Wanaka Chamber of Commerce Cyber security risks to your business ( and what you can do about it) August 2019
As a government- enabled organisation, CERT NZ’s job is to advise everyday New Zealanders and organisations on how to avoid or manage cyber security risks. We’re uniquely placed to do that. We have privileged access to data and people here and internationally. The more data we have, the more we can achieve.
About us • Location : CERT NZ is a branded business unit of the Ministry of Business Innovation and Employment, based in Wellington • Size : 17 staff plus the Contact Centre • Minister : Minister for Broadcasting, Communications and Digital Media Hon Kris Faafoi • Funding : The Government has invested $22.2m over four years from Budget 2016 to build and fund CERT NZ 3 Cyber security risks to your business (and what you can do about it)
CERT NZ’s core functions 4 Cyber security risks to your business (and what you can do about it)
We work across the cyber security ecosystem • Not all incidents reported are within our scope. But as part of our role in the ecosystem, we help people get to the right place. • We work closely with incident “referral” partner organisations including: CERT NZ also plays a connecting role working alongside or coordinating with partner agencies to resolve incidents where required. 5 Cyber security risks to your business (and what you can do about it)
CERT NZ Reporting Tool • Natural language • Easy to use • Provides an initial event diagnosis 6 Cyber security risks to your business (and what you can do about it)
CERT NZ Reporting Tool continued… 7 Cyber security risks to your business (and what you can do about it)
2018 summary – what we’ve seen 8 Cyber security risks to your business (and what you can do about it)
2018 top incident categories 9 Cyber security risks to your business (and what you can do about it)
2018 summary – what we’ve done 10 Cyber security risks to your business (and what you can do about it)
What’s happening in our backyard? Top Tips Top 4 Categories Otago Region • Be alert to online Overview 2018 scams , like the • • 33 scams & fraud 70 incident reports: email webcam • scam and its 48 from individuals 17 phishing & variations and 22 from credential • Follow the CERT organisations harvesting NZ top 11 • • Reported direct 8 unauthorised cybersecurity tips for your business financial loss: access and especially how • $232,385 5 reported to protect your • website where you Average loss: vulnerability run one $11,619 11 Cyber security risks to your business (and what you can do about it)
Cyber security risks to business • Lack of effective cyber security policies, procedures and training • Principle of least privilege not enforced • Poor cyber hygiene • Insider threat • No cyber security incident response plan 12 Cyber security risks to your business (and what you can do about it)
Impacts and consequences • Financial loss • Data loss • Reputational loss • Technical damage 13 Cyber security risks to your business (and what you can do about it)
Top 11 tips for businesses 1. Install software updates 2. Implement two-factor authentication (2FA) 3. Back up your data 4. Set up logs 5. Create a plan for when things go wrong 6. Update your default credentials 7. Choose the right cloud service for your business 8. Only collect the data that you really need 9. Secure your devices 10. Secure your network 11. Manually check financial details 14 Cyber security risks to your business (and what you can do about it)
What can you do right now for your business? • Review and update your cyber security policies , procedures and staff training • • Review and implement Top 11 Tips for businesses • Update and practice your Incident Response Plan • Check out www.cert.govt.nz for more information 15 Cyber security risks to your business (and what you can do about it)
How can your staff at home? • Use strong and unique passwords for your accounts • Update your devices • Check your privacy settings • Turn on two-factor authentication • Report it 16 Cyber security risks to your business (and what you can do about it)
How you can leverage CERT NZ
Quarterly Reporting • New Zealand threat landscape statistics and information • Free to use as resources for your customers , staff , management and executive • Provides awareness of the impact of incidents , and the prevalence of threats • Can help with business cases for protection measures • Subscribe and read our Quarterly Reports at www.cert.govt.nz/about/ quarterly-report 18 Cyber security risks to your business (and what you can do about it)
A wealth of free, expert information • Ready-made content on common cyber security threats with practical info and advic e for organisations, businesses and individuals • Includes resources like infographics and videos • Free at www.cert.govt.nz * • *Available to copy, distribute, adapt for any purpose other than commercial purposes under a Creative Commons licence 19 Cyber security risks to your business (and what you can do about it)
Useful links mentioned in this presentation • To share your SPAM reports with DIA text 7726: https://www.dia.govt.nz/Spam-Complain- About-TXT-Spam • Business.govt workplace policy builder: https://wpb.business.govt.nz/workplacepolicybuilder/itAndSocialMedia/whyWeHaveThisPolicy1 • Office of the Privacy Commissioner privacy statement tool: https://www.privacy.org.nz/privomatic/index.html 20 Cyber security risks to your business (and what you can do about it)
Keep in touch and stay up to date • Subscribe to alert and advisory emails • Register your interest in Cyber Smart on our website Week 2019 , email us at www.cert.govt.nz/subscribe cybersmart@cert.govt.nz • Subscribe to quarterly updates on our • Cyber Smart Week enquiries: website www.cert.govt.nz/subscribe cybersmart@cert.govt.nz • Follow us on Twitter @CERTNZ • To report an incident : www.cert.govt.nz or phone 0800 CERT NZ 21 Cyber security risks to your business (and what you can do about it)
22 PowerPoint title goes here [CLASSIFIED]
Recommend
More recommend
