I attended a presentation this week by CERT NZ and learnt some valuable things about cyber security which I thought would be great to share this week.
Firstly, what was the event? It was hosted by Microsoft and showcased the digital transformation of a range of kiwi businesses – more on that another time. One of the speakers was Declan Ingram, Operations Manager at CERT NZ with a presentation titled ‘Cybersecurity – don’t be a statistic – CERT NZ’s advice on how not to get hacked‘.
So what is CERT NZ? CERT NZ is a government funded organisation tasked with helping NZ businesses and individuals better manage cyber security risks. Providing this service is part of our government’s Cyber Security Strategy to protect us from cyber security incidents.
CERT NZ has a great website with lots of valuable information on how to minimise your risk of cyber attacks.
At the presentation some of the key information explained was:
- the different types of cyber security risks
- how these risks present in your business (phishing emails, fraudulent invoices, hacked email accounts of senior staff)
- how to manage these risks (better password management, multi factor authentication, detecting scam invoices, the importance of checking instructions given via email)
Overall my key learning was that we should see cyber security risk management as a work process issue rather than an IT issue. This allows all those involved in the business to see the importance of following set processes to manage the risk. Each person has a role in ensuring that they use passwords securely, open emails with caution and be skeptical when receiving last minute requests to change payment or other financial information.
It is definitely worthwhile to access the useful resources on CERT NZ’s website to learn all this yourself. It is all totally free.
The other really useful aspect of CERT NZ’s website is that you can report cyber security incidents without any knowledge of the technical terms or without even really understanding what has occurred. If you are suspicious about a communication or incident then you can use the interactive complaint form which is based on selecting from drop down menus. Easy. Check it out here.
Why report? Well CERT NZ is part of a global network of similar organisations and they collect data from complaints made to improve threat detection. As was explained in the presentation, what you report today could protect an individual on the other side of the world tomorrow. It enables software providers to quickly identify new attacks and build the necessary response and blocks very quickly.
My biggest take home message from the session was that if you have any suspicion of a cyber security issue arising for you or your business, then CERT NZ is there to assist with figuring out your next steps. Of course the main message of the presentation was to prepare yourself today by learning more so that you don’t fall victim in the first place. Excellent advice.