect your organisation against cybercrime, and enhance cyber security, we recommend following these eight steps. They are simple IT security rules but once implemented will save you cost, resource and ensure your organisation isn’t susceptible to being hacked.

The eight steps are:
  • Use strong passwords with a combination of upper case, lower case, numbers and special characters, change them regularly (at least every six months) and implement two-factor authentication (2FA) where possible. Don’t use “password”, “12345678” or similar passwords or write down your passwords.
  • Keep software and systems up to date with the latest security patches and updates. Don’t ignore the system’s notifications even it takes a long time to install an update.
  • Educate employees about cybersecurity best practices and dangers of phishing scams. Don’t open suspicious attachments and report them immediately to your IT provider.
  • Limit access to sensitive information and systems to only those who need it.
  • Use anti-malware and anti-virus software to protect against malicious software.
  • Work with a trusted IT service provider to implement comprehensive security measures. They should regularly monitor logs and networks for signs of suspicious activity. As well as regularly backup important data to a secure location.
  • Have a business resilience plan in place to respond quickly in the event of a cybersecurity breach.
  • Investigate whether cyber risks can be added to your existing insurance cover. also has a great article on small business cybersecurity, linked here.

If you would prefer tailored assistance to help you better understand the potential risks your organisation, please contact your BVO audit advisor for more information.