17th April, 2019
By making the 2FA security feature standard across all its online products for SMEs, MYOB is helping protect New Zealand’s small businesses from cyber threats.
Nearly a third of Kiwi SMEs – as many as 150,000 businesses – have experienced cyber attack in recent years, causing a majority of SME operators to express concerns regarding cyber security.
In response, MYOB is making two-factor authentication (2FA) mandatory for all its clients in May this year, while also calling on the NZ government to address online security in the financial sector.
READ: The case for two-factor authentication
According to the latest MYOB Business Monitor survey of over 1,000 businesses nationwide, more than half of all SME operators (54 percent) are concerned about their cyber security, with 12 percent very concerned.
Among businesses directly involved in the technology sector, the level of serious concern rises to 27 percent.
MYOB country manager, Ingrid Cronin-Knight said the level of concern expressed by SME operators reflects the growing risks of online attacks.
“Internationally we’ve seen a massive rise in risk, as antagonists – from amateur hackers to organised crime syndicates – look for financial gain, to create disruption or simply gain kudos among their peers by attacking websites, businesses and Governments,” she said.
“Clearly, in this globally connected world, New Zealand is far from immune. The sheer number of local businesses that have experienced some form of cyber attack is sobering.”
According to the Business Monitor survey, 29 percent of all local SME operators have been the victims of an actual or attempted cyber security breach from malware, an online or social media scam, hack, phishing attack or ransomware.
The sectors most likely to have experienced a cyber attack are the professional services industry (36 percent), technology businesses (32 percent) and the finance and insurance sector (31 percent).
MYOB introduced mandatory 2FA on all its online products in Australia last year* and made the same features available to New Zealand users on a voluntary basis.
From next month, MYOB will make the system mandatory in New Zealand.
“This is just one of the advanced security and monitoring systems we have in place to protect our users,” said Cronin-Knight.
“While we appreciate that it will create another step in providing access for users, making two-factor authentication mandatory is a massive leap forward in security by further reducing the risk of compromise.
“It’s an effective way to protect data, and a critical step in running a business responsibly.”
The authentication apps supported by MYOB are Google Authenticator (for Android and iOS), Microsoft Authenticator (for Windows), and Authy (for Android and iOS, plus any device running the Chrome browser).
MYOB’s implementation of 2FA also supports authentication via email, but the use of a mobile app is recommended.
“As well as the heightened risks for business, international changes to data protection and privacy legislation means there is an increasing expectation that organisations take steps to protect personal and sensitive data,” said Cronin-Knight.
“By making two-factor authentication mandatory in the areas New Zealand business owners need the highest levels of protection such as financial and accounting services, we can take steps to protect our economy from the growing international threat of cyber-crime.”
Cronin-Knight said it is only by continuously monitoring and proactively addressing threats and vulnerabilities that organisations can mitigate these risks.
“Local business operators need the best tools available to help them manage the daily risks they face in protecting their valuable personal information and business data,” she said.
“That’s why we’re calling on the New Zealand Government to follow the example of the Australian Taxation Office and make two-factor authentication a mandatory standard for all online financial service providers.”
Instead of relying on just a password to determine a user’s identity, 2FA uses an additional device, such as a text code sent to a smartphone app, or even a physical characteristic like a fingerprint, to provide another layer of access protection.
READ: Most cyber threats mitigated by reducing human error
In its Operational Framework for Digital Services Providers released late last year, the Australian Taxation Office mandates the use of multifactor – including two-factor – authentication by cloud-based accounting systems.
Netsafe CEO Martin Cocker said Netsafe supports initiatives to increase the adoption of improved security practices such as two-factor authentication that will help Kiwis have a safer experience online.
“Two-factor authentication is a simple and practical measure that provides additional protection against hackers and fraudsters and decreases the risk of unauthorised access to online accounts,” said Martin Cocker.
“Recent research from InternetNZ shows that only 30 percent of NZ adults use two-factor authentication on any or all accounts where it is available.”
*2FA has been introduced to all of MYOB’s online, SME-centric products in Australia and soon in New Zealand, but is yet to be included in bigger business products such as MYOB Advanced.