Security | 21st Feb 2018

When it comes to information security, your people are your weakest link

By Paul Manson, vCIO - HUM

Google ‘information security’, and you’ll find no end of articles focussed on the technical aspects of keeping your business safe: Firewalls, patching, IDS, SSL, VPN, 2FA, DLP and a bunch of other three letter acronyms.  But when it comes to information security, it’s people - that’s you and your staff - who are actually your business’ weakest link. That’s right: the most gaping security holes have less to do with technology, and much more to do with a few universal human traits. Here are the ‘big four’ attitudinal weaknesses I see time and again:


It’s tempting to dismiss information security as an ‘IT problem’. But it’s really a business risk issue and deserves your personal time and attention. After all, what could be more valuable to you than your IP, your customers’ data, or your reputation? You owe it to your business to educate yourself on the risks and how to mitigate them. And please, don’t just assume your IT guy/gal has your security covered - satisfy yourself definitively that they do. If not, shop around until you find a managed IT provider who does.


Otherwise known as “I don’t need to worry about security because no hacker is interested in my little business down here at the bottom of the world.” Assuming a hacker targets you specifically is like assuming that all that the spam you get was written specifically for you. Cyber attacks like ransomware are indiscriminate and work on the idea that if they hit 20,000 organisations and get a 0.1% hit rate, that’s still 20 people that will pay $5000 each (a cool $100,000). Almost one in five Kiwi small businesses fall victim to cyber attacks every year (and that’s just the ones who report it), losing an average of $19,000 each.* The internet is global, and complacency almost guarantees you will get burnt.


We Kiwis are a trusting lot, but when it comes to information security, healthy skepticism should be your default attitude. That means not opening unusual emails or clicking on suspect links, and learning to recognise common ‘phishing’ scams. Phishing attacks are becoming increasingly sophisticated and alarmingly common. Forget the stereotypical email from Nigeria; today’s phishing emails are likely to look like they come from a trusted organisation, such as your bank or a government organisation. ‘Spear phishing’ attacks are even more targeted, and look as though they were sent from your own staff or a supplier. The lesson? Always pick up the phone before making that bank transfer.


People who work in small businesses are some of the busiest people around, and they tend to wear many hats. As a result, we often simplify our security as a practical solution. If a client calls up wanting to talk to Janice in accounting, and she’s on leave today? Sure, I can log into her computer and give you that information. Chances are though, that Janice has the same password for her accounting software, her computer, her email, and the payroll app. It’s probably also written on that sticky note on her desk, right next to the picture of her dog. So what happens when someone walks into the office to do a ‘WIFI audit’ with a clipboard and a hi vis vest, and walks up to Janice’s desk? Or when the vendor of the payroll app gets hacked, and all their customer passwords are stolen? Information security is one area where cutting corners is always a bad idea.

Cyber crime is a very real risk facing all businesses - big and small - and cannot be ignored. If you need help addressing these all too common human weaknesses, get in touch with me here. A big part of my role as ‘virtual CIO’ for HUM customers is helping them to establish processes that support security best practice. I’d be happy to help start you on the journey to a safer, smarter business.

*Source: Norton New Zealand SMB Cybersecurity Survey, 2016


get hum now

Other Articles
Security | 21st Feb 2018

5 top information security tips every New Zealand small-medium business owner should know

Cyber attacks and security breaches are on the rise. 

Read more
Software-as-a-Service | 21st Feb 2018

Shifting to Software-as-a-Service: Where small businesses have the edge

When you’re a small business up against the big guys, at times it can seem impossible to compete. But there are a few areas where your smaller size gives you a distinct advantage.

Read more
IT spend | 21st Feb 2018

The hidden costs to managing your IT in-house

Have you ever booked a flight online and been bewildered by the hidden costs? You choose your ticket price, which seems reasonable at first. Then you’re asked to pay more to take a bag. Another fee is slapped on to select your seat.

Read more


You're one step closer to HUMMING great I.T. You're about to receive an email confirmation, and on of our team will be in touch soon.