Are you and your team prepared for potential cybercrime attacks?
Cybercrime refers to all illegal activity that involves the internet or digital technology.
In July 2024, MYOB reported that more than a quarter (28%) of SMEs surveyed said they had been targeted by malicious cyber activity.
New Zealand’s Computer Emergency Response Team’s (CERT NZ) quarterly Cyber Security Insights reported over $25 million in direct financial losses in 2024.
Business owners should be aware of potential threats and train their staff to recognise and prevent potential attacks that may cause financial loss, harm to reputation and business disruptions.
What are common types of cybercrime?
Cybercrime continuously evolves and adapts to exploit new vulnerabilities and technological advancements. Cybercriminals often shift their tactics, from simple phishing schemes to sophisticated ransomware attacks, to stay ahead of security measures. Below are the most common types of cybercrime that are currently known.
How can you protect your business?
There is no foolproof method of preventing cybercrime, but you can greatly decrease your chances of attack by following the steps below.
Stay informed
Make sure you are familiar with the privacy and data policies of companies and services you work with, such as banks, IT providers, government departments, etc. Most of these organisations would never ask you for personal or private information, log-in details, etc., so be aware of their processes for communicating or requesting information.
If a request seems unusual, call or email the organisation to check – but do not rely on the contact details in the request. Check your records or the organisation’s website to ensure you are using the correct phone number or email address.
Watch out for news about specific scams that are being reported, as they often happen in waves. If a company you’ve interacted with has experienced a hack or data breach, you may receive an email informing you that your information may have been compromised. Be sure to take appropriate steps to protect your business, e.g. change your passwords.
Update your passwords and logins
- Use strong passwords that are difficult to guess, change them often, e.g. every six months and do not reuse old passwords.
- Discourage your staff from sharing log-in details, unless it is unavoidable.
- Always disable access to emails or other company accounts for employees who have left the business; this could mean changing shared log-in details after someone leaves.
- If possible, enable multi-factor authentication, such as text verification.
Train your team
Provide regular training to your team on cyber security, such as:
- how to spot a phishing email,
- how to create strong passwords,
- what to do if someone calls or emails the store asking for sensitive information.
Own Your Online, created by CERT NZ, offers many free, educational resources for businesses, including webinars, templates and security frameworks.
Report incidents
If you believe you have experienced a cyber-attack, there are several ways to report this:
- Police – Call 111 (if the attack presents immediate threat) or 105 (for non-emergency attacks). You can also go to your local police station to file a report in person.
- CERT NZ – call 0800 CERT NZ (0800 2378 69) or use their online reporting tool.
- Netsafe NZ – call 0508 638 723, text “Netsafe” to 4282, or use their online reporting tool
In addition to reporting the breach to security officials, you may have further obligations to your employees, customers and business associates under the Privacy Act.
If a cyber-attack has resulted in unauthorised access of private information such as names, contact information, payment information or other personal data, you are required to take the following actions:
- Inform the affected individuals that their data has been breached
- Take steps to prevent further breaches (this may include updating your security settings, implementing new policies and procedures, or engaging with data security professionals)
- Report the breach to the Office of the Privacy Commissioner
Additional Resources

Empowering Retail: Keeping your Customers’ Data Safe
Retailers have responsibilities under the Privacy Act as collectors and users of customer data.
Retailers often collect customer data for online orders, customer loyalty programmes and transacting purchases. Steph Gregor from the Office of the Privacy Commissioner talks us through our responsibilities as collectors and users of this information, and our obligations under the Privacy Act.
We cover data storing safeguard requirements, obligation of data accuracy, how to deal with any data breaches, privacy officer requirements and data information requests
Need more information?
If you would like clarification on anything in this article, or if you would like advice on a specific situation, do not hesitate to email us on [email protected] or give our Advice Service a call on 0800 472 472 (or 1800 128 086 from Australia).
Updated April 2025.