With so many teams working from home during these times, staying cyber safe is now more of a team effort than ever before. One of the most valuable assets within your firm to hinder and block cyber-attacks are your people.
The Australian Criminal Intelligence Commission reports, ‘Australia is an attractive target for serious and organised crime syndicates due to our nation’s relative wealth and high use of technology such as social media, online banking and government services.’ With so much focus on the dangers, it can be easy to become disengaged from reading updates on cyber hacks.
The good news is, everyone in your firm can help create a network of checks to block attacks. From your receptionist to your senior partners and practice manager. And, of course, your IT team.
In fact, cyber security is a team effort because simple things are often the biggest ‘gateways’ for malicious attacks on your business and data, such as:
- Poor password policies, or none!
- Lack of knowledge/training across your team on how to identify and avoid malicious attacks or links.
- Lack of device management: security updates, or unsupported operating systems.
7-Easy Cyber Smart Tips for Your Team
Tip #1 – Good security starts with your password!
Proper password practices can stop an attack in its tracks, however, people often choose ineffective passwords because they are easy to remember. A good password should have an uppercase, lowercase, number and special character. For example, Pa55woRd# (please don’t use this sample as your new password: it’s too obvious!)
Change your passwords regularly – at least once a year, or bi-annually! However, when introducing a password policy, keep in mind that short password timeframes (e.g. changing passwords every three months) inadvertently encourage your team to use transformative passwords (Like ‘password1’, ‘password2’, ‘password3’) or to write them down, which undermines security.
Tip #2 – Restart your devices daily & keep up with software updates
Restarting, also known as rebooting, your computer is the magical remedy every PC needs once a day. It is also important to ensure your devices are patched and up to date.
Tip #3 – Stop an attack from reaching your ‘front door’
Ransomware threats are often spread via email so use a Cloud-based email filtering service to detect the threat before it arrives at your network.
Tip #4 – Don’t let an attacker through your ‘front door’
Educate your team to be cautious about opening attachments and clicking on links. Remember, the Internet is a doorway to your systems and data!
Have a firewall that supports deep level content inspection to prevent a virus entering your network.
Tip #5 – Perform regular backups
Securely backing-up your data is vital in the case of infection or loss of data. With leading practice management software vendors offering cloud-based services, it’s particularly important to ensure your firm’s cloud-based data is also backed up.
If you already have a backup solution, ask your IT team or provider to demonstrate a restore of key data in real-time to ensure it’s working. Ask them to restore a selection of files under specific parameters:
- Ask them to restore a previous version of a Word or Excel file that you have not edited in 3 months ago
- Ask them to restore a month-old file from a cloud or third-party app, like QuickBooks or MYOB
Personal assurances that your backup is working are worthless!
Tip #6 –Reception can intercept and block scammers
- If a phone line is bad, politely ask the person to ring back and then hang up.
- When a caller asks for specific information about someone in your company, such as their title, working hours, days, etc, politely decline to pass this information on. Instead, ask them to send you an email.
- If they do follow up with an email request, you can then carefully check their email address – not their display name – to see if it is from a legitimate domain.
- When it comes to checking emails, it pays to be cautious about ones purportedly from a business, vendor or potential client that has not come through a domain to them. Eg, If ‘Emma’ from ‘Australia Post’ emails you from a Gmail domain, it’s highly likely you’re being scammed. Australia Post has their own domain name and wouldn’t be sending emails via Gmail.
Tip #7 – Safe email practices
Educate your team on the importance of always taking the time to think before they act on an email request. Valuable points to check when assessing an email include:
- Sender details. Is the email coming from a legitimate contact? For example, a bank is NOT going to send you an email via Hotmail (ANZ@hotmail.com). Check the sender’s name as well as the domain extension. It’s an easy, effective way to avoid opening malicious emails.
- Opening Files. Teach your team to check files attached to emails before opening them. Encourage them to seek advice from you, a manager or your IT Provider when in doubt. A small sample of file extensions your team should be cautious about opening include:
Files that execute commands, such as
- program files (*.exe)
- batch files (*.cmd and *.bat); and
- script files (*.vbs and *.js).
File types that allow for embedded script operations, such as:
- Microsoft Access files (*.mdb);
- macros in Microsoft Word files (*.doc); or
- in Microsoft Excel files (*.xls).
And for MAC users, be cautious with:
- C Shell Script files (.csh);
- executable files (.osx);
- images (.tiff); and
- iOS application files (.ipa)
- Money Transfers. Encourage your Accounts team to ring and verbally qualify any unexpected email requests for money supposedly sent by a senior partner or internal department before making a transfer.
- Account Details. Emails requesting an update to vendor or supplier’s account/delivery details also need to be treated cautiously! Ring them first to confirm the request is from them.
Sadly, it is not advisable to manage business contacts and email requests on face value alone. Teach your team to be aware of risks. Combining education and technology will greatly improve the security of your firm’s assets.
8-Essential Steps to Protect your Firm from Cyber Attack
The Australian Government is committed to providing advice to help businesses stay safe online. The Australian Cyber Security Centre recommends eight essential steps as a baseline for firms to protect themselves from cyber security incidents. These eight strategies cover three key aspects of IT:
Protection from malware (also referred to as Ransomware) being delivered or activated by;
1) blocking access to non-approved applications/programs
2) malicious macros designed to exploit the Microsoft Office macro environment (Secure your systems against malicious macros)
3) keeping computers updated with the latest application patches;
4) limiting or blocking dangerous web browser applications (eg, Flash, ads, Java script. Refer ACSC’s Guidelines for System Hardening).
Limit risk and extent of cyber-attacks;
5) Restrict and regularly review administrative privileges (limit who can access what);
6) MFA (multifactor authentication) for remote access of your network;
7) Keeping computers updated with the latest security OS patches.
Easy recovery of lost or stolen data and systems
8) Daily backup of information and systems that are imperative to your Firm’s operations, security and reputation.
Do you have these eight cyber strategies in place? If not and you don’t have the internal skills or confidence in your current IT personnel to implement these strategies, connect with an IT provider who has the skills and experience to keep your data and systems safe.
Benefits of outsourcing to an MSP
The obvious benefit from partnering with an MSP (Managed Service Provider) is that you get a team of IT engineers whose whole purpose is to maximise the efficiency and security of your firm’s devices and systems.
Unlike your team, they don’t need to split their time and attention between keeping up to date with IT and running your business. As they focus on keeping your IT secure and operational, your team is freed up to focus on what they need to do to keep your firm profitable.
itro is a Melbourne based company that provides IT support to businesses, specialising in Microsoft products and cloud-based systems. Our goal is to find the best IT solutions to fit your organisation whilst providing exceptional customer service. Visit our website at www.itro.com.au for more information on how we can assist your business.