Remaining
Cyber Vigilant
Meet the industry specialist entrusted with protecting your digital transactions and privacy.
Glen Gooding
ELEPAY CYBER SECURITY STRATEGIC ADVISOR
Manage Vulnerabilities & Protect Yourself
If you recall, in late October 2022, in the aftermath of the well-publicised Optus breach, another equally as damning event occurred with Medibank. This was a time when the broader Australian public was exposed to how many cyber breaches are regularly occurring.
For those of us in the industry, it is almost a daily occurrence at worst, weekly at best that we see cyber attacks threaten the livelihood of many organisations and more importantly, place the data (our data) of these companies' customers in the hands of attackers. Given the size of these breaches and the brand recognition of these organisations, the Home Affairs Minister, Clare O’Neil became the figurehead leading the narrative on how to react in light of these events.
One of her key messages was to remain vigilant. I believe we all recognise the definition of vigilant, but what does this mean in the context of understanding the nuances of how a cyber attack transpires. For the IT pundits among us, it means a heightened awareness of managing the vulnerabilities, knowing where our critical assets are, adhering to threat intel advisories and patching your applications and systems.
For the end user, there are a number of simple tasks that you can do to protect yourself and your company's data online.
Phishing Awareness &
Multi Factor Authentication
First and foremost be aware and current when responding to emails, texts and voice messages. Everyone is familiar with scams. These days they come in the form of phishing, smishing and vishing, essentially well-crafted messages that encourage you to click on a link in order for you to either download malware or enter your user credentials (your username and password).
Our adversaries are getting more crafty with the format of these messages, so I would advise that you read and check the entire message fully before clicking on the ‘track my shipment’ button or entering your details on the (fake) ATO site.
If you believe there is a bogus message, I recommend going back to previous communications usually in the form of an email and track your shipment from the real website, and in the ATO case, go directly to the ATO website from your browser.
* There is an Australian Government website that tests your ability to detect scam messages, link below.
The next item is based on how you manage your user credentials. Start with choosing strong passwords; most are familiar with password restrictions that must have upper case, lower case, a number and a special character, etc. I take it a little further and create a passphrase, such as Ittakesalottobesecure and mix in some different characters to come up with It@kesal0ttobe$ecure?
Most browsers will allow you to save these complex passwords, which are protected with a master password, which allows you only to have to remember the one master password, not all the ones you create for the masses of websites you visit. A couple of other additions to this, never use the same password on different websites and regularly change your passwords on your high-priority accounts, like banking, super, email, and phone providers (Apple/Google).
And if you feel you may have been sucked in by a phishing email, you should change those passwords immediately. At the same time checking there is no dubious activity with those accounts. This can be a lot of work, remembering, updating and changing all these account details, so installing a password manager may also alleviate some of that pain; much like browsers storing your credentials, a password manager will store all of your credentials used in the browser as well as other applications like email clients, and can be synced across your laptop and your mobile devices.
Leaving you only one really complex password to unlock, the password manager and it can then handle the regular updates and changing of passwords and can even create complex passwords for you. Multifactor authentication (MFA) is another must-have and I discuss this in a later blog; put simply, if your application or web provider allows for MFA, then use it!
I will finish up with two final areas of vigilance, which are also topics in upcoming articles. One is patching and system updates, and the other is backups. In short, when your system, whether it be a laptop or desktop computer running Windows, Linux or MacOS, do not put off installing the patches and getting your system updated to the latest version. The same goes for your mobile devices. Finally, backups are a must. If your files are damaged or encrypted and held for ransom, your backups are your saviour. The big secret here is to regularly test that you can restore your backups.
Remaining vigilant in identifying potential scams, keeping your credentials regularly refreshed and complex, patching and running regular backups will allow you to protect yourself, your company, and your customers from the threat of possible cyber attack.
*The Australian Cyber Security Centre (ACSC) has a good description on how to spot scams. Search for ‘acsc spotting scams’ will take you to their site. Link here as well https://www.cyber.gov.au/protect-yourself/spotting-scams. Take the quiz to see how you go.
Cyber Security 10 Part Series
The subject topics will sometimes take on a business aspect, at other times a personal viewpoint, and in some cases, both will be covered.
Feel at ease to comment or even call for a confidential discussion about what security concerns you are facing.
PART 1
Introduction
PART 2
Remaining
Cyber Vigilant
PART 3
Understanding the Threat Landscape
PART 4
Strong Passwords and Multi Factor Authentication
PART 5
Avoid Using
‘Free Wifi’
PART 6
VPN – Should I Install?
PART 7
Importance of Employee Training
PART 8
Implementing Robust Password Policies
PART 9
Regular Software Updates and Patch Management
PART 10
Backing Up Essential Data