Is your Mac safe?

Is your Mac safe?

The Malwarebytes 2020 State of Malware Report revealed an incredible fact: for the first time ever, the number of threats per endpoint was greater for Macs than Windows PCs.

The study by Malwarebytes Labs (link opens in new window) measured the number of threats such as malware, spyware and ransomware per endpoint (a term for devices such as desktops, laptops and mobile phones). They detected 11 threats per endpoint in 2019, up from 4.8 threats per endpoint in 2018. Not only is this a massive increase in threats over the space of a year, it is almost double the number of threats per endpoint detected on Windows PCs in 2019 (5.8 threats per endpoint).

Historically Macs have been considered to be more secure than Windows. One of the main reasons for this is that Macs had a much smaller market share than Windows, so targeting Windows was more lucrative to cyber criminals. However, the increasing popularity of Macs over the last decade or so has meant that Macs are no longer a niche market and they now represent an increasingly attractive target to cyber criminals.

Regardless of whether you have a Mac or Windows PC, the strategies for protecting yourself are still the same:

  1. Set up Internet security software on all devices including mobile phones with a VPN if using WiFi hotspots.
  2. Use strong passwords on all of your accounts, and better yet use a password manager.
  3. Implement multi-factor authentication on websites and apps where possible. Install an authenticator such as Microsoft Authenticator or Google Authenticator.
  4. Automate patching of your operating system and other software.
  5. Back up your data on a regular basis in various locations (cloud, onsite and remotely).

If you have any security concerns or would like assistance in implementing any security measures, please contact us today.

Norton introduces the “new” Norton 360

Norton introduces the “new” Norton 360

Norton has recently reintroduced the “new” Norton 360, replacing the Norton Security which has existed over the past few years, which had replaced the product of the same name form many years prior.

In the “new” Norton 360 product, Norton has introduced additional security protection as well as the usual computer and internet security, cloud backup and performance improvement features. It now includes a Secure VPN for online privacy, Dark Web Monitoring by LifeLock (which monitors your primary email address), and SafeCam to block webcam takeovers. The remainder of the product is relatively unchanged from Norton Security, aside from a new front “My Norton” screen that starts when you load the application.

If you have an existing Norton Security subscription, you may be offered a free or discounted upgrade to the new Norton 360 as a special offer. Should you do this, you may be required to sign up for automatic renewal and provide your credit card details for verification. Alternatively, you may wish to wait until your subscription falls due before you upgrade and purchase this product then.

Here at CyberGuru, we have used and recommended Norton products continuously over the last 20 years which has provided ourselves and clients confidence that their devices are protected from internet security threats and vulnerabilities. This recommendation is based on our own experience with the software, not because we are paid to do so. We appreciate some clients have experienced various performance issues with such software, however such internet security software is worthwhile overall considering given the strong value it provides for a reasonable yearly subscription.

If you would like us to assist you to purchase, install or configure Norton 360 in your environment, please feel free to contact us.

3 quick ways to protect your work emails against a data breach

3 quick ways to protect your work emails against a data breach

Recently CyberGuru’s Chief Guru, Chris Jeffery, was interviewed by internet security software, ESET, about our thoughts on protecting work emails. Please see the resulting article below. As always, if you would like assistance with anything discussed in this article, please feel free to contact us.

Over 30% of cyber security breaches are caused by human error, according to the Office of the Australian Information Commissioner (OIAC).

Since Australia’s mandatory data breach reporting scheme came into effect in February last year, further light has been shed on the key causes of cybersecurity breaches on private customer information – and the reasons might not be what you expect.

The recent Notifiable Data Breaches Quarterly Statistics Report (link opens in new window) shows that malicious data breaches are increasingly relying on a human element to succeed, with a high rate of incidents occurring between October and December 2018 exploiting vulnerabilities from simple mistakes, such as clicking on a phishing email.

With cybersecurity incidents increasing frequency and severity, it’s more important than ever for Australian businesses to understand how best to protect themselves against an attack. To help you get started, CyberGuru Chief Guru Chris Jeffery has collaborated with the team at ESET security to bring you some key tips on how to protect your business emails from data and security breaches (link opens in new window).

Educate and prepare your staff 

To protect your company data from a breach, it’s vital to train your employees on the latest strategies being used by cybercriminals and ensure they know what to look out for to avoid being exploited.

Here are some simple steps your employees should follow regularly:

  • Checking an email sender’s “from” address to validate legitimacy
  • Looking for any suspicious attachments
  • Avoiding unrecognised links
  • Keeping an eye out for poor spelling and grammar

“Multiple organisations have experienced significant loss from just one staff member opening an email that contained malware,” says Jeffery.

Having additional cybersecurity in place, such as email-filtering software, will help protect your business against email cyber breaches. If you’re unsure what kind of solution is best for your company, consider getting professional security advice or trialling some cybersecurity solutions (link opens in new window).

Foster good password hygiene in the office

“In many organisations today, passwords aren’t managed effectively,” says Jeffery.

“Often, accounts are shared between users or staff, stored on sticky notes, written in notebooks easily accessible on desks, or printed using professional label makers and stuck under keyboards.”

ESET recommends that passwords are changed regularly with a high level of complexity – and if a password is thought to be breached, to change it immediately. While it can certainly be difficult to recall a vast collection of different passwords, it’s important you avoid doubling up as much as possible. A password management solution can make this process much easier, and using two-factor authentication will also serve to strengthen your defence even further

Encourage secure remote working

Do your staff work remotely or on the go? Then you’ll need to make sure they can access emails in a secure way from whatever device they need. In these cases, Wi-Fi security is a big watch out. ESET recommends looking out for fraudulent “free” public Wi-Fi by always checking the name, asking for a password from reception, or using a virtual private network (VPN).

Building the best defence for your business

These steps are a great place to start in protecting your business against data breaches. The OIAC has also developed a data breach preparation and response guide with a four-step process: contain, assess, notify and review. If a breach has been discovered, the faster you respond, the faster you can mitigate the risk and save your reputation.

Significant penalties now apply through the Notifiable Data Breaches Act for businesses who fail to take care in protecting their customers’ data – so it’s vital your business builds the best defence possible.

We encourage you consider how you can protect your organisation by following these tips. If CyberGuru can be of any assistance to you or organisation through consulting, support or training, please contact us.

CyberGuru proudly supports Privacy Awareness Week in 2019

CyberGuru proudly supports Privacy Awareness Week in 2019

Privacy Awareness Week 2019

As part of our commitment to protecting your privacy, CyberGuru is proud to announce its support of Privacy Awareness Week in 2019. Running 12-18 May, this year’s theme is “Don’t be in the Dark on Privacy”, with an emphasis on what businesses and individuals can do to maintain privacy.

For businesses, privacy protection is vital to building and maintaining clients’ trust in our management of their personal information. Privacy should be integrated into all projects that involve personal information so that risks are identified and addressed as soon as possible. Privacy is about transparency – it’s about being upfront about personal information handling practices so that individuals can make informed decisions and won’t be surprised about how their personal information is used.

For example, some of the practices we have taken at CyberGuru to protect privacy include:

  • Undertaking a Privacy Impact Assessment as part of our obligations under the Notifiable Data Breach Scheme.
  • Displaying our privacy policy online, which informs you how we handle your personal information, including collecting only required information necessary to provide our products and services to you and not sharing your information with third-parties unless consent is provided.
  • Ensuring our website and email communications are secure and protected using HTTPS, SSL and encryption technologies.

Individuals need to take responsibility for protecting their privacy. Some companies do not take reasonable steps to protect privacy, exemplified by Facebook’s myriad of privacy scandals in the past year.

This year, Privacy Awareness Week has identified the following five priorities to assist individuals in protecting their privacy:

  1. If you are notified of a data breach act quickly to reduce the risk of harm
  2. Protect yourself online and safeguard your passwords
  3. Check your credit report for free once a year
  4. Sharing your health information is your choice
  5. Be aware of what data you share

For further information and resources on these priorities, please visit the Privacy Awareness Week website (link opens in new window). If you would like assistance in implementing any privacy practices, please contact us today.

It’s time to update your Google Chrome browser!

It’s time to update your Google Chrome browser!

It’s time to update your Google Chrome browser!On Friday 1 March, Google announced it had discovered a Zero-Day Vulnerability “CVE-2019-5786” in its Google Chrome browser. It’s time to update your Google Chrome browser!

Whilst only limited details have been published on the Chrome Releases blog, it is strongly suggested that you update Google Chrome if you are using this as your browser.

It is important to check you are running the latest version of Chrome, which at the time of writing is 72.0.3626.121.

To check for and install updates in Google Chrome on the PC or Mac:

  1. Click on the three vertical dots on the right-hand side near the address bar.
  2. Point to Help and click About Google Chrome.
  3. This should then check and install updates, which may take a few minutes depending on your computer and internet speed.
  4. If it has performed an update, you may need to relaunch Google Chrome to finish updating. If it says “Google Chrome is up to date”, you are good to go.

If you are running Google Chrome on your mobile phone or tablet, you should do this as well. Go to the Google Play Store or iTunes Store to download and install the required update.

This is a good reminder to always keep your computer’s software and devices’ apps up-to-date with the latest security updates. If you are looking for assistance with this, CyberGuru provides a computer maintenance service where provide scheduled proactive review and upkeep of your ICT environment and keep it up-to-date on your behalf. We can do this both face-to-face and remotely depending on your requirements. Please contact us for more information.