With the Australian government warning businesses and individuals about an uptick in cyber attacks this year, security should be front of mind for everyone. It can be daunting finding how to start securing yourself and your business, but there are a few quick tips you can do right now to instantly improve your security posture.
You’ve heard this before, but this should be the first port of call when securing any online environment. Not only should you be using strong passwords for each account (including characters other than lower-case letters), but it’s also important to use different passwords for each platform.
If you struggle to remember all those unique passwords, there are a host of free and premium services like Keepass, Onepass or Dashlane that will manage all your passwords for you.
If you’ve ever tried to log into your bank or been sent a text to verify a bank transfer, then you’ve used 2FA (two-factor authentication). It is when an online account requires two different log-in methods to access, removing the chance of duplicate passwords being exploited. It won’t fully protect your account for a cyber attack, but if you’ve been using unique passwords, there’s less chance an attacker could exploit one account to gain access to another.
Not all online platforms utilise a 2FA system, but there are consumer authenticators you can use on your own device such as Google Authenticator, Microsoft Authenticator, or HDE OTP for iOS devices that will require users to provide two factors of authentication even for accounts that usually only require one.
Much like weak passwords, phishing is one of the most common ways businesses can let cyber attackers past their defenses. Spear phishing in particular, which targets users with messages purporting to be from someone they already know, can lead to serious damage to a company, including loss of IP.
Never click on a link in an email if you don’t know the source, or where the link will lead you to. Spear phishing emails become more advanced with each passing year, so it’s important to keep your staff well informed on the latest tactics attackers use to compromise accounts. That’s why some companies will offer training as a service to staff to assess their cyber security intelligence and teach them to avoid spear phishing attempts.
Software requires regular updates to operate at their most effective, and in the fast-moving world of cyber security, those updates can occur more frequently. Automatic updates can be turned on for popular operating systems, and most modern software will scan for security updates automatically. If you don’t already have an IT team to monitor and update your systems, make sure to turn on automatic updates for your software.
It’s also important to maintain regular backups of your data. It doesn’t matter where you backup your data, but having at least one backup copy of your data can alleviate a world of pain if an attacker ever steals your information or locks you out of your account.
This tip applies to everything on the internet, not just cyber security. Anyone can say whatever they want on the internet, so if someone sends you an offer that sounds too good to be true, whether it be easy money or access to exclusive information, it’s more likely an attack by a malicious actor than not.
Nick Percoco, Chief Security Officer, Kraken