Illustration of a person working securely on a laptop with encrypted data and network security icons

Growing New Zealand businesses are attractive targets for cybercriminals, often precisely because their IT setup hasn’t caught up with their headcount, data, or revenue. CERT NZ’s regular reporting continues to flag phishing, credential theft, and invoice scams as some of the most common incidents affecting local organisations. The reassuring part is that most of these incidents are preventable with a handful of foundational controls, and none of them require an enterprise-sized budget.

Here are five basics we recommend every growing NZ business has in place.

  1. Multi-factor authentication on every account that supports it. Email, banking, accounting software, and cloud storage should all require a second factor beyond a password. This single control blocks the large majority of account takeover attempts, even when a password has been stolen or guessed.
  2. A patching routine you can actually verify. Knowing that updates are “probably” applied isn’t the same as having a report confirming every device is current. Unpatched software remains one of the easiest ways for attackers to get in.
  3. Backups that follow the 3-2-1 rule, and get tested. That means three copies of your data, on two different types of storage, with one copy kept offsite or in the cloud. Just as importantly, a backup that has never been test-restored is a backup you can’t fully trust.
  4. Short, regular staff security awareness training. Most incidents start with a person, not a piece of software. Brief, recurring training on spotting phishing emails and verifying unusual payment requests goes a long way, and is far cheaper than recovering from a successful scam.
  5. A written incident response plan, including who to call. If a breach involves personal information, the Privacy Act 2020 may require you to notify the Privacy Commissioner and affected individuals. Knowing in advance who’s responsible for reporting, who you’ll call for technical help, and how to reach CERT NZ removes guesswork during a stressful moment.

None of these steps are exotic, but keeping all of them consistently in place across every device, account, and staff member is where many growing businesses struggle, simply because it isn’t their core job. That’s exactly the gap a managed IT partner is there to close, handling the day-to-day monitoring and maintenance so these basics stay in place without taking your attention away from running the business.

author avatar
Alan Jennings