Cyber Awareness

The Essential Cybersecurity Toolkit for SMBs and Micro-SMBs


Joseph Morgan


08 September, 2023



Operating a small or medium-sized business (SMB) or a micro-SMB in New Zealand comes with its unique set of challenges and opportunities. Among these, have you considered the state of your cybersecurity? Think of your business as a fortress. In a world where digital threats are as real as physical ones, leaving your digital gates unguarded is not an option.

partial view of woman typing on laptop at tabletop with smartphone and notebook, cyber security

Why Cybersecurity Matters in New Zealand

In New Zealand, cybersecurity is not just a buzzword; it’s a critical business requirement. With the increasing number of cyberattacks targeting New Zealand businesses, Cyber Awareness has never been more crucial. For instance, according to CERT NZ, the average financial loss per cybersecurity incident in New Zealand was over NZD $21,000 in Q1 2021. A robust cybersecurity posture can serve as a competitive advantage, especially when customers are increasingly concerned about data privacy.

Key Points:

  • Financial and reputational risks specific to New Zealand.
  • Competitive advantage through robust cybersecurity in the NZ market.

Firewalls: Your First Line of Defence

In the New Zealand context, firewalls are the gatekeepers of your digital domain. They scrutinize incoming and outgoing traffic, blocking or allowing data packets based on a set of security rules. Hardware firewalls protect your network at its entry point, while software firewalls offer more granular control on individual devices. For example, Cisco’s hardware firewalls provide enterprise-level security features tailored for New Zealand SMBs.

Key Points:

  • Hardware vs. Software Firewalls.
  • Importance of setting appropriate security rules for NZ businesses.
Concept - Computer Keyboard with red key that says SECURE, security password protected locked
Virus - Coronavirus

Antivirus Software: The Security Guard​

For New Zealand businesses, antivirus software serves as the vigilant security guard of your digital environment. It continuously scans for malicious software and activities, crucial for protecting against local and global threats. Features like real-time scanning and scheduled scans are essential. Norton Antivirus, for instance, offers these features along with a secure VPN, making it a popular choice among New Zealand SMBs.

Key Points:

  • Real-time and scheduled scanning.
  • Additional features like VPNs for enhanced security in the New Zealand context.

VPNs: The Invisible Cloak​

In New Zealand, where remote work is increasingly common, a Virtual Private Network (VPN) acts as your invisible cloak, safeguarding your online activities and encrypting data. Companies like ExpressVPN offer military-grade encryption and IP masking, ensuring that your online activities remain anonymous and secure, a must-have for New Zealand businesses.

Key Points:

  • Importance of VPNs for remote work in New Zealand.
  • Features like data encryption and IP masking tailored for NZ businesses.
The text inscription VPN is written on a semitransparent field surrounded by a set of abstract
IT programmer installs server firewalls

Intrusion Detection Systems

Intrusion Detection Systems (IDS) are your digital watchdogs, especially vital for New Zealand businesses that are part of global supply chains. They monitor network traffic for suspicious activities and alert you in real-time. Host-based systems focus on individual devices, while network-based systems monitor network traffic. Snort, a popular open-source network-based IDS, can identify a wide range of attacks and suspicious activities.

Key Points:

  • Host-based vs. Network-based IDS.
  • Real-time monitoring and alerts, crucial for New Zealand’s interconnected businesses.

Multi-Factor Authentication

Multi-Factor Authentication (MFA) is akin to having multiple locks on your door, a security measure that is becoming standard practice in New Zealand. It requires users to present two or more verification factors to gain access. Google Authenticator is a commonly used app for this purpose in New Zealand.

Key Points:

  • Types of verification factors.
  • Importance of MFA in preventing unauthorised access in New Zealand.
A hand holding a smartphone with filled up one time password for the validation process, Mobile OTP
laptop keys and keyboard with the word data privacy.

Data Encryption

Data encryption is particularly crucial for New Zealand businesses that deal with international clients or remote workers. Disk encryption tools like BitLocker encrypt the entire hard drive, while file encryption tools like VeraCrypt focus on individual files. This is essential for protecting sensitive information, especially during data transfers.

Key Points:

  • Disk vs. File Encryption.
  • Importance in data transfers, especially for New Zealand businesses operating globally.

Secure Cloud Storage

Cloud storage security is paramount for New Zealand businesses. Look for services that offer end-to-end encryption and two-factor authentication. Dropbox Business, for example, provides these features along with advanced access controls, making it a reliable choice for New Zealand SMBs.

Key Points:

  • End-to-end encryption and two-factor authentication.
  • Advanced access controls for New Zealand businesses.

Employee Training

In New Zealand, employee training in cybersecurity is not just a recommendation; it’s a necessity. Training programs should include phishing simulations and regular updates on the latest cybersecurity threats. KnowBe4 offers comprehensive training modules that are highly relevant for the New Zealand workforce.

Key Points:

  • Importance of phishing simulations.
  • Keeping the New Zealand workforce updated on cybersecurity threats.

Regular Audits

Regular cybersecurity audits are akin to medical check-ups for your New Zealand business. These can be internal, conducted by your IT team, or external, performed by specialised third-party services. Tools like Nessus can assist in these audits, providing in-depth vulnerability assessments tailored for the New Zealand market.

Recommendations for Conducting Regular Audits in SMBs and Micro-SMBs

Before diving into the audit process, clearly define what you aim to achieve. Are you focusing on compliance, vulnerability assessment, or both? The scope will guide the audit, ensuring that it is both targeted and effective. For instance, if you’re in the healthcare sector in New Zealand, compliance with the Health Information Privacy Code might be a key focus.

While conducting audits in-house provides a level of control and cost-effectiveness, it often falls short in specialised expertise. To bridge this gap, consider outsourcing specific audit components to specialised IT experts. By doing so, you benefit from cutting-edge industry knowledge and an external perspective, enhancing the comprehensiveness and reliability of your cybersecurity audits. This approach allows for a synergistic blend of internal oversight and external expertise, optimising your cybersecurity posture.

For SMBs and Micro-SMBs that may not have the resources to employ a full-time Chief Information Security Officer (CISO), hiring a Virtual CISO (vCISO) can be an astute strategic move. A vCISO brings executive-level cybersecurity expertise to your organisation without the full-time commitment, providing oversight and strategic direction for your audit processes. This ensures that your audits are not only technically sound but also aligned with broader business objectives and compliance requirements. Leveraging a vCISO’s expertise can significantly elevate the effectiveness and strategic value of your regular cybersecurity audits.

Backup Solutions

Backup solutions are your contingency plans, especially vital in New Zealand where natural disasters like earthquakes can pose additional risks. Local backups offer quick access but are vulnerable to physical risks like fire or theft. Cloud backups, such as those offered by Backblaze, provide off-site storage, safeguarding against both cyber and physical risks.

Key Points:

  • Local vs. Cloud Backups.
  • Importance of regular backup schedules for New Zealand businesses.

Cyber Insurance

In New Zealand, cyber insurance is becoming increasingly important. It offers liability coverage that covers the costs associated with cyber incidents, from legal fees to customer notification and credit monitoring services. Companies like CyberPolicy offer tailored packages for New Zealand SMBs.

Key Points:

  • Types of coverage available in New Zealand.
  • Tailored insurance packages for New Zealand SMBs.

Compliance and Regulations

In New Zealand, compliance with the Privacy Act 2020 is mandatory for businesses. This act mandates stringent data protection measures and imposes penalties for data breaches. Non-compliance can result in severe penalties, including hefty fines.

Key Points:

  • Privacy Act 2020 and its implications for New Zealand businesses.
  • CIS Controls Version 8
  • ISO / IEC 127001 
  • NIST
  • Consequences of non-compliance in the New Zealand context.


“Working with NanoTech Security has been a transformative experience for my small business in Whangarei. Their expertise in MFA and IT compliance has significantly bolstered our IT posture. A great partnership that’s made us more secure and compliant. Highly recommended for any NZ business.”

– Henare Tōpota, Small Business, Whangarei


For New Zealand SMBs and Micro-SMBs, Cyber Awareness is not a one-time initiative but an ongoing commitment. By equipping your business with a comprehensive cybersecurity toolkit, you’re not just protecting your business; you’re fortifying your reputation and ensuring long-term success in the New Zealand market. Stay vigilant, stay updated, and most importantly, stay secure.