Today, a large majority of our valuable assets are digital. Bank accounts, personal information, email, photos, just about everything is saved digitally in some form.
This is why we have put together this comprehensive guide to cybersecurity, talking about the most important components, why it's important and a few resources to help you stay up to date.
What is Cyber Security
Cyber Security is an all encompassing term that covers everything that protects you, and your business online. It includes things like, protecting your computers, individual and business data, website, business applications, email, files, finance packages, CRM & ERP platforms, onsite servers and cloud servers. Everything that touches the digital, or cyber world is included in Cyber Security.
It is one of the most important components of a technology strategy, particularly today when most of our information is online and teams are working remotely.
Cyber Security Terms to Know
Multi Factor Authentication
Multifactor or two factor authentication means having a password to access an account, and having another method of identifying yourself. This is typically done by an authentication app like Microsoft Authenticator or Google Authenticator, or sms, or email. It is a really easy way to add an extra layer of protection to your account. Hackers have programs that automatically run testing thousands of passwords against your accounts, if you have an easy password and don't have two factor authentication, their automated bots could gain access to your accounts.
A data breach occurs when your data has been compromised, a hacker has gained access to your data, be it personal or business. Perhaps they have stolen your data and are selling it on the dark web, or they have locked access to it via a strain of crypto locker or simply have access to your systems and are embedding spyware. Whatever the reason, any type of malicious access to your systems is called a Data Breach.
Encryption is a form of protecting your data. The encryption process involves complex codes and keys to encrypt or lock your data, rendering it almost useless unless you have the key to decrypt, or unlock it. It provides a secure way of transferring sensitive information, and keeping your physical computer safe. If your computer is stolen, lifting data from the hard drive is almost impossible if it is encrypted (provided you have the right password protection measures in-place). There are tools available to encrypt and send sensitive digital information as well, Outlook has built in functionality to help here.
Encryption can also be used for malicious purposes. Cybercriminals running Ransomware attacks use encryption methods to lock your files.
HTTP vs. HTTPS
While surfing the internet, at the start of a website address you will see http:// or https:// followed by the website address, for example https://power-net.com.au. the s in https indicates that this website is secured with a security certificate (called an SSL certificate). This ensures encryption applied to the communication between you and the website. It helps improve the privacy of your data that is collected by that website as well as ensure safe communication when transferring those data. Most websites today collect information from their visitors using cookies, when the website has a security certificate, you know that your data is a little bit safer. This is standard practice in the world of websites, and we recommend being cautious and suspicious of any websites that don't have https://.
The term vulnerability is thrown around a lot in the cybersecurity world, it refers to so many different aspects of cybersecurity that it can sometimes feel meaningless, but it's an important one. It refers to all areas of cybersecurity where you might be vulnerable to a cyberattack. It could be a missing security patch, or out of date software or it could be an area of your business that needs more cybersecurity training. Essentially anything flagged as 'vulnerable' in your technology suite should be addressed as a priority.
Antivirus is a software application that helps protect your computer from viruses. It is a standard recommendation for every computer, regardless of whether it's a business or personal one. They usually come equipped with Multi Device Protection - meaning you can use it to protect your computer and mobile and table. Multi Threat Protection, meaning it will protect you from different types of cyber threats. Parental Controls, giving you control over what your children can do on your computer. A Firewall, adding a layer of defense between your computer and the internet. And, a virus removal tool to help you if your computer becomes infected. There are a lot of options for antivirus platforms out there, we can help you choose the right one for you.
Today there are antivirus platforms available that have behavior and machine learning built in, adding an additional layer of defense. Our cybersecurity team can help you choose the right one for your business.
Ransomware (sometimes referred to as cryptolocker) consists of a simple virus which, once on your computer or company’s network, encrypts your files making them useless without an un-encryption key. Getting this key involves transferring large sums of money, usually in the form of BitCoin, or another cryptocurrency to the perpetrators, and even then there’s no guarantee your data can be saved. There have been some big name brands affected by ransomware this year, Toll, Garmin, Carnival, Fisher & Paykel and Blue Scope to name a few. This doesn't mean only big name brands are a target, small businesses are amongst some of the most vulnerable to ransomware attacks. Often small business owners assume they are too small to be a target and that is the reason why many hackers target them.
Backing up your data is a process in which your business data and applications are copied and stored in another location. It is an insurance measure that ensures, in the event you are breached or fall victim to a cyberattack, you have a copy of your information safely stored elsewhere. This can save you from having to pay, what can be hundreds of thousands of dollars to unlock files that have been locked. If all of your files are locked. Besides the cost of recovering your data, what would it cost you in lost productivity or sales? Check out our downtime calculator to work out the cost.
A firewall acts as a barrier between your computer and the internet. It helps to keep your computer and the data stored on it safe. There are many types of firewalls such as, physical devices that sit with your router or modem and virtual or cloud hosted firewalls that is a software layer of protection.
This method of cyber crime is based solely on cybercriminals manipulating their victims, exploiting our natural inclination to trust. The information that these cybercriminals target varies but it is generally passwords, bank details or other personal information that they are after. This style of scam is also seen targeting the elderly in our population through phone calls such as this example.
Notifiable Data Breach
By law, if a data breach occurs and personal information that your business holds is lost of is subject to unauthorised access, you must notify the affected individuals and the OAIC. If you don't notify there are large fines of up to $360,000 for individuals and $1.8million for businesses. Check out the legal side of cyber security further down the page.
The Human Element of Cyber Security
Technology can do a great deal to protect you and your business however, making sure you and your team know how to identify a scam is vital to sealing the gaps in your cybersecurity setup. The only way to seal this gap is to marry process and technology, providing regular, educational content to your team. Ensuring they know how to identify an attempted cyber attack, before a link is clicked, or before they provide passwords over the phone and how to know if a website can be trusted. Getting this piece right is vital to staying safe online.
Why is Cyber Security Important
Cybersecurity is a holistic approach to protecting you and your digital information, it is important to physically keep your home and office safe and in the same way, it is important to keep your digital life safe. Cyber crime is going up and it's not going away. The risk of not implementing any cyber security ranges from identity theft to monetary theft and the potential closure of business. It is a vital component of being online, for everyone, be it individual or business.
Types of Cyber Attacks
The term phishing is inspired by fishing, fishing for fish in water. Hackers will send an email in the hope that the receiver will fall for their trick or lure and click on a link/open an attachment or pay for a fake invoice. Their intent or hope is that they will gain access to your systems in order to infect them and demand payment, or steal your data to sell on the dark web.
Password Attack or Brute Force Attack
A brute force or password guessing attack is when a cybercriminal continually attempts to guess your username and password. They will usually have access to known username and password combinations from previous data breaches, giving them a head start in gaining access. Often, cybercriminals have automated bots that can automatically run these attacks, testing thousands of username/password combinations against your account. The best way to protect yourself against these types of attacks is having a different, complex password for every account and using multifactor authentication.
DDoS or Denial of Service Attack
A DDoS attack is a simple yet powerful cyberattack that targets insecure devices or poor online security habits. The cybercriminal will look to flood your network with so much traffic that the network won't be able to operate or communicate as it normally would.
Malware is a type of software that is specifically designed to do damage to a computer, steal information or spy on your activity. The most common types of malware are:
Keyloggers track everything that you type on your keyboard and usually have a built in functionality that sends a file to the hacker containing all the data you entered. It is usually designed to find passwords, or personal information.
Ransomware as described above is a type of software that once on your computer, block access to files and holds those files to ransom. The cybercriminal will demand payment in order for you to regain access to your files.
Spyware is designed to monitor, or spy, on your activity and send it back to a hacker.
Best Practice Cyber Security
Our teams follow the Australian Government’s ASD Essential 8 and the US Government’s NIST framework as a baseline for cybersecurity practices. These are government written standards for cybersecurity and we recommend using these two guidelines as a starting point for your cybersecurity strategy.
From a technology perspective, there are a few things you should have in place, as a minimum
- Email filtering
- Antivirus software
- Single sign on
- Two factor authentication
- Encryption on all devices
- Mobile device management
- Backup & archiving for all business data
- Regular patching of your operating system and applications
- IT security policy(s)
Cyber Security Tips for Businesses
As a business, there is a lot you can do to protect yourself and your team from cyber criminals. Technology is advancing all the time and there are some relatively inexpensive and 'quick wins' you can implement to be protected
- Audit and create a list of all your business applications, and their security features (you can use this template to get the job done)
- Create a cybersecurity culture
- Turn on encryption for all of your computers
- Educate your team on how to identify a scam
- Follow these 5 steps to stay safe online
- Check out this post on keeping your remote workforce safe
- Talk to us about dark web scanning
- Check your insurance to see if you have cybersecurity insurance included
Cyber Security Tips for Individuals
For individuals there are a lot of things you can do that don't require a lot of investment. Most computers today come with the ability to encrypt, check out our guide on how to set up encryption. Choose an anti virus platform that is right for you, and has extra features, checkout our guide to buying the right antivirus.
Besides the technology read through the government's little black book of scams to get familiar with what a scam email or website could look like. Your best defense is arming yourself with the knowledge on how to identify something malicious.
The Legal Side of Cyber Security
Did you know if you have cyber breach you may be legally required to notify the Australian government?
Failure to notify can result in fines of $360,000 for individuals and $1.8million for businesses. It's important to have the right measures in place to identify if you have had a breach, and if you do, what steps to follow to notify the right parties.
We recommend having an Incident Response Plan created for your business, your company lawyer, IT team and leadership teams should be involved in the developing the plan. Once it is created we recommend doing a practice run so in the event that you do have a breach, you are well prepared to invoke your plan.
We have a free template you can use to get you started:
Cyber Security Resources
Australian Cyber Security Centre
The Australian government has a website dedicated to cyber security resources. It's a great place to stay up to date with the latest cyber alerts. Powernet is a partner of the ACSC.
Cybrary is an online cybersecurity education platform. You can sign up to a free account on Cybrary and take some courses on cybersecurity. There are videos, certifications and much more.
Check out our webinar below to learn more about these cybersecurity strategies. We teamed up with industry leading cyber security experts from Sophos to teach you how to successfully implement the strategies in your business.
Cybersecurity is talked about a lot today, and for a good reason. It can be really easy to fall victim to a cyberattack, it's not just big companies that are targeted. Your best defense is education and awareness, with technology as your backup, knowing how to identify something malicious is the best way to keep you and your business safe online.