Call Now
  1. Home
  2. Blog
  3. Cybersecurity need of the hour for small businesses

Cybersecurity: Need of the hour for small businesses

Published November 4, 2022 (last updated on May 15, 2024) | Adam Wyatt - Copywriter and Content Creator


Research has found that 47% of businesses have become victim to scammers last year. This is a record number of cybersecurity incidents. These attacks highlight the clear need for businesses to remain vigilant. According to Government’s Computer Emergency Response Team (CERT NZ), cyber incidents have caused $3.7 million in financial losses to businesses in 2022.

Yet small businesses continue to treat cybersecurity as an afterthought. A study conducted by the Bank of New Zealand found that 53% of SMEs said cybersecurity training isn’t at the forefront of their minds. The pandemic has increased the dependency on technology and consumer behaviour has drastically shifted. Online and e-commerce businesses are the future and if small businesses want to succeed, they need to invest in the right technology and protection.

Cybersecurity threats

According to CERT NZ, the top cybersecurity threats facing small businesses are:

Phishing and credential harvesting

Phishing is an attack that attempts to steal your money or identity by getting you to reveal personal information. It involves scammers sending either emails or text messages or phone calls disguised as a trusted sender to steal confidential information. Credential harvesting is a sophisticated form of phishing where hackers attack an organisation to get access to its credentials virtually. Phishing and credential harvesting accounted for more than half (59%) of all incidents reported in New Zealand between January and March 2022. The challenge in spotting phishing emails is that they often look like they are coming from known sources or well-known organisations. These emails replicate a business’s branding, language, URL, and email addresses to appear legitimate.

Scams and fraud

24% of cybersecurity incidents reported in the first quarter of 2022 were scams and fraud. Most of these incidents involved buying, selling, and donating goods. Cyber attackers also evolve their campaigns based on current events to trick people. For example, coronavirus related scams have been on the rise due to the trends in global behaviours.

Unauthorised access

In sectors of public safety, administration, transport, and warehousing, unauthorised access is a significant concern. At least one incident related to unauthorised access has cost businesses more than $100,000. These incidents basically compromise the confidential information, deny access or service, and modify the integrity of a system.


Malware is a common threat faced by businesses. Employees unknowingly click on a strange link and allow the malware to access the office system.

Attackers are constantly trying to use sophisticated methods to target businesses and employers. If business owners don’t step up, they risk facing financial losses, losing the trust of consumers, loss of confidential information, and reputational damage.

Contact us

Call us for immediate assistance and speak with a member of our team or send us an enquiry and we will get back to you promptly.

Call Now

How can New Zealand small businesses protect against cyber threats?

Only 6% of Kiwi companies have adequate protection against cyber threats. New Zealand has a high concentration of smart phone usage which makes businesses more vulnerable. 90% of New Zealand companies are small businesses, and they believe that cybersecurity is an expensive and unnecessary expense. This misconception needs to be corrected and small businesses need to know that prevention is far more cost-effective and less stressful than having to respond to a data breach.

Here are some practical steps small businesses can take to potentially protect themselves from cyber threats:

  • Train your staff- Businesses need to do a better job of educating people and employees on how to spot risks and avoid them. Use videos, workshops, and handbooks to train staff on cybersecurity, potential threats, and usage of software. All employees should know what sites they can access and safe storage of passwords and company information.

  • Choose the right cloud services- There are several cloud services providers out there and you must choose the right one for your business. As a business owner, you should research and pick the right one. Having an effective cloud service has benefits such as getting access to software, accessing company data from any company approved device at any time, and having adequate storage space and backups for your data. Before you commit to a particular provider, make sure they can give you the protection and support you need.

  • Implement two-factor authentication (2FA)- 2FA means that anyone who logs in to the system will need to provide something else on top of the username and password to verify that they are who they say they are. You can implement it on internal systems. Systems that benefit from 2FA are email services, cloud aggregator services, document storage, banking services, social media accounts, accounting services, and any system that stores customer, personal or financial data.

  • Work with experts- Hiring cybersecurity experts to look after your systems can be worth the expense. They can do a SWOT analysis of your security and help you pinpoint the weaknesses.

  • Secure your devices and network- Establish anti-malware software on any devices that access business data. Configure network devices such as firewalls and web proxies to secure and control connections in and out of the business network.

  • Check details manually- Having manual checks in place can act as an added layer of protection for businesses. It will also ensure they don’t get caught up in online scams and fraud.

  • Have an incident response plan- Always be prepared for the worst-case scenario. Having an incident response plan helps your employees stay prepared and know what to do in case things go wrong. Policies and systems in place can ensure you protect your business, customers, and employees from loss of important data and information.

Did You Know?

A large percentage of cyber incidents and attacks can be prevented simply with a long, strong password and the use of two-factor authentication across devices. 

Employsure has worked with 6,000 businesses across New Zealand and supported them in employment relations and work health and safety. We understand the needs of small businesses and the challenges they face. Call our 24/7 Advice Line today to get all your tricky questions answered.

*This document is intended as general information and does not constitute advice. Please contact a cybersecurity professional or qualified experts if you need advice and support.

Related posts

Have a question?

Employsure Logo

Not a client yet?

0800 568 012

Existing clients call

0800 675 700

Existing clients (overseas)

+64 9 941 5205

Employsure Office

8 Tangihua Street, Auckland CBD
Peninsula LogoEmploysure Law LogoFair Work Help LogoEmploysure Mutual LogoBright HR LogoHealth Assured LogoGraphite HRM Logo
Peninsula LogoEmploysure Law LogoFair Work Help LogoEmploysure Mutual LogoBright HR LogoHealth Assured LogoGraphite HRM Logo

Copyright © 2024 Employsure Pty Ltd. ABN 40 145 676 026

Employsure Protect is a discretionary risk product issued by Employsure Mutual Limited ACN 630 256 478 (AFSL 544232). Employsure Mutual has appointed Employsure Limited to distribute the product in New Zealand. To decide if this product is right for you, please read the Employsure Protect Product Disclosure Statement.