3 quick ways to protect your work emails against a data breach

3 quick ways to protect your work emails against a data breach

Recently CyberGuru’s Chief Guru, Chris Jeffery, was interviewed by internet security software, ESET, about our thoughts on protecting work emails. Please see the resulting article below. As always, if you would like assistance with anything discussed in this article, please feel free to contact us.

Over 30% of cyber security breaches are caused by human error, according to the Office of the Australian Information Commissioner (OIAC).

Since Australia’s mandatory data breach reporting scheme came into effect in February last year, further light has been shed on the key causes of cybersecurity breaches on private customer information – and the reasons might not be what you expect.

The recent Notifiable Data Breaches Quarterly Statistics Report (link opens in new window) shows that malicious data breaches are increasingly relying on a human element to succeed, with a high rate of incidents occurring between October and December 2018 exploiting vulnerabilities from simple mistakes, such as clicking on a phishing email.

With cybersecurity incidents increasing frequency and severity, it’s more important than ever for Australian businesses to understand how best to protect themselves against an attack. To help you get started, CyberGuru Chief Guru Chris Jeffery has collaborated with the team at ESET security to bring you some key tips on how to protect your business emails from data and security breaches (link opens in new window).

Educate and prepare your staff 

To protect your company data from a breach, it’s vital to train your employees on the latest strategies being used by cybercriminals and ensure they know what to look out for to avoid being exploited.

Here are some simple steps your employees should follow regularly:

  • Checking an email sender’s “from” address to validate legitimacy
  • Looking for any suspicious attachments
  • Avoiding unrecognised links
  • Keeping an eye out for poor spelling and grammar

“Multiple organisations have experienced significant loss from just one staff member opening an email that contained malware,” says Jeffery.

Having additional cybersecurity in place, such as email-filtering software, will help protect your business against email cyber breaches. If you’re unsure what kind of solution is best for your company, consider getting professional security advice or trialling some cybersecurity solutions (link opens in new window).

Foster good password hygiene in the office

“In many organisations today, passwords aren’t managed effectively,” says Jeffery.

“Often, accounts are shared between users or staff, stored on sticky notes, written in notebooks easily accessible on desks, or printed using professional label makers and stuck under keyboards.”

ESET recommends that passwords are changed regularly with a high level of complexity – and if a password is thought to be breached, to change it immediately. While it can certainly be difficult to recall a vast collection of different passwords, it’s important you avoid doubling up as much as possible. A password management solution can make this process much easier, and using two-factor authentication will also serve to strengthen your defence even further

Encourage secure remote working

Do your staff work remotely or on the go? Then you’ll need to make sure they can access emails in a secure way from whatever device they need. In these cases, Wi-Fi security is a big watch out. ESET recommends looking out for fraudulent “free” public Wi-Fi by always checking the name, asking for a password from reception, or using a virtual private network (VPN).

Building the best defence for your business

These steps are a great place to start in protecting your business against data breaches. The OIAC has also developed a data breach preparation and response guide with a four-step process: contain, assess, notify and review. If a breach has been discovered, the faster you respond, the faster you can mitigate the risk and save your reputation.

Significant penalties now apply through the Notifiable Data Breaches Act for businesses who fail to take care in protecting their customers’ data – so it’s vital your business builds the best defence possible.

We encourage you consider how you can protect your organisation by following these tips. If CyberGuru can be of any assistance to you or organisation through consulting, support or training, please contact us.

CyberGuru proudly supports Privacy Awareness Week in 2019

CyberGuru proudly supports Privacy Awareness Week in 2019

Privacy Awareness Week 2019

As part of our commitment to protecting your privacy, CyberGuru is proud to announce its support of Privacy Awareness Week in 2019. Running 12-18 May, this year’s theme is “Don’t be in the Dark on Privacy”, with an emphasis on what businesses and individuals can do to maintain privacy.

For businesses, privacy protection is vital to building and maintaining clients’ trust in our management of their personal information. Privacy should be integrated into all projects that involve personal information so that risks are identified and addressed as soon as possible. Privacy is about transparency – it’s about being upfront about personal information handling practices so that individuals can make informed decisions and won’t be surprised about how their personal information is used.

For example, some of the practices we have taken at CyberGuru to protect privacy include:

  • Undertaking a Privacy Impact Assessment as part of our obligations under the Notifiable Data Breach Scheme.
  • Displaying our privacy policy online, which informs you how we handle your personal information, including collecting only required information necessary to provide our products and services to you and not sharing your information with third-parties unless consent is provided.
  • Ensuring our website and email communications are secure and protected using HTTPS, SSL and encryption technologies.

Individuals need to take responsibility for protecting their privacy. Some companies do not take reasonable steps to protect privacy, exemplified by Facebook’s myriad of privacy scandals in the past year.

This year, Privacy Awareness Week has identified the following five priorities to assist individuals in protecting their privacy:

  1. If you are notified of a data breach act quickly to reduce the risk of harm
  2. Protect yourself online and safeguard your passwords
  3. Check your credit report for free once a year
  4. Sharing your health information is your choice
  5. Be aware of what data you share

For further information and resources on these priorities, please visit the Privacy Awareness Week website (link opens in new window). If you would like assistance in implementing any privacy practices, please contact us today.

Upgrading from Skype for Business to Microsoft Teams

Upgrading from Skype for Business to Microsoft Teams

Microsoft Teams released to Office 365 business clients

Microsoft Teams, reportedly the fastest growing app from Microsoft, has been around for nearly two years now. It is known as the hub for teamwork in Office 365 providing call, chat, videos and meetings, Microsoft Teams is the integration of a number of Microsoft Office programs, including OneDrive for Business, SharePoint, and OneNote. It is replacing Skype for Business. It is sometimes referred to as a simplified SharePoint.

Microsoft Teams allows you to manage your organisations’ communications through:

  • Share and collaborate on files.
  • Messaging including persistent 1:1 private and group chat.
  • Provide voice and video calling.
  • It also closely integrates with other programs, including Outlook, Planner and third-party products.

Microsoft Teams

If you are currently using Skype for Business, you will receive a message that “Your upgrade to Teams is scheduled” to Microsoft Teams. Generally, you receive a few weeks’ notice. If you have been using Skype for Business as part of a standalone subscription or as part of Office 365 Business Essentials, Business Premium, Enterprise E1 or Enterprise E3 subscription, you will receive the message in the coming months.

We strongly encourage beginning preparations to move to Teams as soon as possible by:

  • having Microsoft Teams installed on your computers and devices (as after the upgrade, Skype for Business no longer will operate)
  • provide your staff training on how to use Teams.

If you are in need of assistance to undertake this upgrade, or are not already using Teams and would like some training, CyberGuru can provide help with this as well. Please contact us for more information.

Ask CyberGuru: Do I need to read the Office 365 Message centre emails?

Ask CyberGuru: Do I need to read the Office 365 Message centre emails?

Ask CyberGuru

In this month’s Ask CyberGuru, we are asked “Do I need to read the Office 365 Message centre emails?, I seem to get them all of the time and they have no relevance to me?”.

As part of your Office 365 subscription, there are often changes, including new features, updates and products during the year. As part of this service, Microsoft send regular updates via email and through the Office 365 Message Centre. This message centre is to provide you with awareness of new features before they are introduced. You can read about these and correlate these to the roadmap, as well as how it will impact you, as well as what you can do to prepare for the change.

One of the recent emails sent referred to the new Microsoft 365 admin center becoming the common entry point for managing all your Microsoft 365 services. It makes mention that it is applicable to all clients. Depending on the feature, you may not be affected, or required to take any action but would recommend reviewing these briefly and contacting us if you have any questions or concerns.

As many of clients would be aware, we provide updates through our newsletter, blog as well during onsite or remote visits with you. We are always happy to be your reference point for new Office 365 features, however, Microsoft share these with you so that you can prepare for these if required. If you have too many emails, you can choose to set a rule to move these to a folder for later reference or unsubscribe altogether.

If you have a question you would like to ask CyberGuru, please contact us.