COVID-19 Updates: Please visit for the latest updates

Get Cyber Secure

September 2021 • 3 min read


How can small to medium-sized businesses collect essential data and keep that information safe?

The implications of storing customers’ personal information are so worrisome to some business owners that they fail to collect much data at all. But it really is an essential part of doing business, so companies need to learn to overcome their fears.

What are the risks?

Someone accesses your stored data, including customers’ information, and threatens to release it publicly, as has happened recently with the Waikato DHB. However, these types of attacks are normally targeted at large corporate or government bodies.

Far more likely is a situation whereby a businesses operating systems are disabled and information made unavailable due to a cyber-attack.

This is a frightening prospect, but there are ways to safeguard your data.

Make use of cloud services

Cloud hosting providers offer all sorts of services to businesses, including security.

“It is reasonable to assume that they are better at security than the average SME. So using these cloud services will provide better protection from data breaches than doing your own IT,”

says Z Energy’s Head of Information Security, Marek Jawurek.

However, in using these providers businesses should also institute good password hygiene and multi-factor authentication.

Make sure you practice good password hygiene

What does that mean? Firstly, don’t re-use passwords; make sure they are both unique and long enough to be hard to work out. Secondly, make use of a password manager which lets you store all your passwords in one safe place. The password manager encrypts your passwords so no-one else can access them.

Use multi-factor authentication

Multi-factor authentication (MFA) provides another level of security. Most accounts ask you to enter your user-name and password before admitting you, MFA is a step beyond that. A multi-factor authentication system might ask you to answer a pre-set question or send a code number to your smartphone, in addition to asking for a password.

Some cloud services have a “turn on two-factor authentication” option in their settings.

Update your systems

Good system hygiene includes keeping your systems up to date. Most computer operating systems will provide a notification advising when an update is available. Action updates as soon as they are available to avoid vulnerabilities.

Use minimum privilege

Most systems will allow you to wield more power than you need. It is often better to have limited power on the system - to simply be a “user” as opposed to a super user or administrator. If your accounts are compromised by an attack, they will also inherit your system privileges, so stick to the minimum you need to minimise the damage they can do. And, be conservative about how much access you grant other people within your business, too.

Make sure you have a business continuity plan

You need to figure out how (and for how long) you can operate your business if the cloud service or the data stored within it becomes unavailable.

Ask yourself: “Do I have the necessary data in a local backup so that I can continue to operate my business?” says Marek. “Ideally this is tested, the professionals call it a business continuity plan or BCP. A BCP is not only useful for information security but also for other risks that a business has.”

Tags Business Strategy

Read Further

More Articles

How to drive traffic to your business website

Email newsletters and social media links can help bring customers to your website, but quality content will keep them there.

3 Jun 3 min

How to go Digital to Make Your Business Thrive

Many New Zealand businesses have embraced digital tools to run their business in the ‘new normal’. Explore simple and easy ways your business can go digital and thrive in the new economy.

11 Sep 3 min

How to manage a remote team

Stay connected when working remotely. Here’s how to manage a team using technology.

8 April 4 min