While people are an organisation’s best asset, they can also be a major security vulnerability. In the 2020-21 financial year, an estimated $33 billion was lost to cybercrime in Australia. This isn’t exactly small change. A large proportion of these scam victims have been small businesses, with millions reported to have been paid to ransomware gangs.
One of the most worrying incidents was when hackers infiltrated the global IT management and security company Kaseya. Encrypting sensitive data, their attackers demanded US$70 million. They do not discriminate, so there is no such thing as being too vigilant when it comes to cybercrime. Here’s a quick refresher on how you and your employees can improve your IT security and better protect your data.
1. Activate multi-factor authentication
We know. It can be time-consuming getting that extra security code or token sent to your mobile, but more independent credentials mean more barriers and less chance of an infrastructure breach. Multi-factor authentication (MFA) is a layered defence strategy which means that even if one factor is compromised, there is still a barrier in place to stop the cybercriminal from accessing devices, networks and databases. MFA could be a password and a pin or fingerprint scan, one-time passcode login or an additional security question.
2. Yes. You still need strong passwords.
It just takes one weak password to compromise an entire enterprise. Every year, data is published on the most used passwords and every year, the results are concerning. The word ‘password’ continues to top the list, as do basic number sequences such as 12345. While there has been a lot of debate on passwords and their relevance, strong passwords remain a proven defence system. When choosing a strong password, leave your personal life aside. Hackers may be looking for pet names, children’s names, band names, football teams or other information on your social media profiles. Always use obscure words and phrases with upper and lower case, special characters and numbers.
3. Know all signs of phishing
Email scams have reached a new point of sophistication. While most people are clued into the ‘Nigerian prince’ emails promising riches, attacks are often more likely to come from scammers that are impersonating a source you would otherwise trust. Our IT security team has put together a list of easy ways to spot a fake:
Check the from address – The name displayed in the “from” box may not be the actual sender.
Practice zero trust – Sophisticated hackers can pose as internal contacts, so when in doubt, double-check with the sender using a different communication method.
Don’t click suspicious links – If someone has sent you a web address that is not easily recognisable or is not relevant, don’t go there. Also, be wary if an email sends you to a website asking for a login as this is how scammers harvest details.
Generic salutations – Phrases like ‘valued customer’ or ‘valued client’ are usually suspect.
Spelling or grammar mistakes – If something seems off, trust your instinct.
Information requests – If you’ve been asked to share sensitive information via email, give the sender a call to double-check.
Urgent action required – If you’re being threatened to take action or reap the consequences, alert your IT department or security provider.
Imitation domains – Malicious emails will try and fool you by using a domain that is close, but not quite exact, in order to get you to click such as ev0logic.com.au.
Odd attachment files – If you don’t recognise the type of file as standard (such as a .jpeg .doc or .pdf) and the file extension name looks odd, don’t download it.
4. Be software download cautious
Free software downloads can cost you a lot of money if they aren’t safe. The internet is filled with sites that offer free versions of various programs, but such downloads can often contain spyware, trojans, worms, viruses and other types of malware. Just because the software download is from a supposedly trusted brand doesn’t mean it is valid or free from viruses. To veto unsafe downloads, application requests should be made through the IT department, or you can offer download protocols that employees must follow. Downloads should also be subject to anti-virus and spyware detectors.
5. Accept application updates
It just takes a few minutes. We know it can be inconvenient, but constantly hitting that ignore button could be exposing you to risk. Maintaining software updates keeps your security at the highest possible level. Hackers know the weak spots of software that has expired or is out of date, so regularly updating allows these weak spots to be patched over and keeps hackers at bay. If you’re not sure what programs need updating, get your IT advisor to check for you. If major updates are going to take several hours, you can auto-schedule them to run overnight and minimise downtime.
6. Consider using a VPN
Virtual Private Networks (VPNs) are being employed more regularly for remote workers. For workers that travel and may need to access location-based public WiFi, a VPN may be useful to encrypt and secure the exchange of data. Without encryption, any information sent over a public Wi-Fi network could be visible to other connected devices. VPNs are offered as an add-on by most anti-virus software providers. Your IT advisor should be able to set you up with a safe VPN to use when you are working from remote locations.
7. Pick up the phone
We have a tendency to rely on email for a lot of our internal and external communications. If there is something particularly sensitive that needs to be discussed, an old-fashioned phone call will keep cybercriminals out of the equation. While chatting over the phone is safer than sending the information via email, just make sure you have the conversation somewhere private. By the same token, don’t send any sensitive data via SMS. Even if the recipient has a passcode on their phone, it could come up as a visual notification on the screen while the phone is unattended.
Trust your IT security to Evologic
Evologic can help you identify what cyber security risks are unique to your business, then develop and implement a custom solution to protect your network and data. To chat with Geelong’s most trusted Managed IT services team, contact us here or call 1800 887 778.