Deepak is an Information Security and Risk Assurance professional with over 17 years’ experience. He provides risk advisory and assurance services for a diverse range of organisations, working in various sectors including Defence, Security Consulting, Financial Services and Telecommunications. He has built valuable knowledge and experience on security engagements, further developing his expertise working with various sized teams across disciplines such as Cyber-Security, Operational Risk, Compliance, Technology Risk, Internal Audit, Security Risk Assurance and Security Project Delivery.
We all think that Cyber-Security threats only target large corporate organisations, when in fact consumers and small business are even easier targets due to the lack of awareness around the types of cyber-attacks. Through his experience, Deepak has put together this insightful and accessible guide for Konnexus clients for both personal and business use, to help raise awareness on common cyber-threats we are facing today.
I do not need to remind everyone we are living in a period that no-one has experienced before. This presents immense challenges to businesses, large and small. Governments across the world are responding by putting in place financial support structures in response to this pandemic.
But why do you need to think about cyber-security today, more so than yesterday? This pandemic has highlighted again that cyber criminals do not care when or who they attack. If anything, they are using this unique period in history to take advantage of people and businesses. A key example is despite the brave and tireless efforts of the medical community globally, there have been a number of health services reporting that their critical systems have been hit by cyber-attacks and attempted distributed denial of service (DDoS), which has had a grave impact on front-line defences against COVID-19.
If you want to protect yourself, your family and your business, here are some simple steps you can take today.
Who Has Access?
No matter the size of your business, you need to consider what are your assets and could they be monetised in ways you do not realise by a malicious attacker? Examine where and how your data is stored and who has access to it.
You can develop security measures to monitor when there are substantial changes to your business’ information access, storage and usage. This will help you provide more extensive protection for your data. Another key network control is firewalls, which examine traffic from your network or the Internet. They determine what is good traffic and let it pass, whilst blocking all the rest. Enabling firewalls on devices prevents intruders from getting unauthorised access to devices.
Legitimate Looking COVID-19 Apps
A number of apps have been created to track the number of COVID-19 cases. Those created by the World Health Organisation (WHO) and national governments are legitimate and provide people with vital information to stay safe and informed. Attackers have created a long list of apps that look legitimate and but contain malware/ransomware.
Protect Your Business From Viruses and Other Malware
Malware gains access to important information, such as bank or credit card numbers and passwords and can take control or spy on a computer. Malware can find its way onto a computer through opening an infected email attachment, browsing to a malicious website, or using a removable storage drive which is carrying malware. Be cautious when opening email attachments that you may not be expecting or look suspicious. If in doubt, contact the sender to verify the email and attachment is legitimate, has been virus scanned and safe to open. Use built-in anti-malware measures like Windows Defender and MacOS XProtect. Smartphones and tablets should be kept up- to-date, password protected and, where possible, you should turn on the ability to track and erase lost devices. If you can avoid connecting to unknown wi-fi networks, this will help to keep your devices free of malware too.
COVID-19 Websites and Phishing Attempts
An ever-growing number of fake websites have popped up and phishing emails landing in inboxes related to COVID-19. These purport to be from legitimate organisations with “information” about the virus, but all they end up doing is infecting your device with another type of virus (computer-based) or stealing personal information and/or passwords.
Embrace The Human Element Of Your Business
Phishing remains the most common attack vector – it is highly-effective and can be potentially devastating. Teach people to recognise a phishing email and how to react to one. Human vigilance can be your greatest strength against phishing or social engineering attempts, rather than the weak link in the chain. Attackers will send a fraudulent email, instant message, or text message, including a link, in a bid to get people to enter their email and / or password details.
The best way to avoid this kind of situation is through training, whether that is through videos, external consultants or running simulation scams. It is important to get everyone on-board and engaged by thinking about their personal risks as well. It is not just about protecting the business, but also protecting their personal data and family at home.
I will finish off by saying now, more than ever, it is important that we stay up-to-date and secure in the rapidly digital and online world. We must educate ourselves, whilst also sharing this knowledge with our family, friends and wider community. We are all vulnerable.
If you would like to discuss any of the points above, feel free to connect with me on LinkedIn. https://www.linkedin.com/in/deepakgami/
- Australian Cyber-Security Center (ACSC) – Cyber-security is essential when preparing for COVID-19: https://www.cyber.gov.au/news/cyber-security-essential-when-preparing-covid-19
- Australian Cyber-Security Center (ACSC) – Small Business Cyber-Security Guide: https://www.cyber.gov.au/publications/small-business-cyber-security-guide
- Stay Smart Online – Protect your business: https://www.staysmartonline.gov.au/protect-your-business