This week’s events are a reminder that all of us need to invest to keep ourselves, our data, and our customers safe, writes cyber security expert Laura Bell.
Cyber security leapt into mainstream headlines this week after an incident at Waikato DHB debilitated computer and phone systems, impacting the lives of people working there and those in need of their care.
The full facts are a long way from being known, let alone being made public. As in any emergency response situation, the people closest to the issue have more pressing priorities than sharing minute-by-minute details with the media. They’re doing what we most need them to do: focusing on restoring systems so their patients and teams can resume services. We wish them all the luck and strength in the world as they do this vital work.
While we don’t know the cause or context of this incident nor what the likely impacts will be for the DHB and its patients, the episode offers a timely reminder of the vulnerability we all face in this digital age.
New Zealand is made up of hundreds of thousands of organisations, big and small, that all process some form of information to “get stuff done”. We use a range of technologies — from those we’ve custom built to those built by others in New Zealand and beyond — to make this happen. It’s helping us innovate and deliver on a scale we’ve never seen before. We’re a country where even non-technical people can use technology to grow their businesses, manage their lives, and communicate on a global scale.
There’s a cost to this technology adoption, however, and this week’s events are a reminder that all of us need to invest to keep ourselves, our data, and our customers safe. Not just in terms of annual budgets and technology purchases, but also in spending the time and energy to understand our risks and take steps to protect what matters to us.
So what can we do?
Whether you’re protecting yourself and your family, your small business, a growing startup, or a large enterprise, our investment in digital technology and tools brings with it a need for security. In fact, the more people who have a basic understanding of security and take basic steps to protect themselves, the better off everyone is.
Our economy is an ecosystem, linking buyers and sellers of goods and services together. The thing with connected networks is that if one of us is vulnerable, we all become more vulnerable.
Much like we learned during the initial phases of Covid-19 — if we’re affected, our contacts, connections, customers, and business partners can be affected too. It’s the same with security incidents.
Just as our Covid response strategy involves us each taking individual actions to protect everyone around us, a strong cyber security strategy works on similar principles.
In short, if we’re to stay safe from cyber attacks, every person and every organisation has some work to do.
When we face this, it can feel overwhelming and potentially expensive, however as CERT NZ (our national Computer Emergency Response Team) has been telling us in their list of Critical Controls, we’ll have to do a few things differently. But here’s the good news: it won’t be as annoying or painful as you think.
If you haven’t checked out CERT’s work, you should. They have handy guides for individuals and businesses that you can use as a simple framework to improve your cyber security and reduce your risk.
For those, like me, who prefer a short guide to what those changes look like, here’s our top five. If we’re going to reduce the chances of security incidents happening in home lives or workplaces, we all need to make these changes.
Sort out your password habits
Using a short, simple password or reusing the same password across multiple websites is a bad habit that many of us are guilty of. Since poor quality passwords are linked to a whopping 81% of data breaches, it’s probably a good idea for us all to try a little harder.
- Choose long, unique passwords (more than 16 characters) and don’t reuse them. They’re harder to guess, and one can’t be used to access lots of accounts. You can even make up a password by stringing together names of 4-5 objects — say, “frame-leaf-rug-handle”.
- Consider using a password manager for yourself or your business,
- Where these first two feel too hard, you could always set your passwords by randomly typing very long strings into the password field when you register and then rather than remembering them, use the forgotten password function when you need to log in.
Add a second layer of security to your important accounts
Turn on two-step or two-factor authentication, especially for your most important accounts such as your email. Most well known websites and online tools have this feature and will provide you with a unique code (either via phone app or SMS message) that you’ll need to present along with your username and password each time you log in. This prevents people from guessing your password to gain access. Remember that for most of us, our email is a gateway to our entire lives — so protecting these important places protects much more than the messages you send to family and friends.
Prepare for the worst and make sure you can recover what matters most to you
Know where your important data is stored and make sure you are creating backups. When things go wrong, you’ll never regret being able to easily retrieve those lost documents or records. Don’t forget to check your backups from time to time to make sure they’re working.
Keep your devices happy, healthy and secure with the latest patches and updates
Keep your mobile phones, laptops, and other devices up-to-date. They all run on software and all software has the potential for security flaws. As these security issues are discovered, these software updates keep you protected. Many of our devices also have helpful security features baked right in. Keeping them up-to-date keeps the accounts and data you store on them safer. Use automatic updates where you can to make your life easier, but don’t forget to let your devices reboot from time to time to make sure the updates are completed.
Know where to go for help and if something is wrong, reach out
Know who to call when something doesn’t seem quite right. If you’re at work, that might be an IT support person. In your personal lives, it might be a friend, your grandkid, or your parents. If you don’t know where to start, call CERT NZ. For those with organisations to protect, develop a plan, share it and make sure everyone feels safe to come forward with security concerns.
Whether you’re looking to protect yourself, your small business, growing company or enterprise, these basics are universal. It’s just the scale, and complexity of the problem that changes.
Finding a way to apply these security foundations across as many of our people and organisations as possible is the key to New Zealand maturing our cyber security posture and protecting our people, data, and organisations from the increasingly risky world we all operate in.