Some obvious changes in the last few months

• We aren’t seeing each other as much, so keeping up contact is different.
• Many of us are working far more from home – often using home networks and home equipment.
• Most employers are relying more on staff to be independent and work with less directed input.

Security tips for working from home

• Make sure your computer is updating patches. Easy to do for most Windows computers, just leave it on overnight sometimes.
• Check your anti-virus is working and updated.
• Don’t leave your computer connected to the company VPN if you leave the room – this is an open channel to the company network and should be kept private for you alone.
• If you are using a home computer, it needs to be as safe as your work computer: make sure you are logging in with a unique username, and that it has up to date software and anti-virus on it.

The changes to the way we work have security implications that we need to take seriously. The world is increasingly less safe, and the pandemic and the changes that has forced on us all has accelerated the risks.

Cyber threats in the new world

You may recall the recent reports that Australian governments and companies are being targeted by a sophisticated state-based actor. These are very real. We know there is very strong evidence that its happening in a sustained way and is being run by a large, sophisticated state. There are few states capable of running this kind of extensive attack, the Australian Govt. has not publicly identified the state involved, but we can all guess.

A range of tactics, are being used to target Australian networks. It’s important that Australian companies are alert to this threat and take steps to enhance the resilience of their networks. The Australian Cyber Security Centre issued advice that multiple, on-going attempts have been made to exploit weaknesses in public-facing infrastructure (websites, remotely accessible servers, cloud services).

In addition, there have been numerous targeted phishing attacks where emails are sent that attempt to trick the receiver into handing over credentials and private data:

1. emails with links to malicious files, or with the malicious file directly attached
2. links prompting users to grant Office 365 credentials and access
3. use of email tracking services to identify the email opening and lure click-through events.
4. Links to credential harvesting websites

None of these are new: the types of attacks are known, the tools used are know. That is a comfort in some ways because the same advice IT experts have been offering for years will help safeguard your organisation from these attacks

Is your organisation at risk?

If you use the Internet, have an email account, have a website, then you are at risk.

What you can do?

The methods used in the current attacks are the same as those used by all the other cyber criminals. Organisations can significantly reduce the risk by following these important rules:

1. Keep all equipment up to date: Patching, Patching, Patching!

• Don’t use out of data Operating Systems or other software
• Always patch computers and all other devices with the latest security releases: if your phone has an upgrade, install it, if your computer has an upgrade waiting, let it install, don’t try to put it off.
• Your Servers, Routers, Firewalls should all be patched whenever security updates are released.

2. Use a website firewall

If you run a website: have it maintained properly. Websites must be patched too, and all websites should have a firewall to protect from external attacks.

3. Use Multi Factor Authentication

• If its available, use MFA.
• Always use it for all internet-accessible remote access services if possible (VPN, email, remote access)

4. Increase Staff Awareness

Train staff to recognise malicious email and phishing attempts. Staff awareness is the front line of defence against cyber attack

Next Step

Here is some detail on the security factors you should confirm in your own organisation:

1. Multi Factor Authentication: this prevents access to mailboxes and other services if a password has been compromised. If you are not currently enforcing this, we strongly recommend setting MFA up across the company.
2. Website security: It is easy and low cost to enable a firewall. In addition, there should be regular security updates and monitoring. Confirm if your web hosting service or IT is doing this.
3. Identity theft monitoring: Credentials are being stolen all the time leading to loss of data and fraud. FooForce can monitor your domain and alert you if any of your email addresses have been compromised and are for sale on the Dark Web.
4. Rapid recovery backup: you should be able to recover from a ransomware or any other data loss quickly enough so that it doesn’t put your production at risk. If your current backup recovery is not quick enough, it could expose you to lengthy downtime.
5. Regular patching: all your equipment should be patched and monitored.
6. Cyber awareness training: staff awareness is the single most important defence. FooForce runs training and awareness programs that improve staff understanding and so reduce risk. We recommend regular, on-going training and followup.
7. External email security: the best way to prevent a lot of the email scams getting through that put your staff at risk is to implement an external email security service.
8. Security review: every organisation needs to define how they manage security and then look at the results regularly to confirm the controls are working.

FooForce can work with you to minimise risk – whatever the source!