(06) 877-0992 info@govern.co.nz
The New Zealand Privacy Act takes centre stage in 2023

The New Zealand Privacy Act takes centre stage in 2023

 

The New Zealand Privacy Act takes centre stage in 2023

The New Zealand Privacy Act of 2020 is an key piece of legislation that all businesses have a responsibility to take seriously in order to better protect customer and business information from data theft or misuse.

The increased frequency of highly publicised data breaches over the past 12 months has brought the importance of the Act into sharper focus for 2023 and solidified cybersecurity as a necessary consideration for all businesses, big and small.

Under the Act, several key principles must be abided by when collecting and using personal information. These include :

1. Ensuring appropriate security safeguards are taken

2. Only using personal information for its intended purpose

3. Informing individuals about how their personal information will be handled

4. Being open and transparent with customers about how their information is collected and used.

The New Zealand Privacy Commissioner is committed to helping businesses, and individuals understand their rights and responsibilities under the Act and providing them with all the necessary information to do so. To assist organisations comply with these laws, they have created a suite of supporting resources, such as training materials and guidance documents, that offer help at both the management, and employee level. Through this support, businesses can better protect themselves from data breaches and other threats to their customer information.

The importance of the legislation and its impact on incidents were evident in two recent cases, the Mercury IT and Archives NZ breaches. In both instances a hacker was able to gain confidential customer data and then proceed to use it for fraudulent activity – all due to the organisations inadequate security measures. These two examples (of which there are many more) should serve as a warning to all.

This year promises to be a difficult one for businesses, but with the right steps taken, it is possible for those operating in New Zealand to comply with the New Zealand Privacy Act of 2020 – ultimately meaning better protection of customer data and less risk of data loss or misuse.

Here’s what you can do:

Create a Privacy Policy

To protect your business, creating a comprehensive and up-to-date privacy policy is essential.

Many businesses may be unsure how to do this, so here are some tips:

  1. Understand Your Obligations – Take the time to read through the New Zealand Privacy Act of 2020 in detail and make sure you understand what it requires you to do. Check the supporting material on their website, to help explain any grey areas or questions.
  2. Establish a Process – You should set up an internal process for handling customer information and data, with clear rules about who has access and how it is used. This process should be regularly reviewed to ensure that it remains compliant with the Act.
  3. Regularly Audit Your System – It’s important to review your systems regularly to identify any vulnerabilities that could lead to a breach of privacy or data loss. Check for things such as a lack of encryption, weak passwords, or outdated security software that could put customer data at risk.
  4. Update Your Policy – Whenever there are changes to the New Zealand Privacy Act of 2020, or if you make changes to your own internal processes, you should update your privacy policy as soon as possible. This will ensure that customers are kept up-to-date on how their data is being used and protected.

Employee Training

Time and again we see the weakest link in the cybersecurity chain to be employees.

Upskilling your staff on how to be cyber-safe is an imperative action in order to protect your business.

Start this process by :

  1. Setting Clear Guidelines – Make sure your employees receive training on their obligations under the Privacy Act and are aware of their roles in protecting customer data. Ensure that any guidelines you set out are clear and easy to understand so everyone knows what’s expected of them. The New Zealand Privacy Commissioner has a short training program of 30 minutes or less on their website that offers a digital certificate that businesses can save as proof to the Commissioner of compliance should there be a breach.
  2. Provide Resources – Ensure that employees have the resources they need to stay up-to-date on changes in data protection laws around the world and other relevant regulations. This can include access to specific training materials such as videos or e-learning programs, as well as providing in-person seminars with experts. Ensure your staff is also aware of the Australian Privacy Act or the GDPR if you work with or store data overseas.

The Australian Privacy Act

Changes to the Australian Privacy Act, which took place late last year, have a dual impact on New Zealand.

First, New Zealand Businesses doing business in Australia will fall under the country’s penalties for data breaches. As such Bellgully advises that, “New Zealand business entities doing business in Australia should take note of the coming changes.”

Secondly, the New Zealand legislation for data sovereignty will undergo similar changes to strengthen our responsibilities. If a New Zealand business is providing services to an Australian customer, they will have to abide by the same regulations as if they were in Australia. It is important that businesses understand these changes and take appropriate measures to ensure compliance.

As part of the new changes, there is also a requirement for organisations only to store personal information in Australia unless it is absolutely necessary to store it overseas. This ensures that the country’s data sovereignty remains in place and that user information is kept safe and secure. The Australian Privacy Act has also strengthened its enforcement powers, allowing for greater financial penalties for organisations in breach of the Act. It is important that businesses understand their obligations and ensure they are compliant with the new rules. The Privacy Act also includes provisions for individuals to complain about privacy breaches and for organisations to be held accountable for any such breaches. This strongly incentivises companies to reinforce their data security policies and practices.

Overall, these changes represent an important shift in how we protect the privacy of Australians and New Zealanders alike. The changes to the Australian Privacy Act are a positive step forward in ensuring our data remains secure and protected. It is essential that businesses understand their responsibilities under this new legislation and take the necessary steps to ensure compliance. This will protect customers’ personal information and give organisations peace of mind.

In addition, businesses must also remain aware of the changing landscape of privacy regulations in other countries they may be doing business with or providing services to. This includes understanding European GDPR legislation, which provides even stricter data sovereignty and user privacy rules.

Conclusion

In conclusion, businesses need to be vigilant in protecting their customers’ data.

The laws for data protection are constantly changing, so business owners must stay up-to-date on the most recent changes and take steps to ensure that their employees receive training and have access to resources on data privacy regulations. Taking these measures will help protect customer information and keep businesses compliant.

If you need assistance navigating this legislation, or cybersecurity policies in general, contact us today.

Cybersecurity Threats New Zealand SMBs Face in 2023

Cybersecurity Threats New Zealand SMBs Face in 2023

Protecting New Zealand Businesses Against Cybersecurity Attacks in 2023

     Small to medium-sized businesses (SMBs) are the backbone of the New Zealand economy. They provide jobs, support local communities and contribute to the country’s GDP. As we move into 2023, small to medium-sized business owners (SMBs) are facing a higher risk of cyberattacks. This is due to a number of factors, including the expanding attack surface created by the growing number of cloud-based applications and devices, and the continued reliance on legacy systems that are not designed to withstand modern threats. In addition, many SMBs do not have the resources or expertise to defend themselves against sophisticated attacks effectively. As a result, they are often forced to pay the ransom or suffer significant financial losses. While the New Zealand government is working to improve the country’s cyber resilience, it is important for SMBs to take steps to protect themselves. This includes implementing robust security controls, educating employees about cyber threats, and having a plan in place to recover from an attack quickly. By taking these precautions, SMBs can help ensure that they remain a vital part of the New Zealand economy.

In this blog post, we will discuss the cybersecurity threats that SMBs face in 2023 and how they can overcome them.

1. The increasing number of cyberattacks against SMBs and the damage they cause

     In recent years, there has been a sharp increase in the number of cyberattacks against small and medium-sized enterprises (SMBs). These attacks can have devastating consequences, causing data breaches, financial loss, and reputational damage. In many cases, SMBs are ill-equipped to deal with such attacks, and the resulting damage can be enough to put them out of business. The reason for the increase in attacks against SMBs is that they are often seen as easy targets. Their lack of security measures makes them an attractive target for cybercriminals, and their smaller size means that they are less likely to have the resources to recover from an attack. As the number of cyberattacks against SMBs continues to rise, it is important for businesses of all sizes to take steps to protect themselves. This includes investing in cybersecurity measures such as firewalls and malware protection, and training employees on how to identify and avoid potential threats. By taking these precautions, businesses can reduce the risk of becoming victims of these damaging attacks.

2. The most common types of cyberattacks against SMBs and how to protect yourself from them

     Though often thought of as big business targets, small to medium businesses (SMBs) are actually much more likely to be the victims of cybercrime. In fact, 43 percent of all cyberattacks target SMBs. The most common types of cyberattacks against SMBs include phishing, ransomware, and malware. Phishing is the act of sending fraudulent emails in an attempt to steal sensitive information such as login credentials or financial information. Ransomware is a type of malware that encrypts a victim’s files and demands a ransom be paid in order to decrypt them. Malware, short for malicious software, is any type of harmful code that can infect a computer and cause damage. While SMBs may be prime targets for cybercriminals, there are steps that can be taken to protect against these attacks. Training employees on how to spot and avoid phishing attempts is one way to reduce the risk of falling victim to this type of attack. Additionally, ensuring that all data is backed up on a regular basis can help minimize the damage caused by ransomware and other malware attacks. By taking these precautions, SMBs can help reduce their risk of falling victim to cybercrime. Here are 5 steps to achieve a balanced Cybersecurity posture in your organisation sector:

1. Ensure that your security software and operating systems are up to date – Keeping your system’s software and operating systems updated is one of the most effective ways to protect against cyberattacks. Outdated systems can leave your business vulnerable, so make sure all programs, applications, and networks are regularly updated with the latest patches.

2. Educate your employees on cybersecurity protocols – Training employees on how to identify potential threats and the importance of cybersecurity can help prevent malicious attacks from occurring. Make sure all staff are aware of standard security procedures such as avoiding clicking unknown links, recognizing phishing attempts, and not sharing sensitive information over email or social media.

3. Use strong passwords and two-factor authentication – Implementing strong passwords and two-factor authentication can help protect sensitive data from unauthorized access. Change your passwords often to reduce the risk of them being compromised, and ensure that all staff members are trained on best practices for creating and managing secure passwords.

4. Utilize a firewall and VPN – Installing and configuring a firewall on your network can help protect you from external threats. A virtual private network (VPN) can also be used to encrypt data sent over the Internet and reduce the risk of third parties gaining access to sensitive information.

5. Implement strict security protocols – Establishing clear guidelines for how employees should handle confidential data and access company systems can help ensure that security protocols are consistently followed. Consider requiring employees to use complex passwords, change them regularly, and log out of shared devices when not in use. Additionally, have a policy in place for reporting any suspicious activity or potential threats. All of these steps will increase your ability to protect yourself against cyberattacks.

3. The importance of SMBs having a cybersecurity plan in place

     In today’s digital world, data security is more important than ever before. Small and medium-sized businesses (SMBs) are increasingly targets of cyberattacks, and the costs of these attacks can be devastating. According to a recent report, the average cost of a data breach for an SMB is $2.2 million. This figure takes into account the direct costs of the breach, such as notification and legal fees, as well as the indirect costs, such as lost customers and reputation damage. Given these high costs, it’s essential that SMBs have a cybersecurity plan in place. This plan should include measures to prevent attacks, such as employee training on security best practices, as well as steps to take in the event of a breach, such as having a responder team in place. By taking these steps, SMBs can help to protect their data – and their bottom line.

4. How to create a cybersecurity initiative for your business

     When it comes to safeguarding your business from cybersecurity threats, the key is to have a plan in place. By taking some simple steps to assess your risks and create a customized plan, you can help protect your business from a wide range of potential threats.

First, take an inventory of your company’s assets and identify which ones are most vulnerable to attack. Next, assess the likelihood of an attack and the potential damage that could be caused. Based on this assessment, you can prioritize the assets that need the most protection.

Once you have identified your vulnerable assets, it’s time to develop a security plan. Begin by creating a list of security measures that should be put in place to protect each asset. This may include things like installing firewalls and anti-virus software, establishing user authentication protocols, and implementing data encryption methods. Once you have developed your security plan, put it into action and make sure to test it regularly to ensure that it is effective. By taking these steps, you can help safeguard your business against the ever-growing threat of cybersecurity attacks.

5. Tips for SMB employees staying safe online

     In today’s business world, a company’s most valuable asset is often its data. This includes everything from customer information and financial records to trade secrets and engineering designs. As a result, it’s essential for employees to take steps to protect this data when they are working online. Here are four tips to help employees stay safe:

1. Use strong passwords: A strong password is the first line of defence against online attacks. Use a mix of upper and lowercase letters, numbers, and symbols, and avoid using easily guessed words like “password” or your birthdate.

2. Avoid phishing scams: Phishing scams are designed to trick you into revealing sensitive information, such as your login credentials or credit card number. Be suspicious of any unsolicited emails or links, even if they appear to come from a trusted source.

3. Keep your software up to date: Out-of-date software can provide a back door for attackers. Make sure to install updates as soon as they are available for all the programs you use, including your operating system, web browser, and office suite.

4. Use caution when sharing information: Be careful about what information you share online, both in terms of the content itself and who you share it with. If in doubt, err on the side of caution and keep sensitive information to yourself.

By following these simple tips, employees can help to keep their company’s data safe from online threats.

6. SMB Resources for further reading

     For businesses looking to improve their cybersecurity posture, there are a number of great resources available. The SANS Institute, for example, offers a wide range of resources on topics such as risk management, incident response, and security awareness. The NZCERT website also provides a wealth of information on cybersecurity threats and mitigation strategies. In addition, the National Cybersecurity Center of Excellence (NCCoE) offers guidance on how to implement cybersecurity solutions in a variety of different business environments. Finally, the American Institute for CPAs (AICPA) provides several helpful resources on cybersecurity best practices for businesses of all sizes. By taking advantage of these and other resources, businesses can gain the knowledge and tools they need to protect themselves against today’s threats.

In Conclusion

     In 2023, it’s more important than ever for small to medium-sized businesses in New Zealand to take cybersecurity seriously and create a robust security strategy and action plan. The threat of cyberattacks is only going to increase in the coming years, and businesses that don’t take steps to protect themselves will be at a significant disadvantage. Fortunately, there are a number of resources available to help businesses improve their cybersecurity posture. The SANS Institute, NZCERT, National Cybersecurity Center of Excellence (NCCoE), and the National Institute of Standards and Technology (NIST) all offer helpful information on how businesses can protect themselves against cyber threats. By taking advantage of these resources, SMBs can gain the knowledge and tools they need to safeguard their data and stay competitive in today’s digital age.

For SMBs looking for assistance in improving their cybersecurity posture, contact GOVERN today. Our team of cybersecurity experts can provide tailored solutions and advice to help your business stay secure and competitive in the ever-evolving digital environment. Don’t wait – for more information about our products and services, get in touch with us today to take the first step in partnering to safeguard your business against online threats.