To protect your business from Cyber villains you need to prepare for the Battle. Create a strong Cyber Forcefield by Implementing the following Cyber Security Procedures.
Clear out employees’ doubts by educating them and yourself.
The idea that technology can prevent all cyber-related incidents has never been further from the truth because cybercriminals know the easiest way in is through your humans. Security leaders must understand that there is no such thing as a perfect, fool-proof, impenetrable secure environment. Many organizations fall into the trap of trying to use technology as the only means of defending their networks and forget that the power of human awareness and intervention is paramount in arriving at a highly secured state
Employee Education is the easiest – and usually cheapest – IT security to implement: Training and educating your employees, no matter what size of your business, should be one of your top priorities.
The Office of the Australian Information Center shared in its Notifiable Data Breaches Scheme July – December 2020 stating that the “Human factor dominates latest data breach statistics.” Australian Information Commissioner and Privacy Commissioner Angelene Falk said 38% of all data breaches notified during the period were attributed to human error and added that “organizations need to reduce the risk of a data breach by addressing human error—for example, by prioritizing training staff on secure information handling practices.
Anyone with a computer knows that antivirus software is just as essential as a keyboard and mouse. There’s just too much personal information on your computer these days to risk even a day without it.
Viruses, spyware and other malicious software or malicious code (malware) can stop your computer working properly, delete or corrupt your files, steal information, or allow others to access your computer and your personal or business information.
Your computer can be infected by malware in a number of ways, including:
Antivirus protection works in the background while your other applications are running. Whenever you download and open a file or program your antivirus software is scanning it for any malware. It protects your computer.
Depending on the size of your network, whether you have remote workers or have a need for centralised security controls, you may need Endpoint security rather than Anti-virus software. Endpoint security aims to protect IT infrastructure as a whole rather than just one endpoint.
In the world of information technology (IT) , an endpoint is any device( be it a laptop, phone, tablet,.or server) connected to a secure business network. When you connect to a network, you are creating a new endpoint.
You’ve probably heard that strong passwords are critical to online security. The truth is passwords are important in keeping hackers out of your data! But according to the FBI, using paraphrases are far more secure than passwords. The FBI recommends your organisation should:
A passphrase is similar to a password. It is used to verify access to a computer system, program or service. Use passphrases for all fixed and mobile devices.
When setting up a passphrase, ensure they ae unique and not a famous lyric or phrase, and long, at least 15 characters.
Villains us sophisticated programs such as Brute Force Attacks and Dictionary Attacks- both generate millions of password/passphrase attempts per second- to crack passwords.
Passphrases will significantly increase security across all of your business’ devices. See below for a comparison of password vs passphrase security and the time and cost it would take for a Cyber Villain to break in.
|Password /Paraphrase||Time to Crack||Easy to Remember||Comments|
|Brute Force Attack||Dictionary Attack|
|password123||Instantly Less than AU$0.01||Instantly Less than AU$0.01||Very Easy (too easy)||One of the most commonly used passwords on the planet.|
|Spaghetti95!||48 hours AU$587.50||Less than half an hour AU$6.10||Easy||Some complexity in the most common areas, and very short length. Easy to remember, but easy to crack.|
|5paghetti!95||24 hours AU$293.70||Less than 1 hour AU$12.20||Somewhat Easy||Not much more complexity than above with character substitution, and still short length. Easy to remember, but easy to crack.|
|A&d8J+1!||2.5 hours AU$30.60||2.5 hours AU$30.60||Very Difficult||Mildly complex, but shorter than the above passwords. Hard to remember, easy to crack (against BFA).|
|I don’t like pineapple on my pizza!||More than 1 Year More than AU$107,222.40||More than 40 days More than AU$11,750.40||Easy||Excellent character length (35 characters). Complexity is naturally high given the apostrophe, exclamation mark and use of spaces. Very easy to remember, and very difficult to crack.|
Multi factor authentication is a security measure that requires two or more proofs of identity to grant you access.
Multi-factor authentication (MFA) typically requires a combination of something the user knows (pin, secret question), physically possesses (card, token) or inherently possesses (finger print, retina).
The multiple layers make it much harder for criminals to attack your business. Criminals might manage to steal one proof of identity e.g. PIN, but they still need to obtain and use the other proofs of identity. Two-factor authentication (2FA) is the most common type of MFA.
How many times you seen a software update pop up on your computer or phone and you have chosen to ignore it or hit the remind me later button?
Ransomware attacks continue to be a major attack vector for both businesses and consumers. One of the most important cyber security tips to mitigate ransomware is patching outdated software, both operating system, and applications. This helps remove critical vulnerabilities that hackers use to access your devices.
Don’t use a public Wi-Fi without using a Virtual Private Network (VPN). By using a VPN, the traffic between your device and the VPN server is encrypted. This means it’s much more difficult for a cybercriminal to obtain access to your data on your device. Use your cell network if you don’t have a VPN when security is important.
A VPN, or virtual private network, is a secure and private network connection through the public internet. VPN services protect your personal data, hide your IP address when you use the internet, and let you bypass censorship, content blocks, and website restrictions
Virtual Private Network (VPN) connections can be an effective means of providing remote access to a network; however, VPN connections can be abused by an adversary to gain access to a network without relying on malware and covert communication channels.
User accounts for VPN connections should be separate from standard user accounts. This will limit the activities that can be performed by an adversary should a VPN user account be compromised.
Further, the permissions applied to VPN user accounts should be restricted to each user’s required level of access. This will minimise the severity of a successful compromise. VPN user accounts with minimum permissions, that can only perform basic operations on a network, will also impede the ability of an adversary to gain a foothold on a network.
Finally, access to applications, servers and shared resources on a network should only be granted where necessary for users to perform their duties. For example, if a user only needs access to email services, they should be denied access to file servers.
Companies should provide a guest WiFi network that is separate from their private network infrastructure. Hackers can penetrate a victim’s computer without their knowledge and then pivot to other information systems. Ensuring that only computers and devices approved by a company’s information security personnel have access to the private network will make it more difficult for attackers to penetrate that barrier.
Regularly backup the data on your personal computer, phone or tablet to the cloud or to external hard drives. This will protect you from data loss from hardware failures, breakage, theft, or malware infection like ransomware.
Setting up automatic updates and restoring your file:
If you do not have automatic updates Daily backups are recommended or weekly at a minimum.
According to McAfee Labs, your mobile device is now a target to more than 1.5 million new incidents of mobile malware.
Here are some quick tips for mobile device security:
“A cyber policy is part of every successful business’s risk management framework. Cyber insurance is not the first line of defence; it is designed to protect a business when its IT security, policies and procedures fail to stop an attack,”
Every business that has a website or electronic records is vulnerable to cybercrime or an accidental data breach – and the consequences of a cyber-incident can be very costly.
Depending on the situation, you may be up for the cost of ransoms or IT solutions to unlock and repair your systems. You could also be liable for the costs of reporting the breach, legal claims, and remediating any losses suffered by your customers or clients.
Remember, a cyber attack or data breach may cost your business more than just money. It could threaten your intellectual property, put your customers’ personal information at risk and cause major damage to the reputation of your company.
When sharing files with friends and colleagues using the internet, email, CDs or memory sticks, activate your security software (firewall and anti-virus) and scan files to make sure they are not infected.
Do not assume that because a file was sent or given to you by someone you know, it is safe. Plugging in a removable device can infect your computer if it is not protected.
HINTS & TIPS
When sending and receiving files via email, remember the following:
When sending and receiving files via email, remember the following:
Wipe out admin privilege to users who don’t need them
That means you must revoke the rights of those who don’t need them. When more people have access to company data but are not knowledgeable about information security, this means a higher risk of data and security breaches for your business. Limit the number of users with administrative privileges. The rule is: don’t be generous, ask the real need for the user’s everyday work. Don’t give security shortcuts.
What is a standard user account or administrator account?
A standard user account is a user that has partial control of the computer and often cannot make changes to other users on the computer. A standard user account should be used for everyday home tasks, such as editing photos and browsing the web.
Administrator accounts are the ‘keys to the kingdom’, as they give a user full control of the computer. Cybercriminals will target administrator accounts in order to take full control of a user’s computer. By not using an administrator account for everyday use you will help limit what a virus or exploit can access if your computer becomes infected.
The daily use of an administrator account on a computer can be likened to a caretaker using an apartment block master key to enter their own apartment, instead of the dedicated apartment key. Whilst the apartment and master key achieve the same purpose for the caretaker (and might seem convenient for their day job), carrying a master key all the time opens up the caretaker to a greater risk of compromise
Depending on the nature of your business, the principle of least privilege is the safest approach for most small businesses. It gives users the bare minimum permissions they need to perform their work. This also reduces the risk of an ‘insider’ accidentally or maliciously endangering your business.
While a large majority of companies now permit employees to use their own devices for work, they have concerns over security and privacy. What can be scarier is that some organizations are extending the BYOD (bring your own device) practice to contractors, partners, customers, and even suppliers. Security concerns are the main barrier to BYOD. The main worry is data leakage, followed by unauthorized access to data and an inability to control uploads and downloads.
Why your business needs protection
Hacking, phishing, and malware incidents are becoming the number one cause of security breaches today. But, what’s more troubling, these hacking attempts are the result of human errors in some way. Education and awareness are critically important in the fight against cybercriminal activity and preventing security breaches.
91% of all cyber attacks begin with Human Error.
(Deloitte report 9/1/2020)