Edmonds Judd

cyber security

Avoiding scams

Tips to protect yourself

Every year thousands of people fall victim to scams through emails, phone calls and text messages. Scams are fraudulent schemes designed to deceive you and steal your money or personal information.

 

The danger of scams lies in their ability to look and sound genuine – at least until it’s too late. Scammers are becoming more cunning, often using technology and psychological manipulation to trick you. Fortunately, there are a few easy steps that can help you.

 

 

Phone scams

Scammers often try calling and pretending to be from your bank. They usually create a sense of urgency, claiming there are issues with your bank account such as unusual account activity or overdue fees; scammers will make you think that the matter needs immediate attention.

 

To spot a phone scam, be wary of unexpected calls that ask for personal information such as your account details or your passwords. Most organisations do not request sensitive information over the phone. An easy way to verify if the call is genuine is to hang up and call back using the official number.

 

 

Text message scams

Text scams are when you receive messages designed to trick you into providing personal information or clicking on malicious links. These messages might say they’re from your bank, a courier company or even your insurer. They often contain urgent requests to verify your account, claim a prize or resolve a problem.

 

To protect yourself from text scams, never click links or respond to messages from unknown numbers. If you receive a message claiming to be from an organisation, call them directly and check.

 

 

Email scams

Email scams, or ‘phishing’ emails, are a common way scammers try to steal personal information. These emails, similar to texts, appear to be from your bank, a courier or even a shop. Like many scams, they are often ‘urgent’ and ask you to update your account information, reset your password or review suspicious activity.

 

Don’t click on links or download attachments from unknown or suspicious emails, especially if you’ve never heard from them before. Organisations will never ask (or should not ask) for sensitive information by email.

 

 

Key points

We are exposed to scams more and more in today’s world. To keep yourself safe:

  • Be suspicious – who is contacting you and why?
  • Don’t trust any unexpected contact
  • Resist the urge to act immediately, despite what the message says
  • Never open attachments or links if you’re not sure where they’ve come from, and
  • Trust your instinct! If something doesn’t feel right, it probably isn’t.

 

Staying vigilant and informed is crucial in protecting yourself from scams.

If you think you’ve received a text or email that you think is a scam, you can report it to the Department of Internal Affairs, following the instructions on its website (www.dia.govt.nz).

 

 

DISCLAIMER: All the information published in Fineprint is true and accurate to the best of the authors’ knowledge. It should not be a substitute for legal advice. No liability is assumed by the authors or publisher for losses suffered by any person or organisation relying directly or indirectly on this newsletter. Views expressed are those of individual authors, and do not necessarily reflect the view of Edmonds Judd. Articles appearing in Fineprint may be reproduced with prior approval from the editor and credit given to the source.
Copyright, NZ LAW Limited, 2022.     Editor: Adrienne Olsen.       E-mail: [email protected].       Ph: 029 286 3650


It’s hard to ignore the headlines; the past few years have brought floods, plagues and an unprecedented rise in cyber-attacks. New Zealand businesses have taken the brunt of these events. Some have been pushed to breaking point.

 

Floods and plagues are tangible events. We can usually see them coming and prepare for the worst. Cyber-attacks are like a bolt of lightning, one minute it’s a sunny day, and the next minute your business is on fire and you are scrambling to mitigate the damage.

 

Cyber resilience is a measure of how well you can manage a cyber-attack or data breach while continuing to maintain business operations effectively. There are some simple steps you can take to make your business more resilient to cyber-attacks.

 

Step One: Know what you are trying to protect

All businesses have information that, if lost, would compromise the viability of the business. When considering what you need to protect, think of your information as assets in terms of maintaining their confidentiality, integrity and their availability of access. Which ones are the most important for your business to protect?

 

Knowing what you need to protect makes it easier to determine whether your cybersecurity protections are sufficient.

 

Step Two: Mind the gaps

Cyber resilience is more than just having anti-virus installed. Pay attention to the resilience of your people, processes and technology; cyber health checks will identify gaps and recommend improvements. Specialist cyber resilience companies such as Intelligensia provide impartial assessments of your cyber resilience and can liaise with your IT provider to get you the right the level of protection.

 

Step Three: Know your risk appetite

Know how much risk you are willing to accept for your business. This helps you decide how much you need to invest in cybersecurity protections. For example, if you keep sensitive client information, invest in offline back-ups that can’t be compromised if you succumb to a ransomware attack. An investment in off-line backups will not only minimise the loss of information, but also your downtime.

 

Step Four: Business impact

During the recent floods, power, phones and the internet were disabled for some time. A cyber-attack on your managed IT services provider or software vendor could similarly leave you with no access to your computer systems or information for extended periods. Think about the business impact if you can’t access your customer, financial or bookings information for an extended period. Use a scenario of not having access to vital tools and information for up to a month. During large scale cyber-attacks, your IT providers will be juggling competing demands to get multiple businesses operational again. Check your service level agreements and know the level of support you can expect.

 

Step Five: Incident response plan

An incident response plan lets you take a methodical approach to deal with a cyber-attack when it occurs. Many businesses think that calling their IT provider to fix the problem is all that is needed. Certainly, they can fix the technical problems, but you have obligations as well. For instance, you may need to notify the Privacy Commissioner if personal information has been stolen. Failing to report information breaches can result in a hefty fine. Informing customers that you’ve lost their information is another requirement. The way you manage a cyber-attack will determine the impact on your business’s reputation and your customers’ level of trust.

 

Essential to be cyber resilient

Cyber-attacks are on the rise. They increased 600% during the pandemic; security commentators predict that this year a business will suffer a ransomware attack every eleven seconds. More than 90% are caused by someone clicking on a phishing email. It’s not a case of ‘if’ you get attacked, rather ‘when’. Being cyber resilient puts your business in a much stronger position to weather the storm and recover quickly from a cyber-attack.

 

If you want your business to survive in today’s digital economy develop your cyber resilience now.

 

Jan Thornborough established Intelligensia in 2021 after realising that although big organisations were dealing with cyber risks, small and medium-sized business and not-for-profits were being left behind. Intelligensia’s mission is to bring the same level of expertise enjoyed by large companies and government agencies to smaller organisations.

 

Previously, Jan was head of the cyber resilience unit at New Zealand’s National Cyber Security Centre that helps nationally significant organisations become more cyber resilient.

 

DISCLAIMER: All the information published in Fineprint is true and accurate to the best of the authors’ knowledge. It should not be a substitute for legal advice. No liability is assumed by the authors or publisher for losses suffered by any person or organisation relying directly or indirectly on this newsletter. Views expressed are those of individual authors, and do not necessarily reflect the view of Edmonds Judd. Articles appearing in Fineprint may be reproduced with prior approval from the editor and credit given to the source.
Copyright, NZ LAW Limited, 2022.     Editor: Adrienne Olsen.       E-mail: [email protected].       Ph: 029 286 3650