Cybersecurity; the online battle gaining increased notoriety across the globe.
In the recently published Australian Cyber Security Centre’s (ACSC) Annual Cyber Threat Report, numbers show Australian businesses and individuals report a cyber-crime every 10 minutes.1
These numbers are indicative of Prime Minister Scott Morrison’s prudent warning to all Australians back in June, where he called a press conference to publicly acknowledge Australia had been the target of a highly sophisticated state-based attack.
This was quickly followed by a government announcement foreshadowing an extra $1.35 billion in cybersecurity spending over the next 10 years.2
In light of these recent developments and new numbers highlighting that cyber-crime now equates for 31 percent of all economic crime,3 we thought it pertinent to highlight three of the most prevalent security threats doing the rounds, and how you can mitigate them to keep your business and customer data secure.
What is it? As the name would suggest, phishing is a method deployed by cyber actors in an attempt to bait victims into divulging confidential information. According to the ACSC it is the ‘most prevalent’ threat vector targeting Australian organisations.4 What makes phishing scams so prominent is their highly sophisticated nature. Sent through email, SMS, phone call and social media instant messaging apps, phishing scams often appear legitimate from a reputable source such as a bank, insurance company, telco, or government agency. They use the same logos and branding and will prompt the victim to enter their login details to confirm their identity or reset password. But once the details have been entered, they’re gone, and in the hands of entities or individuals that will then use those details to cause further harm across other accounts.
What can you do?
- Educate your staff on what phishing scams are and how to identify potential phishing attempts
- Implement multi-factor authentication so if an employee’s credentials are compromised, their data is still secure
- Leverage email filtering tools to thwart potential threats
- Leverage devices with hardware-embedded security tools that work to protect against such threats
What is it? Just like phishing, there is a clue to be found in the name ransomware. A particular form of malicious software (malware), it infiltrates an organisations network or computer systems and encrypting all connected devices and storage systems, leaving them unreachable. From here, the agent or entity responsible for the attack will then demand a ransom be paid in return for the decryption keys, typically via untraceable crypto currencies. Until the ransom is paid, depending on the nature and context of the encrypted data, the organisation may very well be unable to continue operations.
What can you do?
- Best-practice ransomware mitigation involves having a defined and secure backup policy in place. If you have backups of all your sensitive data held securely off-site, you can quickly pivot to that dataset, get back up and running and avoid paying the ransom.
- Much like phishing, the same protocols and security measures apply here as well.
- Implement a security-first approach across your organisation. With every new purchase or addition to your IT ecosystem, security should be one of the first and biggest considerations.
What do you mean? Although it may seem trivial, when it comes to cybersecurity you really are only as strong as your weakest link. There’s a range of metaphors that we could use to paint the picture, but let’s say you’ve got a mischievous dog who likes to go adventuring so you invest significant money in a top of the line fencing system to keep them safely in the yard. But, you repeatedly forget to lock the system correctly when you leave, essentially rendering the system irrelevant.
Cybersecurity is the same thing. You can invest all the money in the world on elite, sophisticated security hardware and software, but if you don’t educate your team on the role they need to play, the technology won’t stop you from being attacked. Being cyber secure requires a team effort in the truest sense.
What can you do?
- Instill a business-wide security culture from the top-down
- Educate staff on the importance of being cyber aware, and how to identify potential threats and follow correct internet practices
- Implement two factor authentication and correct password management (no two passwords should be the same)
- Regularly run education sessions to refresh the importance of all these practices and highlight any new or differing threats that may be emerging.
At Landmark Computers, we are strongly recognised as one of Australia’s best-in-class IT procurement specialists, providing the right tools for the right jobs. And we’re proud to announce that we now offer managed services in addition to our procurement capabilities.
If you’re struggling to educate your staff on best-practice risk mitigation, lack the necessary resources to maintain security practices, or need advice on identifying the right technology for your staff, please don’t hesitate to get in touch with Melbourne’s most trusted IT store since 1994.