International customers demanding more rigorous cybersecurity from NZ firms
The most significant change to Europe's data protection rules in more than 20 years is putting Kiwi exporters under increasing pressure to match world standards in cybersecurity.
Author of the book 'She'll Be Right (Not!) – a cybersecurity guide for Kiwi business owners – SMB cybersecurity expert Daniel Watson says that until now, Kiwi companies have managed to slide past certifications and compliance levels by showing that they had, at least, some measures in place.
"The EU’s General Data Protection Regulation (GDPR) Compliance has been around since 2018, but the EU has stepped up enforcement sevenfold in the last year. Local companies are suddenly at risk of losing business, getting hit with hefty fines or having their ability to trade restricted.
"EU regulators are imposing record fines, and this is making local companies that trade with Europe sit up and take notice. On top of this, multinational lenders, banks, and insurance companies are putting pressure on businesses to apply best practices for cyber and data security.
"If you are doing business with a big European company and your cybersecurity is lax, you are compromising that company and its other suppliers and clients."
Watson said cybersecurity is having a significant impact on the ability of local exporters to win and keep clients. He is aware of cases where international insurance companies have demanded answers from local companies about their policies concerning issues such as the alteration of bank details (business email compromises are massive), two-factor authentication, staff access and awareness.
"Cybersecurity is not a widget. It is more than machines and software because biggest vulnerability is people at every level of the business.
"If your staff are not trained in cybersecurity protocols and policies – if they are not kept up-to-date with cyber threats – you're going to fall short of international standards. Increasingly, overseas customers are asking New Zealand companies to provide certifications and compliance levels with respect to international standards."
He suggests that companies doing business overseas, or contemplating developing international markets, take steps to:
- Assess the privacy of client data
Be clear on the types of data you are collecting and the process. Is collection anonymous, or is the identity known? How is data collected, and how is it stored? Who has access to that data, and are third parties involved? Do you have a process for dealing with data breaches?
- Write clear policies
"Use the assessment to write clear policies to define how staff behave. For example, how they use social media and who can access customer data."
- Secure your current state
Securing your current state is about making sure your software and technology are adequately protected. Look ahead at potential threats and attacks that may occur, anticipate what they are and make sure your systems can withstand, adapt or recover from an attack.
"If you are a senior leader in a company or a business owner, it is important that you keep up-to-date with the cybersecurity threat environment and that you keep your staff informed," Watson said.
If you are unsure of where to start, connect with Daniel Watson HERE or call him on 099720367.