6 things to safeguard you from phishing

Thanks Walter Faets from BSI People 

Have you ever wondered what "phishing" is and how to safeguard yourself in the digital realm? 🤔

🎣Don't take the Bait! 

Phishing is a deceptive cyberattack where cybercriminals pose as legitimate entities to trick you into revealing sensitive information like passwords or financial details. It often arrives via emails, messages, or websites that appear genuine. 

Here's how to stay cyber-safe:

𝟭. 𝗦𝘁𝗮𝘆 𝗔𝗹𝗲𝗿𝘁: Scrutinize emails and messages for suspicious requests or unfamiliar senders. Be cautious before clicking on links or downloading attachments.

𝟮. 𝗩𝗲𝗿𝗶𝗳𝘆:  When in doubt, contact the purported sender via official channels to confirm the request's legitimacy.

𝟯. 𝗞𝗲𝗲𝗽 𝗦𝗼𝗳𝘁𝘄𝗮𝗿𝗲 𝗨𝗽𝗱𝗮𝘁𝗲𝗱: Regularly update your operating system and security software to patch vulnerabilities.

𝟰. 𝗨𝘀𝗲 𝗦𝘁𝗿𝗼𝗻𝗴 𝗣𝗮𝘀𝘀𝘄𝗼𝗿𝗱𝘀: Create unique, robust passwords for each account, and consider using a password manager.

𝟱. 𝗧𝘄𝗼-𝗙𝗮𝗰𝘁𝗼𝗿 𝗔𝘂𝘁𝗵𝗲𝗻𝘁𝗶𝗰𝗮𝘁𝗶𝗼𝗻 (𝟮𝗙𝗔): Enable 2FA whenever possible to add an extra layer of security.

𝟲. 𝗘𝗱𝘂𝗰𝗮𝘁𝗲 𝗬𝗼𝘂𝗿𝘀𝗲𝗹𝗳: Stay informed about the latest phishing techniques and cybersecurity best practices.

Don't let the bait catch you! Staying vigilant and practising good cyber hygiene. 🚤🔒

 #CybersecurityAwareness #StaySafeOnline #PhishingProtection

8 ESSENTIAL CYBER SECURITY PRACTICES – IN DEPTH

Exxatech has written an excellent article on the 8 essential cybersecurity practices needed to secure your organisation - and CYBER AWARENESS TRAINING is up there. BSI Learning provides your learning needs when it comes to CYBER AWARENESS TRAINING. 

The government is providing funding to help upskill your team in cybersecurity - if you are interested feel free to connect with me or comment below and I’ll refer you to Kala Philip at BSI Learning 

https://www.bsilearning.edu.au/bsi-course/22603vic-cert-iv-in-cyber-security/

Great article by Exxatech

1. Endpoint Security

Endpoint Security is a pretty broad term so let’s clarify.

 

Firewalls

Firewalls are essential both at the individual device level and the company office level. Windows, MacOS and Linux all come with Firewalls built in but you need to make sure they are configured properly and more importantly turned on! By default they are preconfigured with rules to help you stay safe. Many Anti-virus software that you install come with firewalls by default and do a better job of enforcing compliance than Operating Systems.

 

Office Perimeter Firewalls

The classic office firewall still definitely has its place despite the move to the cloud and should always be the first line of defence for any sized business. Decent hardware Firewalls from the big security vendors are not expensive for smaller use cases and should definitely be deployed before anything else in your office network. By default no rules / access should be allowed into or out of the office network unless specifically configured by your Network / Systems Administrator. If your firewall has Intrusion Detection Systems, even better – make sure your definitions and rules are updated regularly to protect against new threats.

 

Cloud Based Firewalls / Cloud Security Groups 

Cloud based firewalls, sometimes called Security Groups by the big Cloud vendors (AWS, Azure) need to be configured with Least Privilege access. Only open the very minimum of network ports to access your infrastructure.

 

Email Spam Protection Controls

Your Office 365 and G-Suite Mail service come with basic Anti-Malware and Antivirus controls but should definitely be further hardened to limit malicious emails from getting through. A better solution is to use an Email Gateway Solution as G-Suite and Office 365 use basic Whitelisting / Blacklisting rules whereas some of the more advanced Email Gateway use machine learning, URL rewriting, etc to keep you safe.

Antivirus and Anti-Malware Software

You can get some fantastic Antivirus and Anti-Malware Software for free – Bitdefender Free Antivirus and Malwarebytes Free come to mind, so there is no excuse for not having these in place.

Both Windows AND MacOS require these products. Unfortunately gone are the days where Mac’s don’t get viruses – although rarer than Windows they are still essential to have.

 

 

2. STRONG AUTHENTICATION

Passwords

Unbelievably, The most popular password worldwide for last year was 123456!

Passwords should be as long as possible – minimum 10 characters, surprisingly numbers, non-alpha numeric characters are that important.

Articles:

 

https://www.esquire.com/lifestyle/a25570880/top-passwords-2018/

https://blog.fleetsmith.com/password-security-guide/

 

Multi Factor Authentication

All your accounts, both work and personal should be secured by Multi Factor Authentication where possible. In 2019 this is essential to protect your data. SMS is inherently far less secure than Authenticators like Google and Microsoft Authenticator as SMS numbers can be ported by a determined enough hacker.

For work, MFA on Administrator Accounts is absolutely a must if you decide not to apply it to normal user accounts (which you should). A compromised Administrator account can create havoc and destroy businesses.

 

3. DATA PROTECTION

Mobile Device Management

Company Data no longer resides in the office network on your file share, it is accessible through the cloud on any device, anywhere. BYOD (Bring your own Device) adoption means company data is likely on your tablet, phone, toaster. No seriously, but you get what I mean.

As a consequence of this companies need to secure their data wherever it sits, on personal devices or company owned laptops. This is where MDM (Mobile Device Management) comes in. You can setup software and policies to enforce data protection and allow remote wiping secure company data. Office 365 and G-Suite already have built in MDM you can configure and of course there are hundreds of third party solutions.

 

Encryption

Data should be encrypted in transit and at rest. For in transit encryption think VPN connections and HTTPS / SSL with strong encryption ciphers to access your data in the cloud and in the office network. Data at rest should be encrypted disks. Both Windows and MacOs now have this built in – Bitlocker and Filevault so it shouldn’t cost anything to implement it.

 

4. PATCH MANAGEMENT

It is essential to ensure that your servers, computers and devices are patched regularly to prevent against hacking of zero day exploits, and a good Patch Management system is essential to automate this process.

Good Patch Management systems don’t have to cost much any more and once installed and implemented are set and forget. A small price to pay for peace of mind.

 

5. LEAST PRIVILEGE

Least Privilege / RBAC (Role Based Access Controls) are a set of principals which dictate that a user who needs to complete a task much have the absolute minimum amount of permission required to complete that task. For Cloud services such as AWS / Azure or Office 365 / G-Suite this means only the least number of administrators possible.

The higher the number of administrators the higher the chance of getting hacked.

RBAC means that instead of creating single users or groups with certain permissions, create a role with the requisite permissions and apply it to that user. Therefore, if the user leaves or changes job, you can remove the role without affecting anyone else.

 

6. BACKUP

A good backup is essential to protect against attacks and loss of company data. It should be point in time and offsite so you can have some level of BCP (Business Continuity Planning) in case you have main site loss. There are a lot of excellent, reasonably priced cloud based backup solutions.

You should also have a backup of your configuration and a backup of all your documentation and processes of site as well to protect your intellectual property.

 

7. SUPPLY CHAIN SECURITY

Having the most secure environment in the world is useless if your suppliers have no controls and you have your or your customer data stored with them. Hold your suppliers accountable for your data as if it was on your own onsite servers. The big Cloud vendors have whole sections of their portals dedicated to all of regulations they are compliant to – PCI DSS, ISO 27001, HPIAA – the list goes on an on.

For smaller vendors, make them fill out an annual audit.

It should be pointed out that despite the regulations the big providers comply with, it is a Shared responsibility model – I.E. once you use the infrastructure you are responsible to ensure it is secure. Spinning up an AWS EC2 instance, putting a website on it without SSL / HTTPS, it is NOT PCI DSS compliant! 

 

8. CYBER INSURANCE / CYBER AWARENESS TRAINING

Increasingly important in the current landscape and two sides of the same coin, Cyber Awareness Training for your employees and good Cyber Insurance is essential.

Training your employees to properly assess potential hacking situations is vital. There are great solutions out there to help train your users.

Cyber Insurance is also becoming increasingly important but Awareness comes first because thoughtless employee actions can mean your insurance is voided and you don’t get paid out if a breach occurs.

 

https://www.wombatsecurity.com/security-education/security-awareness-training-videos-materials

 

https://www.bsilearning.edu.au/women-in-cyber-security/

https://www.bsilearning.edu.au/bsi-course/22603vic-cert-iv-in-cyber-security/

 

References / Guides

https://www.itnews.com.au/news/one-in-ten-aussie-businesses-suffered-it-breaches-last-year-527306?eid=1&edate=20190627&

 

https://exxa.azurewebsites.net/security/security-the-new-data-breach-laws

 

https://www.techrepublic.com/article/how-to-turn-on-the-microsoft-windows-10-firewall-and-modify-its-configuration-settings/

 

https://www.maketecheasier.com/configure-mac-firewall-correctly

 

https://support.office.com/en-gb/article/set-up-mobile-device-management-mdm-in-office-365-dd892318-bc44-4eb1-af00-9db5430be3cd

 

https://support.google.com/a/answer/7400753?hl=en

 

https://www.beyondtrust.com/blog/entry/what-is-least-privilege

 

https://azure.microsoft.com/en-au/overview/trusted-cloud/compliance/

 

https://aws.amazon.com/compliance/programs/

 

With multiple certifications in Cyber Resillience, AWS and Azure, we can help you implement all of these best practices to ensure the safety and security of your business. 

Related Articles

Exxa Home

Managed IT Services

Why choose a managed service provider to do your I

BSI Future Learning series - In this first episode, we’re diving into the realm of cybersecurity— Join Simon Dewar from BSI Digital Learning and Kala Philip (MAICD, GAICD) from BSI Learning and the incredibly knowledgeable Damien Cantelo from Apollo Secure, who has worked closely with enterprises of all sizes to understand the cyber-threat landscape and guide them to ensure their systems, processes and, most importantly, people are cyber-ready.

https://www.linkedin.com/posts/business-strategies_bsi-learning-bsi-learnings-podcast-era-activity-7155424384407552000-DFHU?utm_source=share&utm_medium=member_ios

Australian sanctions Russian man over Cybersecurity attack 

https://www.linkedin.com/posts/aucyberseccoord_the-impact-of-the-2022-medibank-private-cyber-activity-7155436955315421184-O_iQ?utm_source=share&utm_medium=member_ios

Cybersecurity - get qualified - build cyber governance skills 

https://www.linkedin.com/posts/kphilip_cybersecurity-knowledge-and-skills-are-much-activity-7153168524805394432-gbja?utm_source=share&utm_medium=member_ios

Spotlight on cyber By AsIC 

https://www.linkedin.com/posts/kphilip_findings-and-insights-from-the-cyber-pulse-activity-7129736287481171969-L-dJ?utm_source=share&utm_medium=member_ios

Providing a learning environment around AI and Soft Skills are key to recruit and retain your team

In Australian  and global businesses businesses there are 2 areas of focus that Organisations  need to nail to recruit and retain their team - says Matt Tindale, Country Manager of LinkedIn Australia and New Zealand

AI and Soft Skills 

AI 

The demand and supply for workers with AI skills has increased. 

Linked published  a Global Talent Trends Report showing that job posts mentioning AI grew by 10% . 

You need to create  an environment and culture of continuous learning - that enables your team to upskill - through continuous learning - which Matt calls a “skills first approach” - to expand your talent pools - upskill your current employees, and build agility into your workforce.

 
AI can help with this this in an exponential way! 

Technical Skills will change over the years  …. Focus on people who have the ability to learn how to learn .

Employees are looking  to gain AI-related skills because they know it will benefit them in the future. 

Soft skills will be key

The significance of distinctly human skills and leadership skills - or soft skills are key. 

These skills include problem-solving, communication, people skills, leadership ,  critical thinking. time management, adaptability & resilience, and strategic thinking.

While technical skills change constantly, soft skills and your core values will remain with you throughout your career.

Soft skills are key in the future world of work, with 94% of business executives in Australia recognising their significance.

The Gen Zers and Millennials have different priorities when it comes to work and are digital natives. They want career mobility so they can make work, work for them.

They understand the power of AI and it’s powers and would be open to learn more.

Being a lifelong learner  provides greater job mobility for professionals across a wider array of industries as their knowledge and skills become more transferable, accelerating a trend of professionals pivoting roles.

The goal for you to recruit and retain your team is to shape work in the age of AI to be more human and more fulfilling. 

How do you engage , excite and enthuse teams to be part of your organisation? 

We are in a period of exciting times 

Onwards and upwards!!

The power of effective , transparent communication

What was one of the key success factors for making Alexander the Great - great? 

We have just spent the day in Thessaloniki (2nd biggest city in Greece )- visiting a tomb of his family! 

Communication - in my view was key!!

Sun Tzu's "The Art of War" shares the importance of effective good communication . 

He emphasises the need of being given explicit instructions -  and following them. 

If orders are unclear, it is the leaders  problem and the soldiers  are at blame if they are given explicit instructions and still fail to carry them out. 

This  concept has s not only relevant on the battlefield - but also on the sports field, government , at school , at home and especially   in business 

Leaders need to make sure their teams are on the same page by communicating their vision, mission, strategies , goals , tasks and expectations.

Effective Feedback

When goals aren't accomplished, leaders need  to see if their instructions were understood and that the team understands the game plan and their role clearly! The use of feedback mechanisms to learn what worked or didn’t - 

Where was the breakdown? Was it because of ambiguous instructions or lack of execution?

Reviewing past games analysis can reveal what was good or bad - what worked or didn’t— what could be improved - was failure as a result of strategy muddled tactics or execution  or both? 

Effective open communication  promotes an atmosphere of trust a key quality and value vital to the success of any group! 

Allen Pathmarajah shares one of the most important tools in communication - which is the

L in leadership!

Listen - listen and silent - have the same letters, he says !

Once you know what works -  Practice , practice practice is essential  until processes  become second nature, leaving little room for error! (Read Malcolm Gladwell the tipping point and blink ) 

Identify what can be improved - pivot , iterate , practice until perfect 

Ways to communicate 

Through regular forums town halls , team meetings, one-on-one chats, digital channels.

Continuity is key!!

Whether you are at home , in business, government or the battlefield - Conflicts can be greatly reduced if clear standards for tasks, responsibilities, and behaviour are established with clear ways to communicate them ! 

When people don't play by the rules, or don’t follow the game plan - having an open conversation about what went wrong can help bring everyone closer together and improve future compliance.

The power  of effective , transparent communication is key 

 

Of course - Learning and effective training is a key part of the communication process - (www.bsilearning.com.au)

Leaders in any field can benefit from internalising and using Sun Tzu's concepts through building stronger, more cohesive, and more accountable teams.

The gap between Strategy and a execution cannot be underestimated

A picture is a thousand words. Why is it that this one echoes so strongly when we see it?

DEFINING A STRATEGY THAT WILL ACTUALLY WORK IS HARD:

We have just spent a year getting our entire team engaged in determining our 5 year strategy .

It’s been a slow and often painful process getting ideas from all stakeholders, meeting, arguing, planning, revising, getting input, changing , taking into account current events , changing again…. 

I believe we have come up with a strategy that the entire team is excited about - and is keen to execute really well.

This article below by Jakob Bovin has really hit a chord

 - the importance of alignment and buying cannot be overestimated! 

The gap between strategy and execution is very real, and the challenge of going from a great strategy to great execution of it, is often spectacularly underestimated.

 

Here are some of the reasons why:

The pyramid of ignorance (Sidney Yoshida) suggests that only 4% of an organisations front line problems are understood by top management. 

 

Therein lies the challenge of understanding the difficulties a new strategy may face when different parts of an organisation try to adopt it. 

 

To find true alignment, strategy definition must be dynamic and involve a broad range of stakeholders at all levels to have a chance to be successful.

 

If we don't make that effort, the strategy will eventually face too much resistance.

 

 

IT MUST BE "THEIR" STRATEGY, NOT "YOURS"

 

If a strategy comes from the top in a form of a waterfall of slides (I've seen plenty of examples of 200 slide presentations in my career) there's a good chance it will be forgotten pretty quickly.

 

It's much more important to set a clear direction for the organisation, then let every part of it say how they will contribute to taking the organisation there.

 

By taking this approach, it becomes everyone's strategy not just that of a select few privileged people at the top.

 

 

WE UNDERESTIMATE THE POWER OF EMOTIONS

 

A leader of a multi billion $ business recently said to me, "You know Jakob, we often underestimate the emotional attachment people have to the way things are done today".

 

It struck a chord.

 

We don't like change because there's comfort in how we do things today. Change doesn't just affect what we do, but also our working relationships with others which can have a profound impact on every individual.

 

This will create natural resistance to change. People will feel some degree of "loss" when embarking on a new strategy - as strange as that may sound.

 

Ultimately success will depend on individuals having the opportunity to connect to the strategy and understand how they will contribute to it at their level & create success for the organisation.

 

 

WE'RE OFTEN ASSESSING STRATEGY ADOPTION BY LOOKING IN THE REAR-VIEW MIRROR

 

Last but not least, lack of visibility on whether or not we are moving in the direction we want is often the achilles heel when it comes to going from strategy to execution to results.

 

If we focus on "lag metrics" (i.e. looking at what has already happened), we're too late.

 

Clear real-time visibility of progress is critical to be able to course-correct and ensure execution happens to deliver the results we want. Unless we have a common system and methodology to do so, it's very hard to accomplish.

 

The above isn't an exhaustive view & I'm keen to hear your take on the strategy to execution challenge!

 

 

#strategy #execution #results

Monte Pedersen Wayne Nelsen Jeroen Kraaijenbrink

https://www.linkedin.com/posts/jakobbovin_strategy-execution-results-activity-7109755488396832769-OD_V?utm_source=share&utm_medium=member_ios