Refresh your Cyber Security habits

3 Tips for Cyber Security

Cyber security may not be the most exciting topic, but it is extremely important and it is everyone’s responsibility. There are some really basic things you can do to really increase your own security, both when doing business, as well as in your personal life.

Cyber Security

Cyber Security Tips

3 Tip for Cyber Security

Cyber security may not be the most exciting topic, but it is extremely important and it is everyone’s responsibility. There are some really basic things you can do to really increase your own security, both when doing business, as well as in your personal life.

Don’t reuse passwords

I’m sure you hear this one a lot, but a lot of times it’s not explained why!

Let’s say you sign up for the website www.reallyfancyclothes.com to do some shopping. You use your Gmail email address and the same password as the email address. Two months later, news breaks that reallyfancyclothes.com had their customer database hacked and all emails and passwords were stolen.

These hackers will use programming to test all those email/password combinations. Within a few minutes, they are in your Gmail account, because you haven’t secured it with multi-factor authentication!

Now that these hackers are in your Gmail, they are able to see what other websites you’ve signed up for. They can start either logging in using that same stolen password or doing a password reset to your email that they are logged into. Soon, all your accounts are stolen and you’re completely locked out of everything!

Always use Multi-Factor Authentication

You’ll notice in the above that I specified that the hackers were able to enter due to no Multi-Factor Authentication (MFA).

This is critical and is one example of why IT people use the term “defence in layers”.

Should you make the cardinal mistake of reusing passwords, you may still be saved by having MFA.

You will be familiar with this, it’s where you get a text with a one-time-use code, or you need to open an authentication app to get a short-lived code. MFA is not fool-proof, and there have been cases of people using social engineering to bypass these – but that’s why you have layers of security!


Never share passwords

Sometimes it may seem super easy and convenient to give your password to someone to log into your computer for you, but this is another cardinal sin of cybersecurity.

Once someone else knows your password, your account is no longer considered secure. You never know how that person is keeping that password (Did they write it down on a sticky note on their screen? Are they giving it to someone else to log in to?), and you can never know exactly what they will do under your login. And it’s not a stretch to imagine that someone working nearby may overhear your password, and then they can log into your account and wreak havoc!

 

David Boyes

Ausure’s Cyber Security Team Lead

Compare Cyber Insurance Policies

Compare leading Australian Insurers like AIG, Allianz, Brooklyn Underwriting, CGU, Chubb, Dual, Emergence and Zurich.

Compare Quotes

Australian cyber threat to the private sector

The Cyber Threat to Australian Business may be larger than first thought with many Australian businesses refusing to report breaches due to concerns the disclosure may adversely affect their reputation or create legal or commercial liabilities.

In the second of the Australian Cyber Security Centres cyber threat report

Extract from  ACSC Threat Report 2016:

Australian industry is persistently targeted by a broad range of malicious cyber activity, risking the profitability, competitiveness and reputation of Australian businesses. The spectrum of malicious cyber activity ranges from online vandalism and cybercrime through to the theft of commercially sensitive intellectual property and negotiation strategies.

The ongoing theft of intellectual property from Australian companies continues to
pose significant challenges to the future competitiveness of Australia’s economy. In
particular, cyber espionage impedes Australia’s competitive advantage in exclusive
and profitable areas of research and development – including intellectual property
generated within our universities, public and private research firms and government
sectors – and provides this advantage to foreign competitors.

The ACSC’s visibility of cyber security incidents affecting industry and critical infrastructure networks is heavily reliant on voluntary self-reporting.
Some companies may be hesitant to report incidents to the government due to concerns the disclosure may adversely affect their reputation or create legal or commercial liabilities. For example, in some cases victim organisations have sought legal advice before reporting an incident.

Many cyber security incidents across the private sector are undetected or unreported. Increased reporting of cyber security incidents by the private sector would subsequently increase the ACSC’s knowledge of cyber adversaries who target Australian industry and critical infrastructure, and the methods they employ. This knowledge would further enable the development of cyber security advice and mitigation strategies.

The ACSC is making a dedicated effort to engage industry on cyber threats and associated mitigation strategies through a process of sustained engagement. However, the private sector’s ability and willingness to recognise the extent of the cyber threat and to implement mitigation strategies varies considerably across and within sectors. Generally, companies that have been extensively targeted or compromised are more likely to view the business risks associated with the cyber threat as sufficient to warrant investment in cyber security.

Those without direct experience of being targeted or a victim may not be aware of the potential economic harm malicious cyber activity can cause their businesses, do not
understand the value of the data they hold, and cannot conceive why they would be targeted.

 

Australian Cyber Threat

Between July 2015 and June 2016, CERT Australia responded to 14,804 cyber security incidents affecting Australian businesses

Between July 2015 and June 2016, CERT Australia responded to 14,804 cyber security incidents affecting Australian businesses, 418 of which involved systems of national interest (SNI) and critical infrastructure (CI).

CERT Australia relies heavily on the voluntary self-reporting of cyber security incidents from a wide variety of sources throughout Australia and internationally and therefore does not have a complete view of incidents impacting Australian industry.

Sources: www.acsc.gov.au

Need Cyber Insurance?

Compare Cyber Insurance

1300-Insure

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs