Cybersecurity Archives | Page 2 of 3

It is a common understanding that passwords are supposed to protect our accounts. But how much does your designated password protect you and your information? If the bad guys come hacking into your personal and corporate accounts one day, how sure are you that it’s going to be a tough job for them? Let us help you assess how easy it is for a hacker to take a quick guess of your password.

Your password is your first line of defense from wrong doers in the digital world. And yet, it is something that we often overlook and take for granted. When was the last time you spent a dedicated amount of time to think about what password to use for your new account? We often just use a single password across all of our accounts to save us the time and effort. Am I right? This is a definite no-no! Using a single password for all accounts is just making a hacker’s job much easier. So what is the best way to manage passwords and protect your accounts?

In order to plan for an effective account protection strategy, let’s start with a rundown on how hackers guess passwords:

1. Wild guess

Although you can’t really call it ‘wild.’ These hackers are trained to squeeze the juice out of your public information just to get a list of sophisticated guesses to your password. They use sophisticated programs and procedures to ultimately catch that one ticket into your personal data.

2. Shoulder Surfing

Sadly there are lurkers who discreetly stick their heads out from behind your shoulder as you type in your password, prying on what you type and browse. Don’t underestimate them – always be cautious of who can see your information in your surroundings.

3. Dictionary-based attacks

There are some hackers who are so hard working that they would endure matching your personal data with every word in the dictionary. Yes, they exist. They would browse through every possible word to partner with, for example, your birth month, in order to guess your passwords.

4. Phishing

Be careful of strange emails that you find in your inbox – this might be a phishing attack. They might be schemes sent by scammers who are trying to lure you into clicking and opening malicious files that intend to steal your personal information. As of October 2018, phishing activities has already cost victims $47,676 of loss this year (source: scamwatch.gov.au). So beware of being tricked into opening an email about winning a brand new car and clicking on links.

5. Brute-force Attack

As the label implies, it’s a pretty vicious attack on your accounts. All the hacking techniques mentioned above are used on your account to track your keystroke and eventually get whatever important data can be stolen from you.

Knowing these hacking strategies and your current password choices, can you confidently say that your accounts are safe? Now that you already have an idea how cyber criminals do it, here are some ways on how you can minimise your risks:

Password Security Tips

1. Create a password with at least 8 characters.

I know people will usually recommend starting at 6 but, it wouldn’t hurt to add in two more characters if it means increasing your security because nowadays, the longer your passcode is, the more time a hacker needs to spend cracking their way into your account.

2. Make use of a variety of lowercase and uppercase letters, numbers and special characters.

To make it harder to track and follow your keystrokes, you might want to utilise as much letters and characters as you can.

3. Never use your personal data in your password. Remember how hackers can ‘guess’ well?

Remember that most of the time, the people who are trying to hack their way into your account already know enough about you. Don’t use a word or phrase that can be obviously related to you.

4. It’s better if you don’t use real words.

What I mean by this is that you can use words that are hard to “guess” and identify. Maybe use that one phrase you came up with in primary school that nobody understood.

5. Make random patterns that hackers will have a hard time following.

Hackers can track your keystrokes in order to decipher which letters or characters you are constantly using. Making your password random can help minimise the risk of getting your usual password input tracked and followed by cyber criminals.

You can also have a look at an infographic of an anatomy of a secure account to have a more comprehensive view of how you should be securing your accounts.

Don’t take your password for granted and take the easy way out, rather than thinking of a good one. And if you’re like me who tends to forget anything (and everything), including passwords, there are tons of useful tools and apps that you can use to store your precious security passcodes.

Here are some of the more well known password management programs.

1. LastPass

One of the top on the list of best password managers. It features advanced hashing that provides a secure haven for your passwords. It runs across a wide range of operating systems and is free of charge unless you want to buy Premium subscription. Having the free version is not bad at all with 2 Factor Authentication feature and a robust password generator.

2. Dashlane

Aside from keeping your password safe. Dashlane also has a feature called digital wallet where you can safely manage your credit card information so you can securely make online purchases. It also allows you to sync your data to the cloud so you can access your passwords wherever.

3. Sticky Password

It is one of the most user-friendly password applications in the market. It may look a little outdated but works as well as the other ones already mentioned. It provides secure management for an unlimited number of passwords. It is free of charge unless you upgrade to premium then you can sync your data into different devices.

4. bitwarden

It is an open source software (which means it’s free!) that features 2-Factor Authentication, end-to-end encryption and enables syncing to multiple devices without limits. It also boasts a password generator and runs through multiple operating systems.

At Grassroots IT, we recommend the BEST way to protect your accounts is using Multi Factor Authentication (MFA). So that even if the hackers guess your passwords, they still need a real-time authenticator to get into your accounts. Read more about that over here.

It can be easy to overlook such a thing as your account passwords but we really do live so much of our lives online these days, that it’s become increasingly important to be vigilant about protecting our personal information and corporate data. If you need any help setting up some additional security for your personal accounts, don’t hesitate to make a time with us.

Back to more news, updates and resources or learn more about Cybersecurity

CEO’s play a vital role in protecting their business from cybersecurity attack, however for many CEO’s, the world of cybersecurity leaves them feeling confused and vulnerable. This is perfectly understandable given the complex and rapidly changing nature of security threats facing all organisations. So how does a CEO properly secure their business? The good news is that there is no need to become a cybersecurity expert! Here are our top 5 cybersecurity tips for CEOs to help their organisation stay safe from online attacks.

#1. Get board level buy-in for cybersecurity

In the past, cybersecurity was a technical IT responsibility. However, cybersecurity has been developing more into a business driver rather than a technology issue for some time. That’s why it’s important to ensure board level buy-in and support.

The main ways that CEOs can gain buy-in from their board are:

Quantifying the company’s cyber risk based on budgets
Defining a clear return on investment (ROI)

#2. Have a cybersecurity plan in place

A cybersecurity plan is something every staff member, at every level, must be aware of. This means that if a breach occurs, everyone knows what to do.

A cybersecurity plan should include:

Security policies, procedures, and controls required to protect the company
An outline of the specific steps to take to respond to a breach

This plan can also be called a ‘Crisis Management Plan’, which you can learn more about in our blog ‘5 questions board members need to ask’.

#3. Don’t skimp on your cybersecurity budget

Cybersecurity is not a one-size-fits-all kind of investment. Many companies – especially SMEs, Non Profit organisations and start-ups – struggle to make the right security choices. Yet choosing cheaper options will end up costing more in the long term.

Cybersecurity is more than just having anti-virus software in place. The best cybersecurity measures are outlined in the Essential Eight Framework, as identified by the Australia Cyber Security Centre.

Essentially, your cybersecurity needs to cover:

Prevention/protection from an attack – aimed at preventing malware delivery and the execution of malicious code
Limiting the extent of an attack – aimed at limiting how far an intruder can get
Data recovery & system availability – aimed at restoring your data and systems if an attack occurs

#4. Expect to be breached

The chance of experiencing a ransomware breach in today’s world is high, so it’s important to quickly identify when an attack has occurred. The sooner a breach has been identified, the better!

The main things for a CEO to understand are:

How the company monitors ransomware attacks or breaches
How staff report any suspicious activity
How a breach is communicated to the rest of the company

#5. Create a culture of awareness

All company departments and employees should be involved in protecting the company’s valuable and sensitive data. Crafting a culture where all employees see themselves as having an active cybersecurity role is the key to addressing an inevitable ransomware attack. It’s important that this culture starts at the top with the CEO.

Three ways to help create this desired culture are:

Create a cybersecurity plan that is well known, and referred to often
Launch cybersecurity awareness & education initiatives for employees along with regular and ongoing training sessions
Emphasise the importance of cybersecurity in all mass-communications with staff

Understanding ransomware and what to do when it occurs is the job of a CEO. By implementing the above 5 cybersecurity tips for CEOs, you will be well on your way to properly protect yourself from a ransomware attack, and ensure your company isn’t tomorrow’s news!

Why should board members be concerned about cybersecurity?

A cybersecurity breach can be extremely disruptive and expensive, potentially resulting in significant downtime and lost productivity, permanent loss or public exposure of confidential information, reputational damage and direct financial loss. The potential impact of a security breach could be devastating or potentially fatal to any organisation. That’s why cybersecurity should have oversight at the highest level.
A robust cybersecurity strategy will also call on resources from across the organisation, including finance, human resources, IT, and operations. To gather this appropriate support and commitment from across the organisation requires a suitably senior authority to champion the cause.

Here are the 5 cybersecurity questions board members need to ask.

#1. What measures are in place to protect the organisation from cyberattack?

Although board members don’t need to have a deep technical knowledge of the organisation’s cybersecurity defences, some understanding of the systems that are in place is important. Equally critical is an understanding of how these systems are resourced and managed on an ongoing basis, as well as how the board will be kept informed.

Cybersecurity is not a “once-and-done” proposition; it’s one that must be actively managed. Are your security measures current and always evolving to keep up with new and more sophisticated threats? Are they being audited regularly to identify gaps and ensure compliance with established standards? Are your systems proactively tested, such as with mock attack scenarios and penetration testing?

#2. How do board members know if a cybersecurity breach has occurred?

In the event of a successful cybersecurity attack against your organisation, a rapid response is critically important to limit the extent of the attack and minimise the potential impact. The longer a successful attack is allowed to remain in place, the further it may spread and the more complex and expensive it may become to resolve.

As a board member you should satisfy yourself that any security breach will be rapidly identified and responded to. Ask:

How does the company monitor for cyberattacks and breaches?
Are staff appropriately trained to identify and respond to attacks quickly?
How do staff report any suspicious activity?

#3. How do we respond in the event of a cybersecurity breach?

Instead of considering how your organisation will respond if a breach occurs, think instead in terms of responding when a breach occurs. Assume that a breach will occur and plan accordingly by having an incident response plan in place.

At a basic level, a cybersecurity incident response plan should include:

Formation of an emergency cybersecurity incident response team to manage the incident response.
Definitions of what a cybersecurity incident is (and isn’t).
An incident response management flowchart to help employees understand the steps to be followed during a cyberattack.
Cybersecurity incident response communication templates to help with timely companywide communications for the more severe security breaches.
An emergency contact list and communications plan to keep internal and external stakeholders informed and coordinated.

#4. Are response plans in place and tested?

When you’re thinking about how the organisation will respond in the event of a security breach, there are three plans of critical importance. Satisfy yourself that all three plans are in place, and are reviewed and tested on a regular basis.

Backup plan

In many cases, when recovering from a security breach the organisation may need to recover lost or damaged data from backup. The backup plan should detail how the organisation backs up important data, and how often? What is included in the backups? How often are the backups tested? How secure are the backups if a security breach occurs?

Disaster recovery plan

A disaster recovery plan details how the organisation will recover from a disaster, such as a security incident. Disaster recovery will often rely on the backup plan, but will also consider how the backups are to be used, what order systems are to be recovered in, how long recovery efforts may take, and what additional resources may be required, such as new data centre equipment or cloud tenants.

Business continuity plan

A security breach may result in significant disruption to business operations, with key systems rendered useless. A business continuity plan should address how the business may keep operating (even at reduced capacity) while the security incident is addressed and business systems recovered to an operational state.

#5. Will we be covered by cyber-insurance?

Cyber insurance can help not only with the immediate response to an incident, but also with immediate and longer-term recovery efforts. Ensure you understand the scope and limitations of cyber insurance policies, that sufficient coverage is in place, and satisfy yourself that all policy obligations are being met by your organisation to ensure any claims are not denied. Cyber insurance may cover:

Loss of revenue due to interrupted business
Hiring negotiators
Paying a ransom
Recovering or replacing your data
Legal claims
Investigation by a government regulator
Copyright infringement
Misuse of intellectual property online
Crisis management and monitoring

It’s no secret that, as we become more and more dependent on technology to run our businesses and become reliant on internet-connected devices, both for our personal and professional lives, we also become more vulnerable to cyber threats. US$2.9 billion is lost to cybercrime each minute and, as at 2020, the average cost of a data breach was a staggering US$3.86 million. However, there are some cybersecurity essentials that we can put in place, ranging from simple to more complex, in order to protect ourselves and our businesses from cyber attacks.

#1. Turn on MFA everywhere you can

This is one of the simplest, but most effective cybersecurity essential strategies. It’s usually free, if not very cheap and easy to activate. Most applications (including Microsoft 365 and social media apps like Instagram and Facebook) have now adopted Multi Factor Authentication (MFA or 2FA) methods that you can activate by doing a quick look at your account settings.

This adds another layer of security (besides your username and password) to your accounts, requiring a real-time password before allowing entry to your account, making it far more difficult to penetrate and access your data. There are different methods depending on which app you’re using but the most common ones would be via a unique One-Time-Code sent through text, email or a code generator app like Google Authenticator.

#2. Implement the right cybersecurity strategy for your business

These days, no business is “too small” to put adequate cybersecurity defenses in place. All businesses who access the internet need a cybersecurity strategy, including endpoint security protection and management, network firewall management and security monitoring and alerting. Cybersecurity is more than just anti-virus software. If you aren’t sure what your business requires when it comes to cybersecurity, consult an expert and ensure you have the best strategy in place for your business.

#3. Promote a Cyber-secure company culture

Unfortunately many cyber attacks occur because of human error – when someone clicks on a malicious link or opens a suspicious email. Make sure that cybersecurity is a regular topic of conversation between your staff. Promote the importance of a positive cybersecurity stance in your business and make sure that everyone is following the trend. Welcome ideas about how you can better improve your cybersecurity measures and keep an active discussion around it.

Empower your staff with better knowledge of cybersecurity, its risks and effect on the business by conducting cybersecurity training – either internally or by hiring a knowledgeable cybersecurity expert to conduct the training. Making sure that everyone in your organisation is equipped with proper knowledge of cybersecurity best practices could save you from the otherwise dreadful consequences.

#4. Protect your Business with Cyber-insurance

Although cybersecurity defences can physically protect your business from cybersecurity risks, having an incident response plan and insurance coverage could literally save your business from going under if the worst case scenario happens. It’s important to consult an insurance broker to source the best protection for your business, as coverage can change from policy to policy, but most cyber-insurance will cover your business in the event of:

Business interruption loss due to a network security failure or cyberattack.
Data loss and restoration
Incident response and investigation costs
Delay, disruption, and acceleration costs from event/s causing business interruption
Crisis communications and reputational mitigation expenses
Liability arising from failure to maintain confidentiality of data
Liability arising from unauthorised use of your network
Network or data extortion / blackmail (where insurable)
Online media liability
Expenses relating to regulatory investigations

Cybersecurity can often be put in the “too hard basket”, especially by smaller businesses who don’t perceive their risk to be very high. But when we are so connected to the internet through so many devices these days, we cannot afford to become complacent. Ensure you have all the cybersecurity fundamentals covered for your business in order to stay safe from cyberattacks.

Microsoft 365 has many security features and capabilities built in, however with a few simple steps you can improve your Microsoft 365 security and greatly increase your cybersecurity stance with some easy changes to system configuration and business practices.

#1. Enable Multi-Factor Authentication

Multi-Factor Authentication is by far one of the most effective ways to improve Microsoft 365 security and protect accounts from being hacked. When you have multi-factor authentication in place, your employees will be required to enter in a unique, constantly changing code along with their usual username and password in order to log on to their Microsoft 365 account. Even better, Microsoft 365 has some super clever features that mean you will not be constantly prompted for this code if you are connecting from a trusted location or device.

Using Multi-Factor Authentication ensures that your valuable data doesn’t get compromised should your employees use easy-to-guess passwords or leave the password written down out in the open. While it’s important to use strong passwords, this second step ensures that a malicious party won’t be able to gain access as they would need the employee’s phone as well.

#2. Use dedicated admin accounts

Your admin accounts come with elevated privileges, options, and security features. The people who use these accounts can grant rights to other users, install software, and more. This makes them a prime target for cybercriminals and hackers. Each administrator should have their own account, and they should have a separate user account for non-admin tasks.

Every admin account should have multi-factor authentication equipped. You should also routinely monitor these admin accounts to ensure they’re not granting unauthorised privileges to users who don’t need them because this increases your security risks. When an admin leaves the business, immediately shut down their admin account so they can’t use it against the business.

#3. Educate your staff to be cyber-safe

The Harvard Kennedy School has an excellent handbook to assist you in training your staff on cybersecurity called the Cybersecurity Campaign Handbook. This book can help you set up a culture of cybersecurity awareness that your staff can use from the moment you hire them. You’ll train your users to identify phishing attacks through their emails to keep hackers out.

Your staff should know what a strong password is, and how to set them up, how to protect their devices and how to enable security features on Mac PCs and Windows 10. Giving your staff ongoing training allows them to keep up with the latest threats.

#4. Protect against ransomware attacks with mail flow rules

Ransomware is a program that restricts an infected computer’s access to data by locking the computer or encrypting the data. Once you get locked out of the computer, it usually asks for a “ransom” to extort money out of the victims. This money is typically cryptocurrency like Bitcoin, and the hackers claim they’ll give you access back to your computer once they get the money.

You can create mail flows that block any file extensions that cybercriminals commonly used for ransomware. You can either block all file types that could contain malicious code or ransomware, or you could set up a rule that warns your staff that they’re about to open an Office file attachment that has macros.

#5. Raise your malware protection levels

Malware is an umbrella term that covers many types of software that purposely damage a computer. Malware can be Trojans, viruses, spyware, ransomware, or worms. Malware is short for “malicious software,” and training your staff on avoiding it is critical.

Luckily, Microsoft 365 comes with built-in protection against this form of cyber attack. You can enhance this protection by automatically blocking file types or attachments that cybercriminals commonly use for malware.

#6. Set up Office message encryption

Encryption adds another layer of protection to any messages you send both inside and outside of your organisation. This way, if a staff member accidentally types in the wrong email and sends it to an unintended party, they can’t pass it around. The encryption lets only the intended party see the email when they open it.

You can have your staff use the “Do not forward” or the “Encrypt” prompt each time they send an email. Encryption comes built into Office 365, and it works with Yahoo!, Outlook.com, Gmail and other email providers.

#7. Disable the ability to auto-forward emails

Your emails are a vulnerable point for your organisation, especially if your staff have a habit of forwarding them. Any hacker that gains access to your staff’s inboxes can configure the inbox to automatically forward mail. When they do, they can attach Malware to the email and spread it throughout the organisation.

The first step you take is to make sure your staff aren’t forwarding emails on their own. You can set up a mail flow rule that prevents auto-forwarding emails from external senders. This way, even if a hacker does get in, they won’t be able to infect the entire system.

Your staff will routinely receive, share, and send attachments like spreadsheets and presentations. It’s very difficult to tell which attachments are safe to open and which ones are infected with malware.

Some Microsoft 365 plans come equipped with Advanced Threat Protection built-in. This suite includes ATP Safe Attachment protection. You have to enable it and set up a new rule for it. However, it can protect your staff from spreading malicious software through attachments.

#8. Defend your email from phishing

You can configure anti-phishing protection in both Office 365 or Microsoft 365. You can set up a policy to protect your custom domain and your staff. This software protects your organisation from general phishing attacks and malicious impersonation-based phishing attacks. Hackers won’t be able to send impersonation emails from any user you have listed in your custom domain.

Speak with the Office 365 security experts

Grassroots IT are the Microsoft Office 365 security experts, keeping our clients cyber safe in Brisbane and across Australia since 2005. One thing we understand about Microsoft 365 security and compliance is that unless you work with these tools every day, it can be hard to “know what you don’t know”. For that reason, we created our Microsoft 365 Security & Compliance Packs – simple, fixed-price packs to help you take advantage of all of the advanced security and compliance features in Microsoft 365, without the complication of drawn out project scoping and design. Contact us today to learn more.

Cyber-security threats and data breaches are becoming increasingly rampant, sophisticated and difficult to mitigate. Statistics from the latest Australian Cyber Security Centre Threat Report show that instances of malware attacks, data breaches, and intrusion attempts are on the rise. The challenge of ensuring cybersecurity is a global issue affecting many industries and organisations.

(more…)

Find out the difference in our new video

In years gone by, we may have thought the chance of experiencing a cybersecurity breach was pretty low but, these days, the more aware business leaders talk not about the possibility but of when a cyberattack will happen. So let’s talk about how can we take preventative action to defend our computer systems and keep the risk of an attack to a minimum.

In this digital age where almost everything can be found online and in the cloud, malicious attackers have a much wider window of opportunity to conduct their mischievous agendas. Businesses are becoming more and more familiar with cyber security breaches and the associated damage and downtime which impacts those attacked.

For the first half of 2019 alone, over forty organisations in Australia reported data breaches (source: webberinsurance.com.au) and they are just the cases officially reported. One report gathered from the quarterly statistics report of the Office of the Australian Information Commissioner (OAIC) showed a staggering ten million people affected by a single data breach incident that happened this year. On average, the OAIC received around 72 notifications of data breach reports per month from January to March 2019. That is contact information, financial details, personal identification, health information and more sensitive data being passed around the dark web unbeknownst to its users.

Many cyber security defences set up for businesses are primarily focused on protecting high profile accounts, but what is often overlooked is that cyber attacks have evolved over the years and the attackers have become more patient and strategic with their actions. Often they begin by targeting the more vulnerable and least protected profiles. From there, they penetrate upward into the organisation’s core data and before you know it, you’ve lost vital information just by leaving the backdoor open.

With the advancement in technology and the evolution of cyber attacks, cyber security is no longer optional – it is now a necessary part of building and maintaining a long-running, secure business.

First Line of Defence: Firewalls

One of the primary ways of defending our computer systems is through the use of firewalls.

What is a firewall? In order to use programs and apps that connect to the cloud, we need to be able to access the public internet from our private network. Firewalls block access to or from our private networks from unauthorized web users or illicit software while we’re connected to the Internet. A firewall may be implemented using hardware, software, or a combination of both.

Routers can provide some basic firewall services, but only offer minimal defence. As cyber criminals improve their strategies in conducting their attacks, the development and usage of firewalls has also needed to evolve. Enter the intelligent unified threat management firewall.

What is an Intelligent Firewall and how is it different from the usual firewall?

An intelligent firewall is similar to an ordinary router but it does more than basic firewalling. It works through your Internet traffic to filter, scan and look for potentially malicious activities going on in the background and sends out alerts to let you know about threats coming into your network so you can immediately diagnose the problem.

It also has the ability to enforce internal policies like preventing your staff from browsing and accessing potentially harmful or inappropriate websites at work. With the evolution of AI, some manufacturers are even using deep learning in their machines to track historical attacks to automatically prevent similar actions in the future.

How do I know if I have an intelligent firewall?

The simplest way to learn if you do have an intelligent firewall in place is to ask your IT partner.

You can also look for some of the most trusted names when it comes to intelligent firewall devices. Here are some of the vendors that are known to do an extremely great job of securing your business network through the use of intelligent firewall appliances:

Sophos

One of the top picks when it comes to endpoint protection. This award-winning vendor incorporates artificial intelligence and Endpoint Detection Response (EDR) technologies to provide a smart and reliable defence line for your network.

Meraki

Created by the leading network device manufacturer Cisco, Meraki pushes simplicity and Cisco technologies forward to provide a rich and seamless experience to newer generations. By utilising the cloud with wireless connections, Meraki promotes a more convenient approach to network management while ensuring the security of data within a wireless network.

Sonicwall

Sonicwall has a broad range of products from hardware to other services to provide effective network security, control and visibility. It also integrates deep learning to be able to prevent repetitive intrusions to the network.

Watchguard

Costs and Benefits

Having an intelligent firewall will involve more costs than relying on a basic router, but also provides significantly more protection. An intelligent firewall is more than just a physical device. With the constant evolution and increasing sophistication of cyber attacks, an intelligent firewall needs to be connected to its vendor platform to deliver the latest updates, AI rules and knowledge in order to stay ahead of the game and continuously provide you reliable security services.

Having a strong firewall protecting your network should not be considered optional in this day and age. With technology progressing so quickly and as we become more and more reliant on the internet to access our business systems, it’s imperative to have a solid layer of defence protecting your business data.

Now that you understand what an intelligent firewall is and its importance, start talking to your trusted IT partner to discuss the right firewall options for your business network. Seek the help of someone who can help you align your business goals and IT budget with your network security plan to ensure your business is well defended from cyberattacks.

This article is part of a cyber security series by Grassroots IT and The Power Up Project podcast.

Back to more news, updates and resources or learn more about Cybersecurity

What is phishing?

Phishing is a form of cyberattack whereby fake emails are sent to your staff with the intention of tricking them into sharing password details, granting access to a secure system, or otherwise taking some action to benefit the cybercriminal. Of the various types of cyberthreat that your organisation is likely to experience, phishing will be the most common, making it vital that you can quickly identify a phishing email.

Ideally you will have security systems in place, such as good email filtering, to ensure that phishing emails are blocked before even reaching your inbox. Unfortunately, even with good security systems in place, it’s not uncommon for the occasional phishing email to slip through.

With the average cost of a data breach in Australian now at $4.4 million, and over 82% of all data breaches involving some form of ‘human element’ (such as accidentally engaging with a phishing email), you can see why it’s important to be able to identify a phishing email, and to know how to respond safely.

What are the different types of phishing?

Over the last few years several distinct types of phishing attack have emerged. They all have the same ultimate intent but take slightly different approaches to achieving it.

Phishing

The most common form of phishing attack involves the cybercriminals casting a wide net, with fake emails sent indiscriminately and often in huge numbers. These emails are generally not targeted to their recipients in any meaningful way, apart from pretending to be from well-known brands that the recipient is likely to have some level of trust in, such as Commonwealth Bank or Microsoft. Phishing emails seek to trick the recipient into either sharing personal data or installing malicious software onto their computer to enable further attack.

Spear Phishing

Spear phishing is similar to standard phishing, with the one difference being that spear phishing is targeted at and personalised for specific individuals. This requires the attackers to have some personally identifiable information on their victims, such as email address, first and last names and job title.

This slightly more sophisticated form of attack takes more time to craft and will therefore generally target victims with a higher perceived value, such as more senior staff or those likely to have access to higher value systems.

Whaling

Whaling is a further evolution of spear phishing, targeting senior executives and others in privileged positions. Whaling emails are individually crafted based on specific knowledge of the target organisation and key individuals, and often play on the pretext of a busy executive asking for some information or action to be taken urgently (such as the transfer of funds to a specific bank account).

Smishing

Smishing is a variant of phishing that uses SMS messages rather than emails to trick the recipient into clicking on a fake link and sharing personal data. Common examples in Australia may pretend to be from familiar brands such as Australia Post and Linkt.

Why is email phishing so common?

Of all the different types of cyberattack, why is phishing so prevalent? First is the fact that phishing attacks can be extremely cheap and easy to execute. Email use is extremely commonplace, providing a vast audience of potential targets, while the tools required to execute an attack can be obtained cheaply and easily on the dark web.

The second key point is that humans are – well – human. We can be extremely susceptible to influence through common psychological techniques, such as our tendency to follow rules. We also tend to make mistakes, many of which pass without consequence, but some (such as clicking on the wrong email link) may not.

We can also add that at an organisational level there is often a lack of cybersecurity awareness, meaning staff simply do not recognise a phishing email, nor do they know how to safely respond when they do

How to identify a phishing email

To protect against a phishing attack, it’s extremely important that you be able to identify a phishing email so that you can delete it safely, and not accidentally fall prey. The good news is that there are some common identifiers that you can look out for. After just a little bit of practice you will quickly recognise a malicious phishing email without a second thought.

Unfamiliar sender

Phishing emails will often purport to come from either a generic corporate sender, or a person that you are unfamiliar with. This isn’t to say that you won’t ever receive legitimate email from an unfamiliar sender, but when you do, be cautious to validate it carefully.

Generic greetings

Given that most attackers will not have any personal information about you beyond your email address, phishing emails are likely to use generic greetings such as “Dear Sir”, rather than identifying you by name.

Urgent call to action

Phishing emails often convey a sense of urgency, encouraging you to ‘click now’ to claim a reward or avoid a penalty.

Too good to be true

Phishing emails may contain an offer that’s too good to be true. How likely is it that your long lost (and forgotten) great-aunt has died and left you a million dollars?

Bad spelling & grammar

Phishing emails often contain bad spelling and grammar, something you’re unlikely to see from a legitimate, professional organisation. This poor use of language may be due to an amateur translation from a foreign language, or it may be intentional in an attempt to avoid email filters.

Request for sensitive information

Many phishing attacks will try to get personal information from you, such as passwords or credit card details. Legitimate organisations will never ask for such information via email.

Inconsistencies in email addresses, links & domain names

All legitimate organisations have their own domain name, such as “grassrootsit.com.au” which they will use for their website and their email addresses. Capitalisation of domain names isn’t important; however, all other spelling and punctuation is. Phishing email will often come from email addresses that clearly don’t use the purported organisation’s domain name, or in some more sophisticated phishing attacks may use a domain name that closely matches the legitimate one, but with a sneaky minor change.

Suspicious links

As with email addresses, any links offered in a legitimate email should use the sending organisation’s proper domain name. Check all links carefully before clicking them to ensure that they do in fact use the correct and legitimate domain name. You can check the link address by hovering your mouse curser over the link without clicking.

Unexpected attachments

Always be suspicious of attachments on emails that you weren’t expecting, especially when the email is from an unfamiliar sender. Email attachments are an effective way for attackers to infect your computer with malicious software, but that can only happen if you open the attachment.

What to do if you receive a phishing email

Once you’re familiar with the common tell-tale signs of a phishing email, it will be clear as day when you next receive one. What you do next is crucially important.

The most important thing to remember is to not click on any links or attachments in the email, and to immediately delete the email. Some organisations may ask staff to report any phishing emails to their IT department, in which case you should follow the process provided and do so.

If you do accidentally click on either a link or an attachment in a phishing email, notify your IT department immediately and follow their instructions. There is a good chance that no harm has been done, but it is better to be safe than sorry.

Phishing is the most common form of cyberattack that you are likely to experience, but with a little knowledge it’s easy to identify a phishing email and take appropriate steps to avoid a security incident.

mation from you, such as passwords or credit card details. Legitimate organisations will never ask for such information via email.

If you are using one of the major Software as a Service Offerings (SAAS), such as Office 365 or public cloud file storage, then you are benefitting from incredible economies of scale. Your data is highly available and accessible from almost anywhere securely.

So, you may be thinking…

“All of my stuff is in the cloud. It’s safe!“

But the thing is, this doesn’t necessarily mean that your data is backed up in such a way that you can recover it on-demand.

It’s a common misconception that your data in SaaS applications is fully backed up. For a service to be highly available and resilient, as guaranteed in service levels and expected by the modern workplace, Cloud vendors layer on security and redundancy. Your data is almost definitely backed up by the vendor in the sense that it lives in different parts of the data centre, possibly even in different states, and this makes it highly resilient. But, this is for their benefit. It doesn’t necessarily mean that you are able to roll back and recover data that is lost for whatever reason.

“How can I lose my data?”

Here are three ways that the unthinkable might just happen:

1. Accidental Deletion

Data loss can be the result of human interaction pre-caffeination. Quite simply, it can be caused by human error as simple as someone accidentally hitting that big dirty delete button. Human error is by far the most common cause for data deletion and also potentially the most dangerous because it may not be discovered for some time – longer than many traditional backup regimes accommodate for.

2. Overwriting Data

As well as files being accidentally deleted, information can also be unknowingly overwritten by both users and third-party applications. Many systems hold large volumes of data. Living data that is constantly added to and updated. Bulk uploads, mass importation of large data sets by integrated third-party applications which manage the data inside your applications. Not everything is always operating as it should.

3.Malicious Action

International espionage may seem far-fetched for your company’s cloud data so let’s leave aside the black hoody wearing hacker boogey man, surpassing security systems to delete and corrupt your data complete with retro 90s soundtrack. One of the benefits of having data stored in a cloud system is the increased levels of security that the sheer scale of resources permits. If a nefarious user were able to break through the significant defenses in Microsoft world, it would make more than a ripple in the news.

A far more likely scenario would be the disgruntled employee. When employees leave, be it under a less than ideal circumstance or not, they may delete important information. You want a solution that enables you to easily restore deleted data.

Additionally, you want a system that lets you easily access the information that former employees have left behind in their inbox and My Documents folder without having to pay for their seat license. Many organisations are still retaining the accounts of departed employees in order to ensure that critical data, mail and documents are safely retained and not lost. This is obviously not the best use of scarce resources.

Regardless of how data is lost, it can happen. It’s important that you know that Office 365 doesn’t back up anything long term. If you delete something, after a 30-day period it is gone forever.

Microsoft 365 backup solutions can fill a gap in the Office 365 offering by backing up the data in your mailboxes, One Drive and SharePoint sites.

Cloud Backup Solutions can offer unlimited retention and could be an effective way to not only insure your business against the risk of data loss but also provide you with some very useful features. They allow you to restore your data at a granular level. Individual files or emails can be recovered directly to your computer. This is a unique and very handy capability not available in other products.

An easy-to-use dashboard gives you the ability to view and manage your backups, use robust search capabilities to target specific emails or files and either restore them to a user’s account or, as a very handy bonus feature, download them directly to your computer.

Whether you have a rogue employee deleting files, accidental user error or ransomware attacks, it’s important to know that there are solutions available to protect you from these risks and keep your data safe.

Talk to us today about the data-saving solution that is right for your business.

Securing critical business systems from cyber-attack can be a complex task, with a seemingly endless array of methods available to choose from, each with pros and cons. To help focus our efforts there are various cybersecurity models and frameworks available such as The Essential Eight Maturity Model and the NIST Cybersecurity Framework, both of which offer excellent guidance on improving your cybersecurity posture.

Irrespective of which cybersecurity framework you choose, and which strategies you decide to pursue, there is one cybersecurity control that should be a no-brainer in every organisation, and that’s Multi-factor Authentication.

What is multi-factor authentication?

Multi-factor authentication is an authentication method that requires a user to provide two or more verification factors in order to prove their identity, and gain access to a secure system. In many cases this will mean the user providing their usual password along with some other unique and verifiable piece of information.

There are three main forms of multi-factor authentication in common use:

Unique code: In addition to their password the user will be prompted to enter a unique code that they obtain either via a text message, or via an authentication app installed on their smartphone. These codes are valid only for a very short duration, often 60 seconds, before a fresh code is required to successfully complete authentication.
Authentication app: When the user attempts to logon to a secure system with their username and password, a prompt will appear on a special authentication app installed on their smartphone. They then simply tap to accept the prompt, and authentication will proceed.
Biometric: Every one of us has unique and verifiable biometric features, such as our fingerprints and facial appearance. These unique features can be scanned and used as a second authentication factor.

Why you should enable multi-factor authentication whenever possible

Unfortunately, multi-factor authentication isn’t always enabled by default on the systems that you use, even though it most likely is available as a feature. Until you actively choose to enable MFA on each system that you use, you won’t receive the extra value that it offers, leaving critical business systems potentially exposed to cyber-attack.

So, what are the top 3 reasons to enable MFA?

#1 – MFA protects accounts from unauthorized access

The traditional approach of only requiring a username and password to logon to a secure system is unfortunately not actually very secure, particularly as cyber-criminals become increasingly more determined.

Usernames are often easy to discover, often just being the user’s email address. Passwords can be hard to remember, particularly with so many different systems and passwords to keep track of, so people tend to pick simple ones, or use the same password on many different systems, all of which makes them easier to crack.

Multi-factor authentication on the other hand is extremely effective at protecting user accounts from unauthorised access. This is why most online services make MFA available, and why many such as banks have made MFA compulsory. Even if a cyber-criminal were to obtain your username and password, without access to your second authentication factor they would still not be able to access your user account.

#2 – MFA can enhance the user experience

Multi-factor authentication offers several opportunities to enhance the user experience and, in the process, improve productivity, efficiency and user satisfaction. Single sign-on services that user multi-factor authentication allow users to sign-on once, and then be automatically and securely authenticated into multiple other systems, negating the need for them to sign-on to each system individually.

Biometric multi-factor authentication can alleviate the need to manually enter any authentication details at all. A single fingerprint touch, or a glance at the camera in your laptop can be sufficient to securely login.

Finally, contrary to long held wisdom, the current guidance from security experts such as Microsoft and the NIST is to not force users to change their password periodically, but instead to let them keep the same password indefinitely – on the condition that the password chosen is long, complex, and multi-factor authentication is in use.

#3 – MFA can help comply with standards & regulations

As many organisations seek to push cybersecurity compliance down through their supply chains, demonstrating the maturity of organisational cybersecurity is rapidly becoming a requirement for many government and commercial dealings.

Aligning with a broadly recognised cybersecurity framework such as The Essential Eight or the NIST is an effective and widely adopted approach to not only improving cybersecurity posture, but also being able to demonstrate that maturity to partner organisations when required.

Multi-factor authentication is identified as an essential security control in not only the major cybersecurity frameworks, but also directly in many commercial engagements such as cyber-insurance policies.

Watch our free on-demand webinar now: The Essential Eight Cybersecurity Maturity Model

Conclusion

Multi-factor authentication should be a non-negotiable requirement in every organisation’s cybersecurity strategy. Not only does it provide an effective layer of protection against user account breach, but it can enhance user experience and productivity, while also helping to align the organisation with widely recognised cybersecurity standards.