Each year CERT NZ hosts Cyber Smart Week to highlight the importance of being secure online, by showing New Zealanders what’s at stake when we don’t get our cyber security right

This year’s campaign kicked off with a photo exhibition called EXPOSED that featured larger-than-life portraits of real people targeted by attackers while going about their lives online.

“These New Zealanders have shared their stories to highlight the impacts an online incident can have and to encourage others to protect themselves online,” says Jane O’Loughlin, CERT NZ manager for engagement, communications and partnerships.

This year’s Cyber Smart Week, which was held from October 30 to November 5, also saw the launch of CERT NZ’s new programme called Own Your Online.

“This is a new website created to help individuals and businesses understand the online world by explaining common cyber threats and providing practical cyber security advice. The site will also have resources and guides for organisations to keep their network, data and devices secure, and to create a response plan in case of a cyber incident.

“As we spend an increasing part of our lives online, cyber security is a necessity rather than a convenience,” says Jane. “We encourage New Zealanders to heed the messages and take steps to become more cyber resilient.”

IRHACE asked CERT NZ’s senior analyst for threat and incident response, Sam Leggett, how businesses can manage their online security.

What are some of the most common ways New Zealanders are falling victim to cyber criminals?

In the two years leading up to June 30, 2023, CERT NZ has seen an average of 2,266 incidents reported each quarter. These incidents include phishing and credential harvesting, scams and fraud as well as malware and ransomware attacks, unauthorised access and other kinds of online attacks. The two-year period also saw financial losses adding up to $39.9 million. These are figures from just the cases that are reported to us. CERT NZ acknowledges that many cases go unreported or are reported elsewhere, so actual figures may be much higher.

One of the common ways that scammers target New Zealanders is through phishing – sending links via emails, SMS or direct messages. The sender pretends to be a trustworthy organisation such as a bank or a government agency and tries to get sensitive information from the receiver (credit card and bank account details, or login information). New Zealanders also experience investment and job scams, romance scams, fake lotteries and prizes, and scams while buying and selling goods and services online.

More information on how online incidents are categorised and the financial loss broken down can be found in our quarterly report: Quarterly Report: Highlights Q2 2023

What are some of the most important protocols companies should have in place to keep their business and employees safe?

Organisations have a responsibility to keep their businesses, their employees as well as their customer data safe. They can do this by putting in place an online security framework, by updating devices and software, securing their networks, collecting and storing only the data they need from their customers. We also recommend businesses talk to their employees about staying safe online and encourage them to be cyber smart.

You can find our guide for business here: Top 11 cyber security tips for your business ownyouronline.govt.nz

Are there any other steps that can be taken to avoid online threats?

There are simple steps you can take to stay safe online: create long, strong and unique passwords, turn on Two-Factor Authentication (2FA) for your online accounts, turn on automatic updates for your apps and devices, set your social media accounts to ‘private’ or ‘friends only’, and always pause to think before you click on a link.