Mon – Fri  9AM – 5PM|Client Portal
ITstuffed
0800 487 883
Cybersecurity

Is Your Business Ready If Something Goes Wrong?

It is a Tuesday morning and your team arrives to find they cannot access anything. Files, client records, emails - gone. Someone on staff clicked a link the night before and ransomware has encrypted your entire system. You have no backup you can actually restore from, no plan for what to do next, and clients expecting work delivered by noon. This is not a rare scenario. For small professional services businesses, it is one of the more common ways a normal week becomes a crisis.

Most businesses do not lack awareness that something could go wrong. They lack a plan for when it does. That gap is where the real damage happens. A cyber incident, a key person leaving suddenly, a flood in your building, an extended power outage - any of these can bring operations to a halt. The businesses that recover quickly are not the ones that got lucky. They are the ones that had the right structures in place before things went sideways.

The first thing worth sorting is a basic contingency plan. Not a lengthy document that sits in a drawer - a practical set of answers to the questions that matter most in a crisis. Who is in charge of what? How do you contact staff and clients if your email is down? What systems are critical and in what order do you restore them? Even a one-page document that has been thought through properly puts you ahead of most businesses.

Insurance is worth revisiting too. General business insurance is not always enough. Business interruption cover - which pays out when you cannot operate - is different from property cover. And cybersecurity liability insurance, which covers breach remediation costs and legal exposure, is now a genuine consideration for any business holding client data. The NZ Privacy Act 2020 requires you to report certain breaches to the Office of the Privacy Commissioner. the cost of a breach hitting your practice can run well beyond what most small businesses keep in reserve.

On the technology side, having your data backed up in a way that can actually be restored is more important than most business owners realise. Many businesses assume they have a backup until they need it. Cloud-based systems, when set up correctly, mean your data is not tied to a single device or a single office. If something happens to your building or your hardware, you can keep working. That is the outcome that matters, not the technical detail of how it is achieved.

Staff preparation matters as well. Your team needs to know what to do when something goes wrong - not just in theory, but in practice. Who do they call? What should they not touch? What gets communicated to clients and how? A short emergency contact sheet and a conversation about phishing and suspicious emails can make a meaningful difference. Most security incidents in small businesses involve a human moment, not a sophisticated technical attack. If credentials have been exposed, it is worth checking what to do when your data appears on the dark web so you know how to respond quickly.

Outsourcing critical functions - particularly IT support - gives you a safety net that an in-house setup often cannot. If a key person leaves or your systems fail, having an established relationship with an IT support provider means you are not starting from scratch in the middle of a crisis. That relationship has value before anything goes wrong, not just after.

If something does go wrong, knowing the right steps after a breach matters as much as the incident itself. CERT NZ at cert.govt.nz is the right starting point for cyber incidents. They provide free guidance and can help you work out your next steps.

ITstuffed works with professional services businesses across Canterbury to make sure the basics are covered before they need to be. If you want to know where your business actually stands, a 15-minute IT Fit Check at /booking is a good place to start.

Back to News