Please configure

3 key cyber security threats

Subscribe now for insights, opinion and advice to inspire you and your team on your digital journey.
Ransomware, phishing, whaling - if you thought they’re all made up for the TV show Mr. Robot © , think again.

They’re all tools in the hacker’s arsenal and they could be a cybersecurity threat to your business. In “7 tips to protect your business from Mr. Robot”, we looked at the big picture of keeping your business secure.


Now we delve deeper into the hacker’s biggest weapon. It’s not technology as you may have thought. It’s people and our willingness to be friendly, to be helpful and to talk to each other.




       Key learnings


  •  Be vigilant: Phishing, whaling and ransomware attacks are happening every day.
  •  Learn what to look out for: Emails from unknown people, unusual payment requests.
  •  Protect your information: Don’t use the same password for everything.


Phishing up a storm


Phishing is something we all experience. It’s that email from a bank that says, ‘your account has been compromised, please check your details by clicking on our link below’. It has a logo from your bank (or someone else’s) and high hopes that you will click on that link.

Of course, it’s not from your bank, it’s from a hacker who wants you to put in your details so they can access your accounts.


Fully urgent - act immediately


Whaling takes phishing to the next level. Whaling is all about fooling a user into thinking their boss (or the CFO or someone equally important) has emailed an urgent request through. For example, ‘Please pay this person $25,000 into this account before the end of the day. It’s VITAL this happens’. It relies on the recipient being so unwilling to upset the boss that they’ll act on the email’s instructions without checking or verifying.


Give me your money or your files get it


Ransomware is also sadly on the rise, with notorious examples like Cryptolocker. Victims have clicked on a link or opened an attachment in an email and discovered their computer (and potentially their entire company’s data network) is locked down and inaccessible. The only way to retrieve your data is to pay a ransom - hence the name.


It’s not always the technology that’s the weakest link


Social engineering is a series of tricks designed to get people to hand over access or information to a third party - there’s a striking example in season 1, episode 5 of Mr. Robot when Elliot uses ‘human exploits’ to get into Steel Mountain. Instead of tackling the security system head on, hackers rely on fooling well-meaning users into revealing passwords or simply handing over the information they’re after.


So what is a business owner to do? Generally speaking, most small and medium businesses don’t have an IT manager and probably don’t have the expertise to spot problems before they arise, let alone fix them.


Mark Churches is the manager of fraud detection and response services for Spark and he says the very basic, first step everyone should take is to make sure their technology is up to date. Security patches, virus signatures and software updates are very important, but shouldn’t be relied upon totally.

“They tend to generate a false sense of security because the technology isn’t usually the weakest link. It’s people,” says Mark.


Constant vigilance


Fraud techniques, like phishing and whaling are constantly evolving and for the small business, that means you have to stay on your toes.


Imagine you’ve just received an email from the boss asking you to urgently set up a payment to an account you’ve never heard of before. Do you jump to it, or should you check?


Mark suggests ringing the boss to double check. No senior manager would object to someone double checking before authorising a large payment, and better safe than sorry.


“Big business tends to have these procedures in place and they stick to them. Smaller businesses tend not to and that makes them vulnerable to attack.”


Mark says there are four things a user should do when looking at an email or communication that may be suspect.


1. Always double-check if you’re suspicious about a request or a large payment.

2. Look at the spelling and at the phrasing of the email - does it sound like the CFO or not?

3. Does the email ask you to break normal procedures? If so, this is a red flag.

4. Check the sender’s email address - is it from within the business or from somewhere else?


Mark has one final piece of advice: don’t reuse passwords. “Sharing passwords between multiple services means if you’re compromised in one area you have potentially given away access in another. By collecting bits of information from various sources a hacker can put together a complete picture of you and your online world. That’s a big problem.”


What’s next for you?

If you’ve received any suspect email or want to better protect your company’s security systems, get in touch. We can have a look and suggest services for your company’s size and requirements. Keen to see Mr. Robot? You can find out more about it and watch seasons one and two on Lightbox.



Join the Facebook Community for NZ Business

Running a business is easier when you can tap into a network of friends and mentors. At Spark Lab you’ll be part of a business community providing inspiration, advice and support. No matter how big or small your business, join us for exclusive access to some of New Zealand’s most successful business minds.

With 24/7 connectivity, how do you create a balance between work and life when you’re always ‘switched on’? We asked some busy people for tips on how to both get away from technology and use it to a balanced advantage.  


The issues getting in the way

“Before smartphones and email syncing, we tended to have greater separation between work and non-work time. As that separation has diminished, many feel like they never have time to recharge the batteries,” says Simon Moutter, Managing Director of Spark New Zealand. “We’re not going to change the reality of the online world, so we need to manage the balance through discipline combined with flexibility, as paradoxical as that sounds.”

Thanks! We're sorry to hear that!

Please configure