With nearly one third of local SMEs – potentially up to 150,000 businesses – having experienced a cyber attack and a majority of SME operators expressing fears about cyber security, accounting software provider MYOB is calling on the Government to address online security in the financial sector.
According to the latest MYOB Business Monitor survey of over 1,000 businesses nationwide, more than half of all SME operators (54%) are concerned about their cyber security, with 12% very concerned. Among businesses directly involved in the technology sector, the level of serious concern rises to 27%.
MYOB country manager, Ingrid Cronin-Knight said the level of concern expressed by SME operators reflects the growing risks of online attacks.
“Internationally we’ve seen a massive rise in risk, as antagonists – from amateur hackers to organised crime syndicates – look for financial gain, to create disruption or simply gain kudos among their peers by attacking websites, businesses and Governments,” she said.
“Clearly, in this globally connected world, New Zealand is far from immune. The sheer number of local businesses that have experienced some form of cyber attack is sobering.”
According to the Business Monitor survey, 29% of all local SME operators have been the victims of an actual or attempted cyber security breach from malware, an online or social media scam, hack, phishing attack or ransomware.
The sectors most likely to have experienced some kind of cyber attack are the professional services industry (36%), technology businesses (32%) and the finance and insurance sector (31%).
Time for NZ to step up
Ms Cronin-Knight said it is only by continuously monitoring and proactively addressing threats and vulnerabilities that organisations can mitigate these risks.
“Local business operators need the best tools available to help them manage the daily risks they face in protecting their valuable personal information and business data,” she said.
“That’s why we’re calling on the New Zealand Government to follow the example of the Australian Taxation Office and make two-factor authentication a mandatory standard for all online financial service providers.”
Instead of relying on just a password to determine a user’s identity, two-factor authentication uses an additional device, such as a text code sent to a smartphone app, or even a physical characteristic like a fingerprint, to provide another layer of access protection.
In its Operational Framework for Digital Services Providers released late last year, the Australian Taxation Office mandates the use of multifactor – including two-factor – authentication by cloud-based accounting systems.
Netsafe CEO Martin Cocker said Netsafe supports initiatives to increase the adoption of improved security practices such as two-factor authentication that will help Kiwis have a safer experience online.
“Two-factor authentication is a simple and practical measure that provides additional protection against hackers and fraudsters and decreases the risk of unauthorised access to online accounts,” said Martin Cocker.
“Recent research from InternetNZ shows that only 30% of NZ adults use two-factor authentication on any or all accounts where it is available.”
MYOB to make two-factor authentication mandatory
MYOB introduced mandatory two-factor authentication on all its products in Australia last year and made the same features available to New Zealand users on a voluntary basis. From next month, the company will make the system mandatory in New Zealand.
“This is just one of the advanced security and monitoring systems we have in place to protect our users,” said Ms Cronin-Knight.
“While we appreciate that it will create another step in providing access for users, making two-factor authentication mandatory is a massive leap forward in security by further reducing the risk of compromise.
“It’s an effective way to protect data, and a critical step in running a business responsibly.”
The authentication apps supported by MYOB are Google Authenticator (for Android and iOS), Microsoft Authenticator (for Windows), and Authy (for Android and iOS, plus any device running the Chrome browser). MYOB’s implementation of two-factor authentication also supports authentication via email, but the use of a mobile app is recommended.
“As well as the heightened risks for business, international changes to data protection and privacy legislation means there is an increasing expectation that organisations take steps to protect personal and sensitive data,” said Ms Cronin-Knight.
“By making two-factor authentication mandatory in the areas New Zealand business owners need the highest levels of protection such as financial and accounting services, we can take steps to protect our economy from the growing international threat of cyber-crime.”