3 quick ways to protect your work emails against a data breach

3 quick ways to protect your work emails against a data breach

Recently CyberGuru’s Chief Guru, Chris Jeffery, was interviewed by internet security software, ESET, about our thoughts on protecting work emails. Please see the resulting article below. As always, if you would like assistance with anything discussed in this article, please feel free to contact us.

Over 30% of cyber security breaches are caused by human error, according to the Office of the Australian Information Commissioner (OIAC).

Since Australia’s mandatory data breach reporting scheme came into effect in February last year, further light has been shed on the key causes of cybersecurity breaches on private customer information – and the reasons might not be what you expect.

The recent Notifiable Data Breaches Quarterly Statistics Report (link opens in new window) shows that malicious data breaches are increasingly relying on a human element to succeed, with a high rate of incidents occurring between October and December 2018 exploiting vulnerabilities from simple mistakes, such as clicking on a phishing email.

With cybersecurity incidents increasing frequency and severity, it’s more important than ever for Australian businesses to understand how best to protect themselves against an attack. To help you get started, CyberGuru Chief Guru Chris Jeffery has collaborated with the team at ESET security to bring you some key tips on how to protect your business emails from data and security breaches (link opens in new window).

Educate and prepare your staff 

To protect your company data from a breach, it’s vital to train your employees on the latest strategies being used by cybercriminals and ensure they know what to look out for to avoid being exploited.

Here are some simple steps your employees should follow regularly:

  • Checking an email sender’s “from” address to validate legitimacy
  • Looking for any suspicious attachments
  • Avoiding unrecognised links
  • Keeping an eye out for poor spelling and grammar

“Multiple organisations have experienced significant loss from just one staff member opening an email that contained malware,” says Jeffery.

Having additional cybersecurity in place, such as email-filtering software, will help protect your business against email cyber breaches. If you’re unsure what kind of solution is best for your company, consider getting professional security advice or trialling some cybersecurity solutions (link opens in new window).

Foster good password hygiene in the office

“In many organisations today, passwords aren’t managed effectively,” says Jeffery.

“Often, accounts are shared between users or staff, stored on sticky notes, written in notebooks easily accessible on desks, or printed using professional label makers and stuck under keyboards.”

ESET recommends that passwords are changed regularly with a high level of complexity – and if a password is thought to be breached, to change it immediately. While it can certainly be difficult to recall a vast collection of different passwords, it’s important you avoid doubling up as much as possible. A password management solution can make this process much easier, and using two-factor authentication will also serve to strengthen your defence even further

Encourage secure remote working

Do your staff work remotely or on the go? Then you’ll need to make sure they can access emails in a secure way from whatever device they need. In these cases, Wi-Fi security is a big watch out. ESET recommends looking out for fraudulent “free” public Wi-Fi by always checking the name, asking for a password from reception, or using a virtual private network (VPN).

Building the best defence for your business

These steps are a great place to start in protecting your business against data breaches. The OIAC has also developed a data breach preparation and response guide with a four-step process: contain, assess, notify and review. If a breach has been discovered, the faster you respond, the faster you can mitigate the risk and save your reputation.

Significant penalties now apply through the Notifiable Data Breaches Act for businesses who fail to take care in protecting their customers’ data – so it’s vital your business builds the best defence possible.

We encourage you consider how you can protect your organisation by following these tips. If CyberGuru can be of any assistance to you or organisation through consulting, support or training, please contact us.

CyberGuru proudly supports Privacy Awareness Week in 2019

CyberGuru proudly supports Privacy Awareness Week in 2019

Privacy Awareness Week 2019

As part of our commitment to protecting your privacy, CyberGuru is proud to announce its support of Privacy Awareness Week in 2019. Running 12-18 May, this year’s theme is “Don’t be in the Dark on Privacy”, with an emphasis on what businesses and individuals can do to maintain privacy.

For businesses, privacy protection is vital to building and maintaining clients’ trust in our management of their personal information. Privacy should be integrated into all projects that involve personal information so that risks are identified and addressed as soon as possible. Privacy is about transparency – it’s about being upfront about personal information handling practices so that individuals can make informed decisions and won’t be surprised about how their personal information is used.

For example, some of the practices we have taken at CyberGuru to protect privacy include:

  • Undertaking a Privacy Impact Assessment as part of our obligations under the Notifiable Data Breach Scheme.
  • Displaying our privacy policy online, which informs you how we handle your personal information, including collecting only required information necessary to provide our products and services to you and not sharing your information with third-parties unless consent is provided.
  • Ensuring our website and email communications are secure and protected using HTTPS, SSL and encryption technologies.

Individuals need to take responsibility for protecting their privacy. Some companies do not take reasonable steps to protect privacy, exemplified by Facebook’s myriad of privacy scandals in the past year.

This year, Privacy Awareness Week has identified the following five priorities to assist individuals in protecting their privacy:

  1. If you are notified of a data breach act quickly to reduce the risk of harm
  2. Protect yourself online and safeguard your passwords
  3. Check your credit report for free once a year
  4. Sharing your health information is your choice
  5. Be aware of what data you share

For further information and resources on these priorities, please visit the Privacy Awareness Week website (link opens in new window). If you would like assistance in implementing any privacy practices, please contact us today.

It’s time to update your Google Chrome browser!

It’s time to update your Google Chrome browser!

It’s time to update your Google Chrome browser!On Friday 1 March, Google announced it had discovered a Zero-Day Vulnerability “CVE-2019-5786” in its Google Chrome browser. It’s time to update your Google Chrome browser!

Whilst only limited details have been published on the Chrome Releases blog, it is strongly suggested that you update Google Chrome if you are using this as your browser.

It is important to check you are running the latest version of Chrome, which at the time of writing is 72.0.3626.121.

To check for and install updates in Google Chrome on the PC or Mac:

  1. Click on the three vertical dots on the right-hand side near the address bar.
  2. Point to Help and click About Google Chrome.
  3. This should then check and install updates, which may take a few minutes depending on your computer and internet speed.
  4. If it has performed an update, you may need to relaunch Google Chrome to finish updating. If it says “Google Chrome is up to date”, you are good to go.

If you are running Google Chrome on your mobile phone or tablet, you should do this as well. Go to the Google Play Store or iTunes Store to download and install the required update.

This is a good reminder to always keep your computer’s software and devices’ apps up-to-date with the latest security updates. If you are looking for assistance with this, CyberGuru provides a computer maintenance service where provide scheduled proactive review and upkeep of your ICT environment and keep it up-to-date on your behalf. We can do this both face-to-face and remotely depending on your requirements. Please contact us for more information.

“Collection #1” Data breach lists 773 million accounts online

“Collection #1” Data breach lists 773 million accounts online

Collection #1

Barely a day goes by without news of another data breach or new security issue. But late last week security researcher Troy Hunt announced the discovery of what is possibly the largest data breach ever. Known as Collection#1, the data breach contains approximately 773 million accounts online from multiple sources.

Collection #1 is a large collection of email addresses and passwords which was made available on a public hacking forum. It appears to consist of multiple breaches across several websites.

Since the original announcement by Hunt, it is further now understood Collection#1 is just one of seven collections, so it is likely that the number of breached accounts is likely to increase dramatically when the remaining collections become public.

The recommendations made are always:

  • Set strong passwords and don’t use the same passwords on multiple websites.
  • Change passwords where you may have used the same username and password.
  • Set up multi-factor authentication on your accounts to ensure that you require a secure code as well as your password.

We strongly suggest everyone review their accounts on the Have I Been Pawned? website (link opens in new window) to see if you have any vulnerable accounts. You can also check your password to see if it on any known exposure.

If we can be of any assistance to you in implementing these recommendations, or would like any further advice on cyber security, please let us know.

Ask CyberGuru: Have I been hacked?

Ask CyberGuru: Have I been hacked?

Ask CyberGuru

In this month’s Ask CyberGuru, we are asked: “I received an email advising that my email account has been hacked and a RAT installed on my computer. Further, it says I have been filmed using my webcam and personal information has been downloaded and will be shared on my social networks if I don’t pay the ransom in crypto-currency. Is this true?”.

There has been a series of emails doing the rounds recently advising that “RAT” (remote access technology) software has been installed onto your computer, threats of a personal nature are made and advised that this software will be made available to your social media if you don’t pay via crypto currency. Along with this, in some cases, the information include may include a password that you may have used.

This type of scam is the current flavour of the month and we have heard of several forms of this scam. One of the reasons these emails have particularly spooked clients is that the emails often contain threats of character assassination such as releasing “video” of the recipient watching adult content to their friends and family on social media, irrespective of whether they have done so or not.

Whilst this email seems threatening and intimidating, generally this email is an attempt to blackmail the recipient into paying money to the scammer. Oftentimes, the password may have been made public through a previously compromised website, and these passwords are often what makes this email more concerning.

If you suspect you may have been compromised in any way, protect yourself by:

  1. Changing all passwords on accounts with the password if displayed or not. Please check the “Have I been Pwned?” website (link opens in new window) to identify if your email account has been listed as being compromised in a data breach. If so, make sure you change any passwords immediately. As the email address and password is known, leaving these changes may cause issues in the future.
  2. Performing a full antivirus scan of your computer using a reputable internet security program. Further, please ensure you use secure (HTTPS) websites only to ensure your information is encrypted and remains safe. Always use internet security software on your computers and devices when online.
  3. Deleting the email and do not respond in any way to the hacker, and most certainly do not pay the ransom. Be wary of emails requesting you click to open a website or to access an important file. Do not take any action on the email.

If you are concerned you may have been or are compromised in any way, please contact CyberGuru for further advice. If you believe you have been the victim of identity theft or any information has been leaked, we strongly recommend that you seek immediate assistance.