3. General lack of "security hygiene"
Many people and businesses ignore running Windows or anti-virus updates, preferring to address other, more convenient matters. But those updates are a built-in line of defence for software and apps to patch any discovered vulnerabilities or potential back doors into the system.
Bailey says: "Mossack Fonseca, the law firm at the heart of the Panama Papers scandal, had not updated their software, making them vulnerable to an attack that accessed their documents - exactly what happened. Update systems and back up files - so you can deal with attacks like ransomware that enters your system, encrypts files so you can't access them and asks for money to release them.
"If you are backed up, you have a ready-made solution. It's so easy to do that - but so many people and companies do not do it."
4. Not all cyber attacks come from computers
The vulnerability of staff can be a great source of wealth for hackers, Bailey says: "We run what we call a Red Team exercise where we test a client company's cyber-security defences. Among the things we do is use social media and sites like LinkedIn to identify people who might help us.
"Then we pretend to be an IT repair company and ask for information over the phone or call someone and pretend to be an executive and shot at them until they give us the passwords we need. It often works."
5. Business partners need to be part of your network
Third parties - business partners or suppliers - can also be a way in for unscrupulous hackers. The infamous hack of 40 million customers' credit and debit card details from the US Target chain of stores came about when hackers compromised a contractor to gain entry and then acquired advanced rights.
Bailey says: "Companies are realising they are also vulnerable to third parties who may not wish them ill but who provide a pathway for those who do. Many are doing a cyber-security audit these days - especially UK and US companies who want to use New Zealand companies.
"But even if your company can't do that, at least agree some minimum security measures with suppliers and contractors so you don't end up with egg on your face."
A year or two back, Bailey says there would have been a sixth big mistake - boards and chief executives passing off cyber-security as an IT issue: "Thankfully, we are now seeing top table recognition this is a problem that could affect an entire business."
When electing a cyber-security advisor, Bailey says companies should look for credentials and track records; the boom in cyber attacks has created fertile ground for the birth of many small and largely untried cyber-security companies.
# Cyber Security by Kordia brings together a wide range of industry-leading security services and solutions, providing New Zealand's most comprehensive security suite. A key element of this is delivered by specialist cyber-security consultancy, Aura Information Security. Kordia and Aura say companies can protect themselves by getting advice from seasoned specialists, installing a series of measures against hackers and breaches, educating staff and their speciality - 24/7 monitoring and analysis of clients' operations.
Let Kordia be a part of your business's IT journey, connect with them today.
See also:
Mandatory breach notification in NZ – it’s coming!
Breach Notifications 2017 (see page 9)