Three cybersecurity threats you need to know about

For insights, opinions and advice to inspire you and your team on your digital journey, you can subscribe to our newsletter. Subscribe now



Key takeaways


  •  Be vigilant: Phishing, whaling and ransomware attacks are happening every day
  •  Learn what to look out for: Emails from unknown people, unusual payment requests
  •  Protect your information: Don’t use the same password for everything


Ransomware, phishing, whaling – if you thought they’re made up for TV, think again.

They’re all tools in the hacker’s arsenal and they could be a cybersecurity threat to your business. In another article, we looked at the big picture of keeping your information secure. Read five fundamentals for securing information

Now we delve deeper into the hacker’s biggest weapon. It’s not technology, as you may have thought. It’s people and our willingness to be friendly, helpful and talkative.

1. Phishing

Phishing is something we all experience. It’s that email from a bank that says something like, "Your account has been compromised. Please check your details by clicking on our link below." It has a logo from your bank (or someone else’s). The hacker has high hopes that you will click on that link.

Of course, it’s not from your bank, but from a hacker who wants you to enter your details so they can access your accounts.

2. Whaling: "Urgent! Act immediately!"

Whaling takes phishing to the next level. It's trying to fool victims into thinking someone important has sent an urgent request. For example, "Please pay this person $25,000 into this account before the end of the day."

Whaling relies on people being unwilling to upset or question the boss. Hackers hope that you'll follow the email's instructions – without checking or verifying.

3. Ransomware: Give me your money or your files get it

Ransomware is also on the rise. Victims click on a link or open an attachment in an email. Next thing they know, their computer (or even their company’s entire network) is locked down. The only way to retrieve the data is to pay a ransom, hence the name.

Technology isn't always the weakest link

Social engineering is tricking people into handing over access or information. Hackers don't need to break into the security system. They just need to fool well-meaning people into revealing passwords or handing over information.

Most small and medium businesses don’t have an IT manager. Most also don’t have the expertise to spot problems before they arise, let alone fix them. So what is a business owner to do?

Mark Churches is the manager of fraud detection and response services at Spark. He says the first step is to make sure your security technology is up-to-date. Installing security software updates and patches is very important, but don't stop there.

As Mark says about security technology, “It tends to give a false sense of security because the technology isn’t usually the weakest link. It’s people."

Constant vigilance

Fraud techniques like phishing and whaling are always changing. For small businesses, that means staying on your toes.

Imagine you’ve received an email from the boss asking you to set up a payment to an account you’ve never heard of before. Do you jump to it, or should you check first?

Mark suggests ringing the boss to double-check. No senior manager would object to someone double-checking before authorising a large payment.

“Big businesses tend to have these procedures in place and they stick to them. Smaller businesses tend not to and that makes them vulnerable to attack.”

Mark says there are four things a user should do when looking at an email or communication that may be suspect:

  1. If you’re suspicious about a request or a large payment, check with your supervisor
  2. Look at the spelling and at the phrasing of the email – does it sound like the CFO or not?
  3. Does the email ask you to break normal procedures? This is a red flag
  4. Check the sender’s email address – is it from within the business or from somewhere else?

Mark has one final piece of advice: don’t reuse passwords.

“Sharing passwords among services means if you’re compromised in one area you have potentially given away access in another. By collecting bits of information from various sources, a hacker can put together a complete picture of you and your online world. That’s a big problem.”

What’s next for you?

If you’ve received any suspicious emails – or you just want to protect your company – get in touch. We'll have a look and suggest services for your company based on its size and requirements. Get in touch with Spark Lab


Keep in touch with Spark Lab

Running a business is easier when you can tap into a network of friends and mentors. At Spark Lab you’ll be part of a business community providing inspiration, advice and support. No matter how big or small your business, join us for access to some of NZ's most successful business minds.

Join the Facebook community for NZ business

With 24/7 connectivity, how do you create a balance between work and life when you’re always ‘switched on’? We asked some busy people for tips on how to both get away from technology and use it to a balanced advantage.  


The issues getting in the way

“Before smartphones and email syncing, we tended to have greater separation between work and non-work time. As that separation has diminished, many feel like they never have time to recharge the batteries,” says Simon Moutter, Managing Director of Spark New Zealand. “We’re not going to change the reality of the online world, so we need to manage the balance through discipline combined with flexibility, as paradoxical as that sounds.”

Thanks! We're sorry to hear that!