Close this search box.

We are creating some awesome events for you. Kindly bear with us.

Online protection achievable by getting basics right

A newly released report from CERT NZ highlights how basic measure continue to sit at the centre of protecting New Zealanders and their businesses from online threats.

According to a recent report, weak passwords have caused attackers to gain access to business email accounts.

The organisation’s latest report reveals case studies of two New Zealand businesses impacted by significant security breaches.

It details how attackers gained access to business email accounts due to weak passwords.

In one of the cases, the attacker was able to gain access and tracked the emails of the business for at least six months.

In doing so, they were able to gather an extensive knowledge of the billing cycles of the business as well as behaviours thereby enabling them to create and send out fake invoices to the database of the business.

The organisation worked with the affected businesses and was able to help them recover.

CERT NZ was established to help New Zealanders stay safe online, whether by taking incident reports, sharing best practice advice, or by sharing data and information about the online threat landscape as it impacts the country.

870 reports were received by the organisation in the July to September quarter. This was the highest recorded number in a quarter since its launch in April 2017.

It shows that reports of unauthorised access, both for business and personal email accounts, increased by 28%.

The Director of the organisation encourages all New Zealanders, at work and at home, to take simple steps such as using strong, unique passwords and multi-factor authentication to protect their email and other important accounts from being compromised.

It is through getting the basics right that Kiwis will be able to stay safe online.

This conclusion came from the in-depth analysis of the reports they have received, combined with information from international partners and global threat insights.

Online security may seem complicated, but the evidence shows that most incidents can be prevented by taking simple steps.

11 cyber security tips for businesses were created based on the quarterly report released by the organisation.

  • Install software updates

Adding features to software is not the only function of patches as they often fix security vulnerabilities too.

Attackers could use these vulnerabilities to gain access to the system. Installing patches that fix them is a simple way to prevent this from happening.

  • Implement two-factor authentication (2FA)

Anyone who logs in the system is required to provide something else, on top of their username and password, to verify that they are who they say they are.

  • Back up data

Keeping data safe is vital in a business. If it is compromised in any way, it is essential to have a backup, or copy available, in order to restore it.

  • Set up logs

Setting up logs will notify business of any unusual events by email. Email notifications should be set up for events that should not happen often.

Store logs in a safe location and ensure that they are encrypted. Access to it should only be granted to those who need it.

  • Create a plan for when things go wrong

Having a clear plan in place can be of great help during what could be a stressful time. It will help the team in responding to an incident quickly and improve the resilience of the business.

  • Update default passwords

Default credentials are easy to find or guess or find online. Attackers could use them to get into the system.

  • Choose the right cloud services for the business

Some benefits include access to software without needing to buy it, access to data from any device at any time, storage space and backups for the data.

  • Only collect the data that is really needed

The level of risk is based on the amount of data being kept. The more data is being collected, the more valuable it is to an attacker.

  • Secure devices

Enable anti-malware on any device, business or personal, which accesses the business data or systems. It prevents malicious software such as viruses or ransomware from being downloaded.

  • Secure network

Firewalls help control where connections go, and proxies can act as an intermediary between different computers or networks.

  • Manually check financial details

A lot of business takes place over email, and it can be hard to tell when an email recipient’s behaviour is ‘phishy’.

If business is being done online and an unexpected or unusual request is received, check it manually before going through with the transaction.

Having manual checks like a phone call will prevent the business from getting caught up in online fraud, like invoice scams.

For more insights into what the organisation has seen in the New Zealand threat landscape in Quarter Three 2018, the latest Quarterly Report can be read here.


Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.


CTC Global Singapore, a premier end-to-end IT solutions provider, is a fully owned subsidiary of ITOCHU Techno-Solutions Corporation (CTC) and ITOCHU Corporation.

Since 1972, CTC has established itself as one of the country’s top IT solutions providers. With 50 years of experience, headed by an experienced management team and staffed by over 200 qualified IT professionals, we support organizations with integrated IT solutions expertise in Autonomous IT, Cyber Security, Digital Transformation, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Well-known for our strengths in system integration and consultation, CTC Global proves to be the preferred IT outsourcing destination for organizations all over Singapore today.


Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit


SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.


HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 


IBM is a leading global hybrid cloud and AI, and business services provider. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,000 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity and service.