CFOtech New Zealand - Technology news for CFOs & financial decision-makers
New Zealand
Guides
#
cybersecurity
#
data analytics
#
data analytics
#
digital transformation
#
hybrid & remote work
Search
Story image
#
Malware
#
Data Protection
#
MFA

New year, new protections: Top tips to safeguard your business from cyber-attacks in 2025

Today
By Alistair Miller, Principal Consultant, Aura Information Security

One in three of all Kiwi small businesses are at risk of a cyber-attack. These can be crippling, grinding operations to a halt and causing long-term financial and reputational damage. 
These criminals are getting smarter and more devious. And we know the best protection is prevention. Make 2025 the year you batten down the hatches and protect your business from cyber-attacks. 

Most small business owners lack of resources, technical knowledge and understanding of cyber risks and scams - which lays the groundwork for a cyber security breach. 
All too often, the assumption is small businesses are too insignificant to be targeted by cybercriminals. 

This can make them less attuned to cyber security gaps and vulnerabilities in their businesses, a blissful unawareness of the risks posed by the default security settings of the apps and cloud programmes they use every day.

Below are some surprising ways small businesses can be targeted, along with insights on how to counteract these threats.

Social engineering and social media
Social media is a vital marketing and customer engagement tool for small businesses, but it's also a treasure trove of information for cybercriminals.

By analysing posts, photos, or employee interactions, attackers can gather enough data for social engineering schemes. 

For example, an attacker might impersonate an employee or vendor to manipulate the business into transferring funds or sharing sensitive information.

Social media scams targeting small businesses often go unnoticed because they blend seamlessly into day-to-day operations. A fraudulent direct message, for instance, can trick employees into clicking malicious links or sharing login credentials.

A healthy paranoia goes a long way. Business owners should train employees to recognise impersonation tactics and monitor accounts for unusual activity.
It's also important to limit the amount of sensitive information shared on social media and proactively add multifactor authentication (MFA) to all business accounts. 

Exploiting public Wi-Fi usage
Small business employees often work remotely or in public spaces, connecting to unsecured public Wi-Fi networks. 

Cybercriminals can exploit these networks through tactics like "man-in-the-middle" attacks, intercepting sensitive information such as login credentials, customer data, or financial details.

Many small businesses don't associate public Wi-Fi usage with cybersecurity risks. This oversight can lead to data breaches or unauthorised access to business accounts.
To combat this, business owners should educate employees about public Wi-Fi risks and encouraging the use of either personal hotspots or secure private networks when working remotely.

Targeting cloud-based applications
Cloud computing has become indispensable for small businesses, offering affordable solutions for data storage, collaboration, and applications. 
However, cloud-based platforms can be a double-edged sword. 

If not properly secured, these platforms can be exploited by attackers to access sensitive business data. Weak passwords, misconfigured settings, or a lack of MFA can make these systems vulnerable. 

Many small businesses assume cloud providers handle all aspects of security. While providers do offer robust measures, the responsibility for enabling them, securing access, managing permissions, data handling and ensuring safe usage often falls on the business.

Use strong access controls, enable MFA, and conduct regular audits of cloud configurations to minimise vulnerabilities.

These are just some of the things business owners and employees need to be aware of when it comes to protecting themselves from nefarious cyber criminals. 

Employing even basic hygiene measures can make a world of difference. 

There are lots of resources you can adopt to get started – try the CERT NZ website if you're looking for basic frameworks and policies. 

Better yet, if you have an IT external provider, ask for their help and advice to make sure you have some good processes in place, as well as the right level of protection for your data.

While cyber security might seem daunting, paying attention to where your risks are can ensure your data, operations and reputation are kept as secure as possible in this rapidly evolving digital landscape. 

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Maori-led fund seeks $100 million with Ethereum focus
Spearphishing identified as leading threat to utilities
Kiwis take fewer leave days than Aussies & Brits
SentinelOne appoints Kris Day for Asia Pacific leadership
Devoli automates services, saves over NZD $20,000 annually
Top stories
Humanforce acquires LiveHire in USD $17.2M HR tech deal
GitHub announces Copilot Free tier for VS Code users
Akamai reveals $9.6m benefit and 152% ROI from Guardicore use
Cloudera unveils RAG Studio for AI without coding skills
Cloud contact centre market grows, driven by demand for customer engagement