CYBER SECURITY THE 12 TOP TIPS T H E T O P 1 2 C Y B E R S E C U R I T Y T I P S T O K E E P Y O U R B U S I N E S S S A F E +08 7325 5000 www.calvert.net.au [email protected] 514 Lower North East Road Campbelltown, SA 5074 CONTENTS Introduction 1 Password Based Tips 2 Email Safety Tips 5 Web Safety 8 Miscellaneous Tips 10 Conclusion 16 INTRODUCTION In the technology driven world we in live today, securing your network and protecting your business from cyber-attacks is a vital process that everyone should undertake. It is common practice for a business to protect themselves from physical dangers by installing alarm systems, CCTV and to a lesser extent, employing security guards. When it comes to cyber-security, businesses tend to leave themselves shorthanded and vulnerable to malicious attacks. A well-executed cyber-attack on your businesses data can be damaging to both your financial standing and reputation in the eyes of your customers. A study in 2017 called “Cost of a Data Breach” found that the average cost that a business incurred due to a data breach was a staggering $790,000 AUD. This is significantly more money lost than if a thief were to smash a window and steal the TV from your meeting room, so it makes no sense for a business to focus much more of their resources on stopping physical risks when cyber-risks have the potential to be so much more devastating. Recent legislation in Australia requires businesses to report any data breaches to the Office of the Australian Information Commissioner which can lead to fines of up to $2.1 Million AUD. This enforces the need for stringent data protection policies and network security. Due to the nature of the Internet and cyber-attacks, there is no sure-fire way to protect your business from every type of threat, however there are a range of methods you can employ to drastically reduce the chances of your business suffering from a cyber-attack. The following tips and techniques can be used to reduce the chances of a cyber-attack affecting your business. 1 PASSWORD BASED TIPS 1. Thi nk "Pass-Phrase, " not "Password" The need for a strong password has been ingrained into our minds for the last couple of decades, but it is time to engrain a new term into your brain: The Pass-Phrase. A Pass-Phrase is similar to a password but is longer and should incorporate the use of numbers, letters and symbols. For example, a typical password might be Admin123 (please change this immediately if you are using this and think it is secure), whereas a pass-phrase is something much more complex, such as “I t00k the dog 4a_Walk”. It is relatively easy to recall, as you can simply remember “I took the dog for a walk” and add the symbols and numbers, however it is much harder to hack. Take a look below at how long it would take to crack each of these example passwords and you will see why a pass-phrase reigns supreme when it comes to security. You can check how strong your password is by using https://howsecureismypassword.net/. Admin123 I t00k the dog 4a_Walk 2 1. Think "Pass-Phrase" not "Password" Using a pass-phrase can also stop people d from looking over your shoulder to read your password as you type. It is much harder to decipher “I t00k the dog 4a_Walk” r whilst shoulder surfing as opposed to looking at someone type Admin123. Note that some environments may have o restrictions in terms of the use of special characters and passphrase length – for example you may only be able to use a maximum of 16 characters and no spaces. You can often substitute an underscore or hyphen for a space. Bear this in mind when w creating your new passphrase. s s a P 3 2. Di f f erent passphrase per l ogi n - use a credenti al s manager Using the same password (which should now be a pass-phrase) across multiple online identities is a BIG mistake. Once a hacker gains access to one of your accounts, they will be able to access the rest too. This is how the infamous celebrity iCloud leaks occurred a few years ago. It can be difficult to remember a range of different pass-phrases which is why making use of a password manager can be so valuable. A password manager will store all of your passwords so that you can copy and paste them when needed. All you need to remember is a single Pass-Phrase to gain access to the manager and you can then see all your different passwords for all of your online presences. A good password manager will even be able to generate random, extremely strong passwords and store them for you. It may sound like keeping all your passwords in one place is a hacker’s delight. This is not the case as all the data stored in password managers in encrypted and much more secure than using easy to guess passwords. The best password managers even require two-factor authentication to open them, which means to gain access to the manager you must confirm your login through an SMS code, fingerprint scan or an authentication code generator, making it almost impossible for a hacker to gain access to your password manager – even if they have your password. Check out the list below for a non-comprehensive list of password managers. Dashlane - www.dashlane.com Roboform - www.roboform.com Lastpass - www.lastpass.com Enpass - www.enpass.io Keypass - www.keypass.com 4 EMAIL SAFETY TIPS 3. Don't Open Attachments You Are Not Expecting One of the oldest methods of implanting malware into your computer and networks is through email attachments. Despite this, people still open obviously suspicious email attachments (how often are you tempted to touch something labelled “wet paint”?). Not only can this lead to data being stolen and your L network being held ransom, it can lead to you being embarrassed. Spam emails can then be I sent from your email address, so every security conscious contact you have will see you’ve fallen for a scam as they delete the mass of spam emails you have sent them. A It is important that you remain vigilant and do not open attachments that you are not expecting or from someone that you do not know. Another indicator of a malicious email attachment is the file type. Most email clients such as Outlook will block attachments that come in the form of typically malicious file M types such as .trojan or .avi, however occasionally they may sneak through, so it is important you remain vigilant. E 5 4. Review email links before clicking Phishing emails have become the new norm for hackers to try and access your data over email. According to Scam Watch, Phishing emails are attempts by scammers to trick you into giving out personal information such as your bank account numbers, passwords and credit card numbers. When Phishing occurs over email, it will often look as though a company is contacting you with a link through to a landing page requiring you to enter your details. This page will look almost identical to the company they are trying to impersonate, using their branding and emulating their website, however the attackers will gain your details. Phishing emails can be relatively easy to spot. Often, they will not look quite right or will ask for information that you know a company will not ask for over email. One easy way to tell whether an email is legit or attempted phishing is to hover your mouse over any links in the email. This will show you a preview of the link, enabling you to determine if it looks right. 6 4. Review email links before clicking As an example, if you receive an email from someone claiming they are the Australian Tax Office but you hover over the link and it comes from Italy, then it is a scam. Do not click on these links on your computer to test them as they could harm your computer. If you need to test these links, try them on an iPhone as they are secure and will not result in your computer and network being compromised. Below is a real example of a phishing email. Is it obvious to you that it is a scam? L I A M E 7 Web Safety 5. Use a more secure browser Most people choose a web browser based on speed and convenience, however security is the critical factor that should decide which browser you use. Google Chrome is a hugely popular web browser due to its unrivalled speed and ease of linking all your Google accounts, however it is one of the least secure Internet browsers on the market. Mozilla Firefox and Microsoft Edge are two other popular Internet browsers with much more security, however they do not always show the speed that Google Chrome can (although recent independent tests have indicated Edge to now be faster). Think of these two browsers as a tank, where as Google Chrome is a regular car. A tank is heavy, robust and can withstand a barrage of attacks due to its thick armour whereas a car is lighter and faster but would not stand a chance at protecting a user from any attack.