Some practical tips
You arrive at work to find that files with sensitive commercial and client information held on your computers have been hacked. This is the situation the Reserve Bank of New Zealand (RBNZ) found itself in earlier this year. In January, the RBNZ encountered a data breach of its global file-sharing application Accellion FTA. This application was once used by the RBNZ and its stakeholders to share personal and commercially-sensitive information.
It is alarming to contemplate having to negotiate with hackers who have stolen your business information for ransom. All businesses can learn from the RBNZ’s incident to increase awareness of cyber security and minimise the risk of a hacker attack. Prevention is the best solution.
Install antivirus software
Antivirus software helps detect, quarantine and remove malicious software from computers. Although Windows 10 comes with Windows Defender built-in, this only provides a baseline level of protection. Hackers are constantly inventing new viruses and threats, and it’s important to have up-to-date antivirus software. It’s worth paying for reputable antivirus software; free antivirus software programs can be fake and/or harbour viruses.
Use a virtual private network (VPN)
If you connect a device to free public Wi-Fi networks at, say, local cafes, you’re running a business risk. If hackers access that network, they can see everything you do on the internet, including logins and passwords. A VPN helps to protect you from these risks. A VPN provides online privacy, anonymity and security by creating a private network connection. Like antivirus software, it is worth paying for VPN software to ensure you receive a higher quality product.
Implement patch management
Patch management ensures that all operating systems and software on your business computers are up-to-date so the likelihood of a known security risk being exploited on your computers is reduced.
Although it is tempting to delay notifications that say ‘Windows needs to restart your computer to install the latest update’, installing those updates is critical to maintain security.
Older operating systems such as Windows 7 are easier to hack than the later version (Windows 10) because Microsoft no longer provides updates and support has ended. As a result, there are known security vulnerabilities which have not been fixed.
Regularly back up data
Your IT systems, including all data, should be backed up to a secure location, so that business can be restored quickly if it is cyber-attacked or there is another data loss event. Typically backup and business continuity plans are developed to ensure downtime is minimised. Often this will include backups taken at multiple times on any given day and at day end, and stored in multiple locations. Backups should be held for a reasonable period to avoid replicating viruses or other harmful codes.
Implement email filtering system
Emails are a big threat to cyber security. An email can purport to be from a genuine company but have fake credentials, could have been compromised by a hacker or have malicious attachments.
Downloading such emails could give a virus access to your computer. It is advisable to prevent programs from being run inside email attachments without permission. Email filtering system features are available with some Microsoft products but you may need to ensure these are turned on.
This technology stops web pages from being accessed that are known to contain harmful or restricted content. Web filters rely on constantly updated databases that record websites known to be associated with harmful or restricted content.
Train your staff
Staff members should be trained on cyber-attack risk and its protection. Even with the best measures in place, staff can unwittingly present security risks, such as clicking on email attachments from spam emails.
Don’t forget the basics
It’s easy to forget IT fundamentals. Have a screen lock. Create a complex password; ensure it is different for each account and change it frequently. Install two-Factor Authentication (2FA) that adds an extra layer of security by requiring users to provide two layers of information to gain access to a computer or network (such as inserting a password as well as code texted to your mobile phone).
Have an IT adviser
Unless your core business is IT, employ (or have on call) an IT adviser who can assess the risks to your business and implement the above steps. We also recommend you engage them periodically to undertake audits and to expose any weaknesses before a cyber-criminal exploits them.
Protect your business
Cyber security and cyber threats are now global problems. Failing to put in place measures to protect your business from these threats can easily lead to business failure. It should be a priority in your business planning.
A variety of clauses to suit different situations
Negotiating commercial leases can involve a significant amount of crystal ball gazing – particularly when some leases can last decades. As recent times have shown, the landscape at the start of a lease can be miles away from the situation at the end of the lease. One area where the shifting sands can bite for long-term leases are the rent figures. Without appropriate rent review clauses to adjust the rent, any landlord could find themselves with a vastly undervalued rental as the lease progresses.
Types of rent review
Not all rent review clauses are alike. There are various methods of calculating changes to rent, these include:
Is your property fully insured?
There are potential insurance risks for properties that have shared areas, for example multi-storey town houses, semi-detached homes which share a party wall, and cross lease properties which have carports, the Insurance Council of New Zealand has warned.
If your property does not have a body corporate that manages insurance cover for the whole property, and if you and your neighbours have different insurance providers, you may find that any shared property such as carports, party walls and roofs will not be covered by your insurance.
Some options for offering shares
The Covid pandemic has paved the way for innovation, and many New Zealanders spent 2020 investing time and money into their new or existing businesses.
When raising capital to grow their business, however, many business owners find themselves limited by the size of their wallet. While interest rates are currently at an all-time low, trading banks’ lending terms are arguably the strictest in recent memory.
Covid relief key expiry dates for businesses in 2021
In 2020, the government introduced a raft of legislation to provide temporary relief for businesses struggling to navigate the effects of the Covid pandemic. Some relief measures, such as the safe harbour for company directors, have already expired, while others will expire this year unless they are renewed. The key expiry dates for 2021 that you should be aware of are:
- 26 March: Landlords and tenants of commercial premises who could not agree on rental arrangements during the 2020 lockdown period have until this date to access the government’s subsidised arbitration or mediation service to resolve the dispute.
- 31 March: Measures allowing companies, incorporated societies and other entities to hold meetings online and make temporary exceptions to their rules.
- 15 May: Provisions allowing for electronic signatures when signing security agreements that contain powers of attorney.
- 22 September: The requirement for landlords to give 30 working days’ notice instead of 10 working days’ notice to end a commercial lease where the tenant fails to pay rent.
- 31 October: The cut-off date for businesses to enter into the government’s business debt hibernation scheme has been extended until 31 October 2021.
The scheme allows businesses to have a month of protection from most creditors enforcing their debts, and a further six months’ protection if their creditors agree.
A focus on syndicated farm investments
With the current low interest rate regime looking set to continue for some time, investors are increasingly looking at ways to generate a reasonable income either for their retirement or for other forms of saving.
Recently, commercial property syndicates have come back into fashion. Their popularity is based on the return that they are able to provide to investors, notwithstanding the risks inherent in that sort of investment.
Water is an absolute necessity for any type of farming or horticultural activity. Historically viewed as an infinite and expendable resource, water is now seen as having a finite supply and must be dealt with as a commodity. The right to access water from a source, such as a spring or well, and the right to use that water are different, but related, issues.
Hefty consequences for getting it wrong when company was in financial distress
In September 2020, the Supreme Court released its keenly anticipated decision in the Debut Homes case. This decision illustrates the risks for directors where a company is experiencing irrecoverable financial distress.
For all overseas purchasers
It seems as though the Overseas Investment Office (OIO) has been under constant evolution over the last two years. In June, the OIO enacted a change that now requires all overseas purchasers of New Zealand business assets to submit a notification to the OIO before the transaction takes place — regardless of the asset value. This submission will allow the OIO to monitor and prevent New Zealand asset ownership being unnecessarily diluted due to stressed sales caused by unprecedented economic pressures from Covid.
Which transactions does this apply to?
Previously, ‘overseas persons’ who purchased New Zealand business assets valued under $100 million (excluding land), did not have to apply for OIO consent. Under the ‘Emergency Notification’ requirement, however, the OIO must be notified by every overseas person before purchasing any New Zealand business assets — even if the transaction holds minimal value. This includes an increase of shareholding in a business in which the overseas person already holds an interest. The requirement to submit a notification does not extend to purchases that require the consent of the OIO, as the office will already be aware, and have the opportunity to reject, those transactions.
Remote working: the new normal
As a result of the Covid lockdown, many employees were required to work remotely, and some are continuing this arrangement.
Working remotely comes with some important considerations, particularly in terms of health and safety. If you are an employer, you should be: