Introduction

Australian Business and consumers are bigger targets than ever for internet based fraud and statistics show it is on the rise. Scamwatch, the Australian government's information site, highlights this years financial loss is already at $76,835,386 for 2018 already on track to surpass last years report of $90,928,622.

The following are some simple ways business and users can protect themselves against fraudulent or malicious activity.


Education

Scamwatch is run by the Australian Competition and Consumer Commission (ACCC). The scamwatch.com.au site provides information to consumers and small business about how to identify and report on scams and fraudulent behaviour.

Security awareness training is aimed at educating staff in how to identify suspicious communications and actively tests and retests to ensure learning is embedded, this type of training can be applied at all levels. IT Strategic maintain partnerships with organisations delivering specialised training in recognising and repelling targeted scam and fraudulent communications/activity. 

In all instances educating people to be aware of suspicious communications is the first step in repelling any email/text attacks. Should staff suspect an incoming transmission they should be trained to raise it with IT support for an assessment.


SPAM Filter

An active email filter will protect you from commonly targeted communications. It is recommended all businesses engage a SPAM filter to protect against not only incoming SPAM emails but outgoing. Should a user or device become compromised they can be used to contact clients, posing as a legitimate employee, ordering clients to pay money or provide information useful for future attack.

These types of communication are evolving all the time and while a SPAM filter may not stop all malicious or fraudulent attacks it will reduce the number of attacks, reducing the risk of exposure and protecting staff and clients.


Anti Virus

Actively managed Anti Virus can be an effective countermeasure to malicious software attack in many ways. Should a user execute or open a file with an infected payload active Anti Virus will protect the device and potentially an entire network of staff and resources from damaging consequences. A virus payload can contain anything from key-logging to crypto-locker software so it is important to keep the Anti Virus software up to date and scanning regularly. It is critical to balance the configuration of your Anti Virus to perform regular scans without impacting users work experience.


Network

A computer network provides users with access to resources such as file servers, email and websites. Unauthorised access occurs when a network is compromised through vulnerability or intentional action. There are a number of practical ways local and remote network access can be secured -

  • Introducing a Firewall to a network provides a method to secure, monitor and manage incoming and outgoing network traffic
  • Wireless Network access can be managed by enforcing and managing user authentication
  • Remote Access can be secured via a Virtual Private Network (VPN), encrypting traffic between a user and a resource
  • Configure your network for guest only access for visitors rather than providing access to your main network
  • Hide your Wifi SSID and regularly update the password to access the network, permitting certain devices can be used to limit wifi access

Backup

Data Security is critical to ensure your business can recover important files, data and operations. Disaster Recovery Planning (DRP) is a step all businesses should undertake with some regularity. The first step is to identify your assets, servers, PC's, storage, where is all your data? Then identify how this data is currently backed up and/or managed? Consider what steps are required for the business to recover in the event of a disaster? Now how can you improve this process?

A successful backup strategy needs to be tailored to your business needs, size and operations.

In the end a backup is better than no backup... If you are able to access a USB drive or utilise a cloud service like Dropbox, GDrive or OneDrive you will be able to make a copy of your data. It's not full featured backup but it will allow you to return to a point in time should your system become lost.


User Management

Employees are critical to business success and managing their access to company resources should be an extension of business policy and procedures. When the business hires a new employee they need appropriate access to networks, applications, folders and files, email and calendars to perform their job. And when an employee leaves or changes roles, access to business resources needs to be updated. Relevant access to business information should be maintained.

User access can be managed using centralised systems, device configuration or service user setup.

Multi Factor Authentication or 2 Factor Authentication (MFA or 2FA) can be the easiest way to secure your mail services with Office 365 or Google. This authentication mechanism can also be applied to other technologies such as server and network access. 

Network Access can be managed using centralised authentication/user management systems and can be extended with MFA/2FA services.  

Password Complexity is not difficult to maintain and enforce. Using a password management application will allow you to generate, store, access and share passwords without needing to know or remember them.


IT Strategic are available at any time to discuss what you can do to secure your users, network and environment from unauthorised access.