We’ve discussed the basics of Cyber Security and also how to avoid being scammed by email hackers. Both of these articles highlighted the need for your passwords to be strong. But what we haven’t explained is how you’re supposed to keep track of these passwords. Let us introduce you to the concept of a password manager.
In our current cyber environment, hacking and cyber-attacks are taking place much more often than many business owners realise. The Australian Competition and Consumer Commission (ACCC) found that business scams were up more than 30 percent in 2016. According to Kaspersky Lab Security Bulletin 2016, a company is hit with ransomware every 40 seconds. These statistics can seem frightening, but the best first-level defence against hacking is a strong password.
It is no longer good enough to use your birthday, a name, etc. If your passwords aren’t strong enough, hackers and the software they use will be able to “guess” them. You need to have a strong, unique password for each of your online accounts. (For tips on creating a strong password, check back to our post on email scams).
Password managers are not just a way to store your passwords in a secure place, they can also generate these unique and complex passwords for you. You do, however, have to create and remember one master password, which will be the key to all of your password manager created passwords.
How does it work?
Your typical password manager will install a browser plug-in which will handle your password capture and replay. This way, each time you log in to a secure site, it will ask you if you want to save your password.
Using your super-strong master password, you gain access to the browser password manager, and then every time you log in to a new site, the password manager will help you create, save and store your passwords.
The best password managers will save your account details when you create the account and will also recognize when you change your password and offer to update the stored information.
What password managers to use
There are so many options when it comes to password managers, and depending on the level of security you think you require, you can get one for free or for a small fee.
A couple of free password managers:
Last Pass https://www.lastpass.com/
Free to use, with features such as two-factor authentication and free syncing, with a premium plan you can upgrade to for a small cost.
Log me once is also free, and claims that by using their Single Sign-On system, you increase your security by 300%. Log me once also uses a passwordless system, with four authentication options to choose from.
For more options, PC Mag has created an in-depth list of the best Password Managers of 2017, including both a Paid and Free list.
Have more questions about Password Managers or Cyber Security? Give us a call and speak with one of our knowledgeable Technical Engineers on (08) 9228 4118, or send us an email at .
With a whole new influx of cyber-attacks making headlines and causing a lot of concern in the IT world, some businesses and individuals might be asking themselves, what are cyber-attacks, why do I need to know and how will these type of cyber security issues affect my business?
What is a Cyber-attack?
A cyber-attack is simply when hackers attempt to damage or destroy a computer network or system.
At its worst, cyber-attacks can be created by a team of hackers who work together to create programs to take advantage of unknown flaws in software and networks in order to access confidential data or damage key infrastructure.
There are a few different kinds of cyber-attacks:
Targeted attack: Attacks that are targeted at specific organizations or individuals in order to access information and intellectual assets for vandalism or monetary gain.
Advanced Persistent Threat (APT): A targeted attack which is carried out continuously and persistently using a variety of means to access the targeted information or organization. These are divided into: (1) attacks through public servers and websites and (2) attacks which make users send malicious programs (targeted email attack).
Denial of Service attack: An attack used to disrupt services.
Distributed Denial of Service attack: An attack carried out from a distributed environment.
Here’s an overview of the method typically used in cyber-attacks:
How to protect your business from cyber-attacks:
- Stay informed– read the news and follow trusted IT service providers on platforms such a LinkedIn and Twitter for current and reliable updates on any security threats and cyber-attacks. You can follow Scope Logic on LinkedIn and Twitter by clicking on the links and following our pages.
- Back up your data– Make sure that all your files are backed up to a separate system so that if you are targeted by an attack, you won’t lose your information to the hackers.
- Be aware of what links you are opening– hackers often send an email that seems to come from a trusted source asking them to open a link which then actually links them to a malicious website that can download a virus onto their computer. It is usually best to type out a web address yourself instead of clicking a link if you think it seems suspicious.
- Contact your trusted ICT company– there multiple ways for hackers to attempt to access your data- while it may seem overwhelming to try to stay on top of everything, you can rest easy knowing that’s our job! We will quickly and efficiently deploy the latest virus and security updates to ensure that your network is protected and secure.
For any other questions relating to cyber-attacks and network security, get in touch with us at Scope Logic and our knowledgeable technicians will be able to develop the best security solution for your business.
Call (08) 9228 4118 or email us at .
Or read more about our networking solutions.
- Have you ever had your network breached, or do you know what to do in the case that your network is compromised?
- Do you know which applications are being used within your network?
- Have you ever wondered just how effective your current firewall threat protection is?
Your business network is a complex system, made up of interactions between each of your applications, users and content. Today, a traditional network firewall is no longer enough to ensure that your system can block threats- you need stronger performance combined with better visibility of what exact threats your system is facing- such as APTs, botnets and advanced malware.
That’s where Scope Logic’s Cyber Risk Threat Assessment Program comes in. We can provide your business with a FortiGate network security platform, deployed as an internal segmentation firewall (ISFW) or next generation firewall (NGFW).
Scope Logic is able to help you determine what types of network security threats your network is facing every day. Once armed with this knowledge, Scope Logic will then be able to translate this information into recommendations on how to increase your network security platforms and decrease security threat concerns. They will be able to show you how you can run your business more efficiently and securely, using granular control over your applications, users and content.
Included as part of our CTAP is our Network Penetration Testing, this is designed to determine your exposure to a targeted attack, we do this by putting your network security systems through their paces, our Senior Security Engineers will use every tool and technique available to them to gain access to your systems and provide a detailed report on where risks are and what can be done to reduce them.
Our Network Penetration Testings starts at a point of zero knowledge about your network, our Security Engineers are given the domain name of your organisation only, from here they interrogate the publicly visible aspects of your technology and identify vulnerabilities.
The goals of our Network Penetration Testing are:
- Identify if a remote attacker can gain access to your systems
- Determine the impact of a network security breach on your company’s confidential information and the integrity of your Information and Communication Systems
Our detailed Network Penetration Testing Report will identify vulnerabilities and provide recommendations on how to remove these vulnerabilities from your network.
Have you read all this and you still think your network security is strong enough? Here’s what Fortinet says businesses can find after running Scope Logic’s CTAP:
Scope Logic Group is working closely with our clients to help them assess the security of their networks and recommend next steps to improve their security, increase productivity, and optimize network utilization.
For any questions around Scope Logic’s CTAP, or to get a member of our team in to run the Cyber Risk Threat Assessment Program on your business’ networks, give us a call on 08 9228 4118 or send us an email at .
With End of Financial Year fast approaching, business owners are likely to see an increase in the number of scam emails being sent to them, claiming to be from the Australian government or other agencies and promising to make life easier for them at tax time.
ASIC Email Scam
One example to be on the lookout for is an email claiming to be from the Australian Securities and Investments Commission.
However, clicking on the “Renewal letter” link brings you to a website where a file containing malware will be downloaded onto your computer. This is likely to be a virus, ransomware, or a keylogger used to steal your login information.
This is just one example of an email scam that is currently circulating in Australia. As tax time approaches it’s likely that business owners will receive more of these emails.
However, you can protect yourself from these types of scams:
- Use caution when downloading files. In the email above, the link brings you to a website which asks you to download a .zip file. Proceed with caution any time you are asked to download a .zip file. Make sure it comes from a trusted source and if it doesn’t, delete it right away. Unopened .zip files are harmless, it’s downloading the file that give the virus access to your files.
- Use complex passwords. Some hackers use brute force attacks in order to obtain a business’ information such as a user password. This is a trial-and-error method using automated software to generate a number of consecutive guesses of your passwords hoping to eventually guess correctly. The more complex your password, the less chance that the software will be able to guess it. Make sure your password contains a combination of capital letters, numbers and symbols throughout. A good rule to follow is to select 3 separate words, for example, bowl, grape, tree and combine these with the “complexity rule” to give you b@wlgraPetr33. This will make it nearly impossible for the software to be able to guess. You’ll be surprised how quickly you start to remember this, but if you do decide to write it down, make sure to keep it somewhere safe.
- Stay up to date on current email scams. On the Scope Logic Twitter page, we will be keeping an update of current issues including outages and scams. Follow us @ScopeLogic to make sure you always keep on top of everything tech and ICT. You can also follow @scamwatch_gov, which is an Australian government scam watch.
- Secure your office. Is your business doing everything possible to ensure that files and information are secure and protected? Sometimes it can seem overwhelming, however with a proper security setup in your business, including a backup system to protect files, a secure email gateway, advanced threat protection and a firewall, you can make sure your data is secure.
Need someone to do a health check on your company’s systems? Just want to hand over the problem to someone you know can help?
Visit our website at www.scopelogic.com.au, give us a call on 08 9228 4118 or email and one of our experienced security engineers will be able to come up with a solution for your business.