Cybercrime is on the rise, and small-to-medium-sized companies with an online presence are just as at risk as large, multinational corporations and Government departments, according to SEQA.
Despite several large-scale online cyberattacks targeting New Zealand businesses over the past year, SEQA says many small and medium-sized companies consider investing in cybersecurity a nice-to-have rather than an essential aspect of future-proofing their business.
The cybersecurity experts at SEQA believe this is the wrong approach.
"Cyberattacks and security weaknesses can lead to many potentially damaging outcomes for businesses, including the loss of productivity, revenue, customers, and brand reputation," SEQA founder and director, Mark Keegan. "If you have a digital presence, you are at risk of a cyberattack."
He says the company's IT Health Check service makes performing regular security reviews easy for small-to-medium sized businesses by designing a testing programme that fits the specific needs of each business, be it complexity, data sensitivity, industry risk level, or budget.
"Whether their focus is on securing the highest quality food products to customers or delivering digital services, our IT Health Checks are the ideal, low-cost solution to help business owners quickly determine their cyber health and the likelihood of experiencing a cyberattack."
Haraway's Oats is a Kiwi small-to-medium sized business with a reputation for quality. Founded in 1867, they have undergone the natural progression from a paper-based company to one reliant on the internet to process orders, communicate with suppliers, and keep detailed financial records. When news broke about the Waikato District Health Board security breach in early 2021, they knew it was time to review their IT networks.
"We faced the reality of what it would cost the business if our systems went down for an hour, a day, or longer, not to mention what this would do to our reputation if our customer data was released," says Harraways CEO, Henry Hawkins.
"SEQA undertook a rapid, independent, and thorough security assessment of all our technology assets exposed to the internet and summarised their recommendations in a comprehensive action plan. We were surprised to find that many of our vulnerabilities were related to gaps in our policies,' he says.
"With the support of SEQA we were able to have a good three-way discussion with our IT provider to address the more complex issues they identified in a clear, concise way that we couldn't have done ourselves."
In contrast, Pikselin is a company born out of the digital era, providing specialist expertise in web design for over 26 years.
"Cybersecurity has always been an integral part of our business operating model," says Pikselin managing director, Steve Barnard.
"But more recently, it became apparent that we needed third party verification to give our customers greater assurance that we take cybersecurity seriously. Providing independent validation of Pikselins cyber readiness is underpinned by regular auditing of their policies, processes, and procedures. SEQA sets clear benchmarks for us to achieve in the medium to long-term, enabling us to operate a continuous improvement programme."