Reading time: 6 minutes

Taking business online is becoming more and more common, as customers continue to source their shopping for the Internet. From the point of view of your online business, this convenience for customers is critical. However, operating your business online comes with its own set of risks, leaving both you and your customers vulnerable. Just like you would take steps to protect your physical storefront against a break-in, you need to implement preventative measures against hackers and cyber-attacks. This article will explain your obligations as a business to make sure your customers are secure when they use your online services and provide some tips for securing your online business.

Obligations To Your Customers

If your business deals with customers’ personal information, then this means that you have to comply with NZ privacy law. Personal information includes:

  • full names;
  • photos;
  • physical addresses;
  • email addresses; and
  • payment details.

If customers or clients provide you with this information, you have to protect it against possible data breaches. You also have to notify customers that you are dealing with their private information, which you would usually set out in a privacy policy. You need to let customers know how you deal with their data, including how you:

  • collect;
  • store; and
  • use their information.

If you find that your business has been the victim of a cyber-attack and there is the risk of a privacy breach, you have to let the Privacy Commissioner know as soon as possible. 

Tip: Make sure that someone at your business is your allocated Privacy Officer. This person deals with privacy concerns at your business and ensures your business deals with private customer information appropriately.

To comply with your privacy obligations and secure your business, here are some tips for protecting your business’s online presence:

1. Protect Your Data

First, you need to ensure that you adequately protect your business’s databases or website that stores customer information. You can do this by encrypting data as you collect it, and when you store it as well. This means that only someone with the key can read this data. Some cloud storage services will offer encryption options, or you can find free software that lets you do it yourself.

Tip: Do not let your updates back up. System software updates fix bugs and implement new patches that will keep your data secure. This will assist in keeping things running smoothly.

2. Choose Strong Passwords

One of the most common weaknesses that cyberattacks exploits are weak or stolen passwords. Weak passwords are often: 

  • too simple or short;
  • used across many devices; or
  • the default system password.

Make sure your password is strong, with numbers and capital letters, and not easily guessable.

Many businesses use ‘passphrases’ such as ‘ICanSell300ShoesToday’ that are easy to remember.

It is also a good idea to use two-factor authentication, which means that anyone that logs into your systems needs to provide a secondary piece of information after the password for additional verification. This could be a work phone number or an additional question.

3. Check Your Website Security

A simple way to make sure your website is secure for your customers is to enable HTTPS. This means that your website’s security certificate is safe, and you are who you say you are. When customers give you their data online via HTTPS, then that data is encrypted, and no one else can see it.

Additionally, update your website security certificate regularly, and keep track of when your domain name expires. Scammers will often take advantage of expired domain names and sell fake goods or services under that business’s name.

4. Secure Your Devices

Ensure that any devices you use for your business (such as mobiles or computers) are secure. This can mean:

  • using a VPN;
  • installing antivirus software; and
  • setting up a firewall.

Make sure your device’s software is up to date, and install new patches as they come. Keeping your devices secure means that you can prevent malware downloads and avoid viruses.

5. Have a Secure Payment Method

If your business processes customers’ financial transactions online, it is crucial that you protect their details with a secure payment method. Both you and your customers could face financial and legal trouble if attackers got a hold of this sensitive information. 

Further, make sure your selected payment method complies with appropriate industry standards. Many off-the-shelf e-commerce platforms, like Shopify or Squarespace, provide safe payment methods that are well-tested and secure.

6. Educate Your Employees

If everyone across your business is aware of cybersecurity risk, you can significantly reduce the likelihood of a data breach occurring. Ensure your employees know what suspicious transactions or log-ins look like so that they do not advertently give attackers sensitive information.

Key Takeaways

Online security for your business is just as important as protecting your physical premises. Moreso, if you solely conduct business online. If you deal with personal information, then you need to make sure that you protect that information. This means taking steps to secure your business’s online data, such as encrypting your data and making sure your business uses strong passwords. If you would like more information or help with your business’s online presence, contact LegalVision’s New Zealand online business lawyers on 0800 005 570 or fill out the form on this page.


How do I protect my business online?

There are multiple steps you can take to protect your business online. This includes encrypting your data, setting up a firewall, having strong passwords and restricting access to sensitive business information.

What does HTTPS mean?

HTTPS stands for “Hypertext Transfer Protocol Secure”. When a website has this as part of their URL, this means that the website is authenticated and protected against cyber attacks. When data passes through this site, it is encrypted and prevents third-party tampering.

What is data encryption?

Data encryption is a way of protecting your data and making sure unauthorised third parties cannot read it. Information is encoded, and only someone with the correct encryption key can access it.

Does my small business need a firewall?

If your small business has an online presence, you should put a firewall in place. Most devices may already have one set up, but you should check and make sure. If you rely on your online business, one cyber attack could cause you a lot of hassle. Implementing preventative measures can avoid trouble in the future.

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Need Legal Help? Submit an Enquiry

If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.

Our Awards

  • 2019 Top 25 Startups - LinkedIn
  • 2020 Innovation Award 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Award 2020 Employer of Choice Winner – Australasian Lawyer
  • 2020 Financial Times Award 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year Award 2021 Law Firm of the Year - Australasian Law Awards
  • 2022 Law Firm of the Year Winner 2022 Law Firm of the Year - Australasian Law Awards