Cyber Security

On Thursday 16th of July, Barry Sanders introduced Tony Preston to the Club members. Following the Australian Government's recent decision to increase its spending on cyber security, Tony's background in internet technology has made him an ideal person to give Rotary Club of Pinjarra's members an overview of what cyber security is about.
Tony began by asking the question "Is there a difference between a burglar breaking and entering into your home to steal things, and a computer hacker entering your computer (or other device) and gaining entry or control of your personal information?"
We have all heard about someboby who has had the latter scenario happen to them. The subsequent effect has sometimes had as devestating an impact on the person's life as that which a physical home invasion has caused. Ultimately, we each have the responsibility to keep our own homes safe, and that responsibility now also includes the safety of our online presence.
 
So, then what can we do?
Using the internet is now essential for home and business. It also increase the risk of scams and security threats.
While much of what I am about to say is business-centric, it applies equally to the home situation.
Here is a link to an Australian Government website may be of interest: https://www.business.gov.au/Risk-management/Cyber-security
 
Remember a single cyber-attack can seriously damage your business, its reputation or your personal information.
 
The following "commandments" are a guide to how you can protect your business or home from cyber threats. Depending on the size, complexity and value of the data used by the business will determine just how detailed the response to each step is required.
  1. Back up Data:
  2. Manage your Passwords (See Below *)
  3. Secure your devices and network
  4. Encrypt important information
  5. Ensure you use two-factor authentication
  6. Monitor (who has) use of your computer and its systems
  7. Put policies in place to guide your staff (and family)
  8. Train your staff (and family) to be safe online
  9. Protect your customers (or those with whom you interact online)
  10. Protect yourself
  11. Get updates on the latest risks
 
* What are the challenges in password management?

There are many challenges in securing passwords in this digital era. When the number of web services used by individuals are increasing year-over-year on one end, the number of cyber crimes is also skyrocketing on the other end. Here are a few common threats to passwords:

  • Login spoofing - Passwords are illegally collected through a fake login page by cybercriminals.
  • Sniffing attack - Passwords are stolen using illegal network access and with tools like key loggers.
  • Shoulder surfing attack - Stealing passwords when someone types them, at times using a micro-camera and gaining access to user data.
  • Brute force attack - Stealing passwords with the help of automated tools and gaining access to user data.
  • Data breach - Stealing login credentials and other confidential data directly from the website database.

All of these threats create an opportunity for attackers to steal user passwords and enjoy unlimited access benefits. Here is a look at how individuals and businesses typically manage their passwords.

Traditional methods of password management

  • Writing down passwords on sticky notes, post-its, etc.
  • Sharing them via spreadsheets, email, telephone, etc.
  • Using simple and easy to guess passwords
  • Reusing them for all web applications
  • Often forgetting passwords and seeking the help of 'Forgot Password' option

While hackers are equipped with advanced tools and attacks, individuals and businesses still rely on simple methods to mange their passwords. This clearly raises the need for the best password management practices to curb security threats.

How to manage passwords

  • Use strong and unique passwords for all websites and applications
  • Reset passwords at regular intervals
  • Configure two-factor authentication for all accounts
  • Securely share passwords with friends, family, and colleagues
  • Store all enterprise passwords in one place and enforce secure password policies within the business environment
  • Periodically review the violations and take necessary actions.
What can you do to protect your home or business data systems?
  • Don’t click on any links in emails, text messages or attachments from people or organisations you don’t know.
  • Contact the individual or company by phone and confirm the authenticity of a request.
  • Search the company, products or services online to confirm the advice (is it a professional website matching with the goods and services the email offers?)
  • Does the company provide adequate information about privacy, terms and conditions of use, dispute resolution, or contact details?
  • Be extremely careful about requests for bank account or other personal or business information.
  • Use trusted and established news source
Cybercrime
Cybercrime, also called computer crime, involves using computers and the internet to break the law. Common types include:
  • identity theft and fraud
  • online scams
  • attacks on your computer systems or websites
Cyber security
Cyber security is about protecting your technology and information from:
  • accidental or illegal access
  • corruption (a fault within the computer system as well as the action of a "corrupt" staff member)
  • theft
  • damage
You need to protect any online information that your business creates and stores, plus information obtained from your customers. Providing a secure system is critical to build and maintain customer trust in your business.To be effective, you need to make cyber security a part of your daily business processes.
 
Who could be a cyber threat
Cyber criminals may be an individual or a group of people. Threats to your technology or data might come from:
  • criminals – out for money or information, to illegally access your hardware and data, or to disrupt your business
  • clients you do business with – to compromise your information
  • business competitors – looking to gain an advantage over your business
  • current or former employees – who accidentally or intentionally compromise your information
Ways cyber attacks can happen
Cyber criminals look for information, access to and data on your business, employees and customers. They might do this by:
  • theft or unauthorised access of hardware, computers and mobile devices
  • infecting computers with malware (such as viruses, ransomware, and spyware)
  • attacking your technology or website
  • attacking third party systems
  • spamming you with emails containing malware
  • gaining access to your information through your employees or customers
How a cyber attack could affect your business
A cyber attack could cause you:
  • financial loss – from theft of money, information, disruption to business
  • business loss – damage to reputation, damage to other companies you rely on to do business
  • costs – getting your affected systems up and running
  • investment loss – time notifying the relevant authorities and institutions of the incident
What is at risk
Your money, information, technology and reputation could be at risk. This could include the destruction, exposure or corruption of the following:
  • customer records and personal information
  • email records
  • financial records
  • business plans
  • new business ideas
  • marketing plans
  • intellectual property
  • product design
  • patent applications
  • employee records (which could include sensitive personal identifiable information such as their date of birth)
Anti-Virus Software

Antivirus software, or anti-virus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware (malicious software). Antivirus software was originally developed to detect and remove computer viruses; hence the name. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect users from: malicious browser helper objects (BHOs which normally assist a legitimate program to function),  browser hijackers, ransonware, keyloggers; - the list goes on! 

Some antivirus software products also include protection from other computer threats, such as infected and malicious scam and phishing attacks which target online identity, online banking, and the like. As well as being installed on traditional devices such as desktop and laptop computers, antivirus software products are available to be installed on other computer products such as mobile telephones and tablet devices. Some basic antivirus software products (such as AVG and Avast) are available for free download, so cost should not be an impediment for an individual to have at least the basic level of cyber security installed on their devices.

If you wish to source more help understanding the basics of cyber security for your business,  a Small business cyber security guide is also available to download on the Australian Small Business and Family Enterprise Ombudsman website. https://www.cyber.gov.au/acsc/view-all-content/publications/small-business-cyber-security-guide
 
Additional Information for the individual may be found at: https://www.cyber.gov.au/acsc/view-all-content/publications/easy-steps-secure-your-online-information
 
The Australian Cyber Security Centre (ACSC) leads the Australian Government’s efforts to improve cyber security. Their role is to help make Australia the safest place to connect online by providing advice and information about how to protect yourself and your business online. When there is a cyber security incident, the ACSC provides clear and timely advice to individuals, small to medium business, big business and critical infrastructure operators. https://www.cyber.gov.au/ 
 
Stay Safe Online delivered by the ACSC, provides topical, relevant and timely information on how home internet users and small businesses can protect themselves from, and reduce the risk of, cyber security threats such as software vulnerabilities, online scams, malicious activities and risky online behaviours.
https://www.staysmartonline.gov.au/Protect-yourself/Doing-things-safely/backups
 
After a series of questions from the gathering, Rotarian David Caldwell thanked Tony for his interesting and detailled talk, and presented him with a momento of his visit to our Club.