Helping businesses impacted by COVID-19
Recently the Government announced more tax changes to assist NZ businesses manage the impacts of COVID-19.
Legislation has now been passed to bring some of these changes into effect.
Small business cashfow scheme (SBCS)
The Small Business Cashflow Scheme (SBCS) is a one-off loan to businesses impacted by COVID-19. Small to medium business owners, including sole traders and the self-employed, may be eligible for a one-off loan if they have been adversely affected by COVID-19.
For more information go to: www.ird.govt.nz/covid19
Temporary loss carry-back scheme
Businesses expecting to make a loss in either the 2020 year or the 2021 year can use that loss to offset profits they made the year before. In other words, they can carry the loss back one year to the preceding income year. This can be done before the loss year return is filed.
There are two ways to claim your loss carry-back.
If you choose to use the loss carry-back scheme you must first elect to participate in the scheme under the ‘I want to’ section of myIR. Refunds will be processed quicker for claims made through myIR. Log in or register for a myIR account today.
Note: You do not need to have filed the loss year return to claim the loss carry-back.
By when do I need to re-estimate my provisional tax?
You can re-estimate your provisional tax as many times as you need to as long as you do so before the tax return for the year is filed or due, whichever is earlier.
Subvention payments, profits paid as shareholder-employee salaries or dividends
The following situations cannot be reversed to take advantage of a loss carry-back:
Shareholder-employees who have paid provisional tax on the basis they would receive a shareholder salary in the 2020 year may re-estimate their provisional tax if their company is going to claim a loss carry-back in 2020 - which will reduce their shareholder-salary. Any overpaid provisional tax will be refunded.
Shareholder-employees must let us know they are going to re-estimate their provisional tax because of a loss carry-back by using the opt-in service in myIR (in the ‘I want to’ section of your income tax account in myIR account). They can then re-estimate their provisional tax up to the time their 2020 return is due or filed. In all other situations the last day for a provisional tax estimation is the 3rd provisional tax instalment date.
Need more information?
Talk to your tax agent or go to: www.ird.govt.nz/loss-carry-back
To find out how to claim a loss carry-back go to: www.ird.govt.nz/claim-loss-carry-back
Recently the Government announced more tax changes to assist NZ businesses manage the impacts of COVID-19.
Legislation has now been passed to bring some of these changes into effect.
Small business cashfow scheme (SBCS)
The Small Business Cashflow Scheme (SBCS) is a one-off loan to businesses impacted by COVID-19. Small to medium business owners, including sole traders and the self-employed, may be eligible for a one-off loan if they have been adversely affected by COVID-19.
For more information go to: www.ird.govt.nz/covid19
Temporary loss carry-back scheme
Businesses expecting to make a loss in either the 2020 year or the 2021 year can use that loss to offset profits they made the year before. In other words, they can carry the loss back one year to the preceding income year. This can be done before the loss year return is filed.
There are two ways to claim your loss carry-back.
- Include the carried-back loss in your tax return – we will automatically refund any overpaid tax.
- Ask for a refund of any provisional tax you have paid for 2020 if you are going to carry back a loss from 2021.
If you choose to use the loss carry-back scheme you must first elect to participate in the scheme under the ‘I want to’ section of myIR. Refunds will be processed quicker for claims made through myIR. Log in or register for a myIR account today.
Note: You do not need to have filed the loss year return to claim the loss carry-back.
By when do I need to re-estimate my provisional tax?
You can re-estimate your provisional tax as many times as you need to as long as you do so before the tax return for the year is filed or due, whichever is earlier.
Subvention payments, profits paid as shareholder-employee salaries or dividends
The following situations cannot be reversed to take advantage of a loss carry-back:
- company profits that have been paid out as a dividend or shareholder employee salary in the preceding year
- a subvention payment made in a preceding year.
Shareholder-employees who have paid provisional tax on the basis they would receive a shareholder salary in the 2020 year may re-estimate their provisional tax if their company is going to claim a loss carry-back in 2020 - which will reduce their shareholder-salary. Any overpaid provisional tax will be refunded.
Shareholder-employees must let us know they are going to re-estimate their provisional tax because of a loss carry-back by using the opt-in service in myIR (in the ‘I want to’ section of your income tax account in myIR account). They can then re-estimate their provisional tax up to the time their 2020 return is due or filed. In all other situations the last day for a provisional tax estimation is the 3rd provisional tax instalment date.
Need more information?
Talk to your tax agent or go to: www.ird.govt.nz/loss-carry-back
To find out how to claim a loss carry-back go to: www.ird.govt.nz/claim-loss-carry-back
Xero webinars for xero users
Getting sorted in Xero April 2020
accessing government information
21 April 2020 at 10 am
21 April 2020 at 11 am
suspending staff 17 april 2019
Most of us believe we know the rules around suspension. If an employee is alleged to have performed an act of 'Serious Misconduct' the employer can immediately suspend them with impunity. Actually no, not always.
In today's employment law environment and high threshold of procedural fairness every action or inaction can and will be critiqued by the cottage industry of employee advocates. Getting one procedure step wrong and the justification of your action or the employee contribution to the situation is often thrown to the wayside as you see the personal grievance succeed against you.
Actions of serious misconduct from staff does often justify summary (instant) termination, but nevertheless there is a very strict process to follow, and the suspension part of that is not always justified.
Suspending an employee is a punitive measure and dis-advantages them in the function of performing their job. Just because you 'can' doesn't mean to say you 'should'.
Suspensions need to be reasonably justified, and procedurally fair. Bearing in mind the dangers around pre-determining outcomes and jumping to conclusions, questions need to be asked around what threat does the employee pose should they remain in role? Is there any risk to the business or from a Health & Safety point of view? Unless you deem a very real and immediate threat being present you could be unjustified at that point to suspend.
We have released a whitepaper in the Library section of the Employers Toolbox detailing the process and issues of suspension including the letters to use when appropriate. We strongly advise our clients to read and follow this should you be faced with a an instance of serious misconduct' in your workplace. Having solid and clear employment agreements and policy is the cornerstone for the rules around discipline, but clear process in the enforcement is equally as important.
In today's employment law environment and high threshold of procedural fairness every action or inaction can and will be critiqued by the cottage industry of employee advocates. Getting one procedure step wrong and the justification of your action or the employee contribution to the situation is often thrown to the wayside as you see the personal grievance succeed against you.
Actions of serious misconduct from staff does often justify summary (instant) termination, but nevertheless there is a very strict process to follow, and the suspension part of that is not always justified.
Suspending an employee is a punitive measure and dis-advantages them in the function of performing their job. Just because you 'can' doesn't mean to say you 'should'.
Suspensions need to be reasonably justified, and procedurally fair. Bearing in mind the dangers around pre-determining outcomes and jumping to conclusions, questions need to be asked around what threat does the employee pose should they remain in role? Is there any risk to the business or from a Health & Safety point of view? Unless you deem a very real and immediate threat being present you could be unjustified at that point to suspend.
We have released a whitepaper in the Library section of the Employers Toolbox detailing the process and issues of suspension including the letters to use when appropriate. We strongly advise our clients to read and follow this should you be faced with a an instance of serious misconduct' in your workplace. Having solid and clear employment agreements and policy is the cornerstone for the rules around discipline, but clear process in the enforcement is equally as important.
domestic violence and the role of the employer
17 April 2019
Statistics tell us Police respond to a family violence incident every 5 minutes on average, and 76% of these incidents also go unreported.
As the Employer you now have a duty and role to play if any of your staff become victims of domestic violence, or are the primary care giver for victims of the same.
Now with a framework of employer paid support in workplaces it's likely that most businesses will experience the issue first hand at some point. Businesses need to be ready, managers need to know what to do.
From a compliance point of view you don't actually have to amend your employment agreements at all. Domestic Violence Leave is law and cannot be contracted out of, so much in the same way as other types of leave you don't actually need to mention it in the agreement unless you are proposing to offer more support over and above the legal minimum.
If you feel more comfortable having it in your employment agreements we recommend simply quoting the standards as per Act along the line:
"The Employee's domestic violence leave entitlements will be in accordance with the Domestic Violence – Victims’ Protection Act 2018"
We do, however, strongly recommend the implementation of a policy.
Policy in this instance will be far more helpful to all parties concerned. Outlines options and potential outcomes at a time when victims will need the most support. Policy is also far easier to update if required than employment agreements.
Payroll
A frequently asked question currently is 'what do we show on the payslip'. Obviously this will be limited by the capability of functionality from your payroll software. Clearly you need to be tracking the use of the leave, but hopefully software providers give you flexibility on payslip outputs. One of the aims of the new legislation is to ensure victims aren't disadvantaged, so printing 'Domestic Violence Leave' on a payslip would be undesirable if it falls into the wrong hands or is required by the victim as proof of income for whatever reason.
Evidence
Employers may ask for evidence on any occasion as proof of a domestic violence incident. This may not be as easy as it sounds, particularly as the new Act allows leave claims for instances of domestic violence prior to their employment with the current employer (although they only qualify for this leave type after having worked for the employer for 6 months).
What would normally constitute evidence are documentation from; Police, Courts, family violence or support groups, schools, doctors, nurses or statutory declarations. But employers need to be flexible and open minded when it comes to this issue.
Employers have a duty to keep employee information private and confidential, this includes applications for leave and supporting evidence they may provide. Employers are only not prevented from disclosing such information if required by law or if necessary to protect life or in respect to protection of the Health & Safety of workers.
Our Employers Toolbox has a recommended policy for this exact purpose. In the documents section of the Library, download, customise and implement yours now.
Statistics tell us Police respond to a family violence incident every 5 minutes on average, and 76% of these incidents also go unreported.
As the Employer you now have a duty and role to play if any of your staff become victims of domestic violence, or are the primary care giver for victims of the same.
Now with a framework of employer paid support in workplaces it's likely that most businesses will experience the issue first hand at some point. Businesses need to be ready, managers need to know what to do.
From a compliance point of view you don't actually have to amend your employment agreements at all. Domestic Violence Leave is law and cannot be contracted out of, so much in the same way as other types of leave you don't actually need to mention it in the agreement unless you are proposing to offer more support over and above the legal minimum.
If you feel more comfortable having it in your employment agreements we recommend simply quoting the standards as per Act along the line:
"The Employee's domestic violence leave entitlements will be in accordance with the Domestic Violence – Victims’ Protection Act 2018"
We do, however, strongly recommend the implementation of a policy.
Policy in this instance will be far more helpful to all parties concerned. Outlines options and potential outcomes at a time when victims will need the most support. Policy is also far easier to update if required than employment agreements.
Payroll
A frequently asked question currently is 'what do we show on the payslip'. Obviously this will be limited by the capability of functionality from your payroll software. Clearly you need to be tracking the use of the leave, but hopefully software providers give you flexibility on payslip outputs. One of the aims of the new legislation is to ensure victims aren't disadvantaged, so printing 'Domestic Violence Leave' on a payslip would be undesirable if it falls into the wrong hands or is required by the victim as proof of income for whatever reason.
Evidence
Employers may ask for evidence on any occasion as proof of a domestic violence incident. This may not be as easy as it sounds, particularly as the new Act allows leave claims for instances of domestic violence prior to their employment with the current employer (although they only qualify for this leave type after having worked for the employer for 6 months).
What would normally constitute evidence are documentation from; Police, Courts, family violence or support groups, schools, doctors, nurses or statutory declarations. But employers need to be flexible and open minded when it comes to this issue.
Employers have a duty to keep employee information private and confidential, this includes applications for leave and supporting evidence they may provide. Employers are only not prevented from disclosing such information if required by law or if necessary to protect life or in respect to protection of the Health & Safety of workers.
Our Employers Toolbox has a recommended policy for this exact purpose. In the documents section of the Library, download, customise and implement yours now.
daylight savings begins this Sunday 30th Sept 2018
18th September 2018
Daylight Saving begins this month on Sunday 30th September at 2.00 am.
Clocks are put forward one hour to 3.00 am.
Any employees who are working during that time will be working an hour less, but have to still get paid for that skipped hour as if it was worked.
Daylight Saving begins this month on Sunday 30th September at 2.00 am.
Clocks are put forward one hour to 3.00 am.
Any employees who are working during that time will be working an hour less, but have to still get paid for that skipped hour as if it was worked.
make business easier - business.govt.nz -
if you can't back it up, don't say it
If you sell products or services, you need to be able to back up the claims you make about them. A new video from the Commerce Commission gives tips for traders on false, misleading or unsubstantiated claims and how to avoid making them.
Consumers rely on what you say – make sure it’s trueA new video from the Commerce Commission provides advice on how traders can avoid making false, misleading or unsubstantiated claims – especially when consumers can’t verify those claims themselves. Since 2014, the Fair Trading Act has specified the need for businesses to be able to back up all claims made about their products or services.
Claims about food products, like ‘free range’ and ‘organic', and country of origin claims like ‘made (or grown) in New Zealand’ are examples of what the Commerce Commission calls credence claims, and they’ve become a focus for the Commission. Consumers often pay a premium price for these products.
“If those claims are misleading, they are harmful to consumers because consumers may pay a price premium for characteristics of a product that do not exist. They’re also harmful to competition because they give an unfair advantage to traders who make claims without backing them up. Finally, they can have an impact on New Zealand’s reputation with tourists and in export markets,” says Commissioner Anna Rawlings.
Consumers rely on what you say – make sure it’s trueA new video from the Commerce Commission provides advice on how traders can avoid making false, misleading or unsubstantiated claims – especially when consumers can’t verify those claims themselves. Since 2014, the Fair Trading Act has specified the need for businesses to be able to back up all claims made about their products or services.
Claims about food products, like ‘free range’ and ‘organic', and country of origin claims like ‘made (or grown) in New Zealand’ are examples of what the Commerce Commission calls credence claims, and they’ve become a focus for the Commission. Consumers often pay a premium price for these products.
“If those claims are misleading, they are harmful to consumers because consumers may pay a price premium for characteristics of a product that do not exist. They’re also harmful to competition because they give an unfair advantage to traders who make claims without backing them up. Finally, they can have an impact on New Zealand’s reputation with tourists and in export markets,” says Commissioner Anna Rawlings.
READ THE TRANSCRIPT OF THE VIDEO HERE:
Unsubstantiated representation (external link) — Commerce Commission
What you need to know
- Any claim a business makes about goods or services must be able to be proven – whether the claim is express or implied.
- An express claim is one stated in advertising or other material, eg ‘all kids’ clothes half price,’ ‘clinical tests prove,’ ‘free range,’ or ‘our technicians are all registered and qualified.’
- An implied claim is one that’s implied or made indirectly, eg ‘available to you at wholesale prices' implies the customer will pay what a retailer would pay the wholesaler or manufacturer for the product. The claim ‘eco-friendly’ implies the product or service is environmentally friendly.
- You can be prosecuted for making claims you don’t have reasonable grounds to make, or can’t back up. Reasonable grounds can come from:
- information provided by reputable suppliers or manufacturer
- information held by the business making the claim
- any other reasonable source (like scientific or medical journals).
- Claims that are so obviously exaggerated or overstated that they’re unlikely to mislead, eg ‘the greatest coffee in the world,’ ‘the most delicious pastry you’ll ever taste’ – are considered ‘puffery’. The Fair Trading Act allows some leeway when statements are clearly puffery, because most reasonable consumers are aware that some exaggeration occurs in advertising. But it’s still important not to misrepresent goods or services, or claim they have benefits they don’t have.
The law applies equally to services
Have a look at the statements below. If you make claims like these on your website or marketing they must be accurate at the time you make them, and they must continue to be accurate. That means you need to keep your website up to date.
Our techs are all registered and qualified
Are all your techs really registered and qualified? What about that new trainee? Is his or her qualification the appropriate one for the trade or business?
We are the only providers of this service in the city!
What’s your basis for making this claim? Have you commissioned research to show this is accurate?
We are the cheapest – We are the fastest
You need to take care when making claims like these about the service you provide. They relate to fact more than opinion, and they need to be accurate.
However, consumers would realise that a claim like ‘the fastest installer the world has ever seen’ is an obvious exaggeration, and that would be considered puffery. Consumers are unlikely to be misled by these types of claims.
HALF PRICE!
Be particularly careful when making pricing claims about the service you provide. Pricing claims generate a lot of complaints to the Commission.
This company was just outstanding. I can’t recommend them highly enough.
Did a genuine independent customer say this, and did they genuinely say it about your company? Testimonials and reviews must be accurate and not give a misleading impression.
Trusted, unbiased information
Is there anything you aren’t disclosing which might make claims like this inaccurate? Do you have any commercial relationships which are relevant to that sort of claim?
Pricing claims (external link) – Commerce Commission
Guidance on reviews and endorsements (external link) - International Consumer Protection and Enforcement Network
Cautionary tales
A health supplement company and its owner were fined $526,500 for breaching the Fair Trading Act after they claimed bee pollen was New Zealand-made, when in fact it was produced and processed in China.
Cases against multiple companies who made claims about ‘pure alpaca’ or ‘100% cashmere’ products, which actually contained little or no such fibres, have resulted in fines just over $1.5 million.
A heat pump supplier was fined $310,000 for making unsubstantiated or misleading claims about the energy efficiency and performance of some of its heat pumps.
Source: Ministry of Business, Innovation and Employment (NZ)
newsletter january 2018
Employment: Five key rights and rules
From employment agreements to pay rates, it’s important for employers and employees to know the rules. Get up to speed with these tips and free online training for workers and employers.
Click here to Check it out
Law change: New rules if you sell food
Cafes. Market stalls. Food trucks. Butchers. Food manufacturers. If you sell food, check if you must register by 31 March 2018 under new Food Act rules.
Click here to Find out more
Renting to students: Tips for landlords
Student tenancies are covered by the same rules as other tenancies — but sometimes students have different expectations, especially length of lease.
Click here for Landlord tips
If a customer wants to return it, what’s fair?
What to do if someone comes in with an unwanted gift? Following set steps will save you time and stress. Plus use our refund sign and complaint record form.
Click here to Find out more
ACC’s new online service
MyACC for Business is ACC’s new online service for business customers. It replaces ACC Online and helps small businesses manage levy accounts any time from any device.
click this to Register here
Trial period rules you must follow
Employers can use 90-day trial periods for new employees. But strict rules apply, eg details must be in a signed employment agreement. Our Employment Agreement Builder (EAB) sets out the dos and don’ts.
Click this link for EAB: Trial period information.
Assess your leadership skills
Whether you’re a new leader or an experienced manager, it’s important to focus on your team — but also to think about your own practices. Take this quick self-assessment to discover how your approach to management and leadership works for your business, and what might be holding you back.
Then try two more self-assessments on communication and feedback, and trust and fairness. At the end of each you’ll get practical tips and links to expert advice.
Click here to Start now
Newsletter November 2017
Claiming expenses on business trips
You can claim the cost of many daily expenses when travelling for work. If the trip is part business, part holiday, you can only claim work-related expenses.
Learn more
Retail crime: Simple ways to reduce your risk
Hi-tech cameras and round-the-clock guards are beyond the reach of many shop owners. Here are ways you and any staff can protect your business and stay safe.
Read on
Two-factor authentication: Quick security for email and data
Add extra security to your accounts and devices by turning on two-step verification. It takes just a few minutes to set up — and stops hackers in their tracks.
Here’s how
Landlords: New insulation rules
Does your rental home meet new insulation standards? The deadline is July 2019, and summer is a great time to get ready for the new rules, either between tenancies or during routine maintenance. Start with an insulation assessment — you will either get:
• Details of any work needed — it’s a good idea to retrofit insulation well before the deadline.
• Paperwork for your tenancy agreement, proving the property meets insulation requirements.
Tenancy Services has tips and advice on what’s involved, plus exceptions to the new rules.
Find out more
Paying employees for holidays and leave
When someone takes paid time off work, eg public holiday, annual leave or sick leave, the law tells you how much to pay them. New tools for employers and employees can help.
Check them out
It’s a wrap: Preparing your business for Christmas
The Christmas run-up can be frantic for business owners. Here’s a quick guide to claiming Christmas expenses and rules relating to staff leave, to help make this festive time a little less taxing.
Read more
Using the Companies Register just got better
It’s now easier to use online services and find tips on how to register a company, search the Companies Register, or keep your company’s details up to date.
Check it out
From employment agreements to pay rates, it’s important for employers and employees to know the rules. Get up to speed with these tips and free online training for workers and employers.
Click here to Check it out
Law change: New rules if you sell food
Cafes. Market stalls. Food trucks. Butchers. Food manufacturers. If you sell food, check if you must register by 31 March 2018 under new Food Act rules.
Click here to Find out more
Renting to students: Tips for landlords
Student tenancies are covered by the same rules as other tenancies — but sometimes students have different expectations, especially length of lease.
Click here for Landlord tips
If a customer wants to return it, what’s fair?
What to do if someone comes in with an unwanted gift? Following set steps will save you time and stress. Plus use our refund sign and complaint record form.
Click here to Find out more
ACC’s new online service
MyACC for Business is ACC’s new online service for business customers. It replaces ACC Online and helps small businesses manage levy accounts any time from any device.
click this to Register here
Trial period rules you must follow
Employers can use 90-day trial periods for new employees. But strict rules apply, eg details must be in a signed employment agreement. Our Employment Agreement Builder (EAB) sets out the dos and don’ts.
Click this link for EAB: Trial period information.
Assess your leadership skills
Whether you’re a new leader or an experienced manager, it’s important to focus on your team — but also to think about your own practices. Take this quick self-assessment to discover how your approach to management and leadership works for your business, and what might be holding you back.
Then try two more self-assessments on communication and feedback, and trust and fairness. At the end of each you’ll get practical tips and links to expert advice.
Click here to Start now
Newsletter November 2017
Claiming expenses on business trips
You can claim the cost of many daily expenses when travelling for work. If the trip is part business, part holiday, you can only claim work-related expenses.
Learn more
Retail crime: Simple ways to reduce your risk
Hi-tech cameras and round-the-clock guards are beyond the reach of many shop owners. Here are ways you and any staff can protect your business and stay safe.
Read on
Two-factor authentication: Quick security for email and data
Add extra security to your accounts and devices by turning on two-step verification. It takes just a few minutes to set up — and stops hackers in their tracks.
Here’s how
Landlords: New insulation rules
Does your rental home meet new insulation standards? The deadline is July 2019, and summer is a great time to get ready for the new rules, either between tenancies or during routine maintenance. Start with an insulation assessment — you will either get:
• Details of any work needed — it’s a good idea to retrofit insulation well before the deadline.
• Paperwork for your tenancy agreement, proving the property meets insulation requirements.
Tenancy Services has tips and advice on what’s involved, plus exceptions to the new rules.
Find out more
Paying employees for holidays and leave
When someone takes paid time off work, eg public holiday, annual leave or sick leave, the law tells you how much to pay them. New tools for employers and employees can help.
Check them out
It’s a wrap: Preparing your business for Christmas
The Christmas run-up can be frantic for business owners. Here’s a quick guide to claiming Christmas expenses and rules relating to staff leave, to help make this festive time a little less taxing.
Read more
Using the Companies Register just got better
It’s now easier to use online services and find tips on how to register a company, search the Companies Register, or keep your company’s details up to date.
Check it out
protect your business data
As data breaches and online threats become more common, it’s important to take active measures to safeguard critical systems and sensitive information. These practical cyber security and data safety tips will help you keep your data safe and secure.
know the risks
Proper storage and regular backups will help protect your important information from system failures or improper use. But an increasingly complex online world means you need to also protect your data from unauthorised access, whether it’s an accidental breach by someone in your business or by a hacker.
Ignoring cyber security threats and data breaches puts your reputation — and bottom line — at risk.
Recovering from a cyber attack or data breach could be an expensive undertaking. Take precautions so you don’t fall victim.
Ignoring cyber security threats and data breaches puts your reputation — and bottom line — at risk.
Recovering from a cyber attack or data breach could be an expensive undertaking. Take precautions so you don’t fall victim.
cyber security: what is it?
Cyber security is the measures you take to protect information, devices and systems from unauthorised access, attack or other risks.
Common threats to a business’s data and systems include:
Types of cyber security threats (external link) — CERT NZ
Cyber security and your business (external link) — CERT NZ
Common threats to a business’s data and systems include:
- Data breaches: When private information is released into an unsecured environment. This could be done on purpose or by accident.
- Malware: Malicious software designed to damage or harm a computer system. Ransomware is a type of malware that denies a user access to their files or computer systems unless they pay a ransom.
- Denial-of-service: Attacks that aim to restrict or impair access to a computer system or network. Typically, the aim is to prevent legitimate users from accessing websites or payment services.
- Insider threats: Someone who has inside knowledge threatens your business.
Types of cyber security threats (external link) — CERT NZ
Cyber security and your business (external link) — CERT NZ
assess your weak points
To best protect your systems and data, you need to identify and address your vulnerabilities and your important assets.
To work out whether you are doing enough to protect your business from cyber security incidents, take Connect Smart’s short online questionnaire. Based on your results, you will receive an action plan that sets out steps to better secure your business.
How cyber secure is your business? (external link) — Connect Smart
If you have lots of holes and don’t know how to manage them, consider paying a security specialist to help you set up a security process.
To work out whether you are doing enough to protect your business from cyber security incidents, take Connect Smart’s short online questionnaire. Based on your results, you will receive an action plan that sets out steps to better secure your business.
How cyber secure is your business? (external link) — Connect Smart
If you have lots of holes and don’t know how to manage them, consider paying a security specialist to help you set up a security process.
don't store data and records longer than you need to:
It will make managing — and safeguarding — your data easier.
Plan to protect important data
Protecting important data is all part of continuity planning — being prepared to recover from any problems. Follow these steps:
Connect Smart for Business: SME Toolkit (external link) — Connect Smart
The Privacy Commissioner also has a step-by-step toolkit on how to plan and respond to data breaches.
Data Safety Toolkit (external link) — Privacy Commissioner
Protecting important data is all part of continuity planning — being prepared to recover from any problems. Follow these steps:
- Identify everything that holds vital data. This is the information, records and systems that you can’t do without, or would be most damaging if lost.
- Make protecting vital data a priority. Put extra security measures in place to protect sensitive data from different kinds of threats. This might be customer details, confidential agreements, financial records and any trade secrets or other intellectual property.
- Plan ahead for different scenarios. Map out a step-by-step approach of what to do if important data is lost, breached or hacked. You will be able to respond quickly — and have a better chance of minimising any negative impacts. Don’t just think about it. Write it down.
- Make sure staff know what to do. This includes training or check-ins, and making sure passwords are protected and updated.
- Put your plan into practice. Test different scenarios regularly. Make any changes to your plan if it doesn’t work as expected.
Connect Smart for Business: SME Toolkit (external link) — Connect Smart
The Privacy Commissioner also has a step-by-step toolkit on how to plan and respond to data breaches.
Data Safety Toolkit (external link) — Privacy Commissioner
Don't use the same password or passphrase for any of your systems or staff. Cyber criminals will get access to ALL your information in one hit. And don’t use P-A-S-S-W-O-R-D or other easily guessed passwords.
cyber security steps:
There are a number of easy things you can do to protect your information. The key is to commit to safety measures. If you have staff, make sure they are trained and kept up to date on any new risks or protective steps.
Passwords and passphrases
Passwords and passphrases
- Always use strong passwords or passphrases to protect your devices and data.
- Use passphrases, rather than passwords. Passphrases are unique, at least 15 characters long and a combination of different character types, eg IAte23OfDiana'sSandwiches!.
- Change any default passwords and usernames that come with a new device as soon as you get it.
- Don’t use the same password or passphrase for more than one of your systems or staff. Hackers could get into all your most sensitive information in one hit.
Don’t leave factory or administrator passwords in place on your WiFi, modem or any devices.
Change these to strong passwords or passphrases — and make it part of your off-boarding process to change them each time someone leaves the business.
Change these to strong passwords or passphrases — and make it part of your off-boarding process to change them each time someone leaves the business.
Firewalls
A firewall is software or hardware that protects your computer or device against online threats. It helps you monitor who or what is allowed to access your system. It will also notify you if your computer or device is trying to access something suspicious online. Think of it as a door between your computer and the internet. It helps you let the right things in and keep suspicious activity out.
Automatic updates
Software providers release regular updates to patch — or guard against — the latest hacks and bugs. They’re easy to ignore or put off, but it’s time well spent to keep your systems safe.
Two-factor authentication
Two-factor authentication (2FA) makes it much more difficult for hackers to crack into your systems. 2FA ensures a user can only gain access if they have an extra credential above a valid username and password. This extra credential may be a PIN number, access to a physical security key or token, or a unique identifier, eg a fingerprint. You should enable it for your most important systems, accounts and devices.
A firewall is software or hardware that protects your computer or device against online threats. It helps you monitor who or what is allowed to access your system. It will also notify you if your computer or device is trying to access something suspicious online. Think of it as a door between your computer and the internet. It helps you let the right things in and keep suspicious activity out.
Automatic updates
Software providers release regular updates to patch — or guard against — the latest hacks and bugs. They’re easy to ignore or put off, but it’s time well spent to keep your systems safe.
Two-factor authentication
Two-factor authentication (2FA) makes it much more difficult for hackers to crack into your systems. 2FA ensures a user can only gain access if they have an extra credential above a valid username and password. This extra credential may be a PIN number, access to a physical security key or token, or a unique identifier, eg a fingerprint. You should enable it for your most important systems, accounts and devices.
If your device alerts you to an update, don't ignore it.
The latest updates or versions often patch — or repair — any new vulnerabilities to cyber attacks.
Guard against cyber attacks
The latest updates or versions often patch — or repair — any new vulnerabilities to cyber attacks.
Guard against cyber attacks
Staff awareness is key to preventing cyber security incidents and data breaches.
Make sure everyone in your business knows how to keep important data and systems secure.
Make sure everyone in your business knows how to keep important data and systems secure.
For more go to www.business.govt.nz/risks-and-operations/it-risk-and-avoiding-scams/protecting-business-data/
