Humans are always the weakest link when it comes to cyber security

/

I thought, being Friday, I might take a bit of a light-hearted approach to highlighting one of my favourite topics: the human risk of cyber security.

I'll let the video speak for itself. I've shared this before, but it's worth another share. Now, this is an ad for Cisco Cloud Lock, which I'm not affiliated with, but their ads are clever, relevant, and relatable.

Whilst it highlights real-life risks, it does miss the mark, giving you the impression that their service is the silver bullet that will protect us silly humans from ourselves and the business.

This simply isn't true. Nothing will protect you or your business 100% from data breaches or cybercrime.

There is no silver bullet when it comes to Cybersecurity.

Contrary to popular belief, and security vendors with ads like these don't help the matter, Cybersecurity is not just an IT problem. IT is not your only line of defence. A successful cyber security strategy has to be owned and driven from within an organisation. It needs to be a "done with" you, not a "done for" you approach.

Cyber security is everyone's responsibility, and if your organisation isn't focusing on the human factor with regular education of your team and security awareness training, you are exposing yourself to massive risk.

Just start with one thing.

Here are some simple action items for you:

1. Check whether you’ve been involved in a breach at Have I Been Pwned.

2. If you have been breached, get a good password manager to randomise and store your passwords. You shouldn't be creating your own passwords. And contrary to popular belief, changing your passwords regularly is not recommended, unless you know if it was involved in a breach. Good password managers like LastPass keep an eye out for any breaches you might be involved in. And think of all the headspace you'll free up by not having to remember passwords!

3. Turn on MFA for all your cloud accounts or apps. If you don’t know how simply Google “Turn on MFA for <insert cloud app here>”

4. Secure your devices. If you’re using a personal device for work, which you shouldn't, then something as simple as creating a separate login that doesn’t have admin rights on the computer you’re accessing work information on.

5. Update your apps! Many updates address security risks or flaws. Yes, they can be annoying, but why put yourself and your business at unnecessary risk!

And finally, because it's topical if you are or were a Medibank or AHM customer, the Australian government has released a fact sheet on what you should do next. https://www.homeaffairs.gov.au/news-media/archive/article?itemId=961

What simple change can you make today, that will improve your cyber security?

How confident are you with your business' cyber security?

/

Will all the recent media coverage of high profile data breaches, it would seem that cybercrime is on the increase.

We see news of a data breach in Australia almost every week at the moment.

Medibank is currently in the news for standing firm against their hackers and refusing to pay the ransom that the hackers are demanding otherwise they are threatening to release the personal data of their 9.7 million former and current customers.

This week a data hack at IT firm PNORS Technology Group, which works with six different state departments including Education and Training, may include health records of Victorian school students.

The fallout from the well-publicised Optus data breach is still happening with a Melbourne family losing $40k from suspected identity theft.

So are data breaches and Cybercrime in general increasing?

The answer is, yes.

During the 2020-21 financial year, over 67,500 cybercrime reports were made via ReportCyber. That's a 13 per cent increase from the previous year.

Over $300 million was lost to scams last year.

And these are only factoring in reported hacks and scams, as many occur that are never reported.

Australia is currently 5th in the world for cybercrime density and 11th in the world for the average cost of a data breach ($4.5 million).

We've worked with businesses that have lost tens of thousands of dollars to scams, and some businesses are small as sole traders.

Sadly, over 60% of Australian SMEs don't survive a cyberattack or data breach.

The stakes are high, and every business is a target.

Most businesses don't have adequate cyber security in place.

However, even if they did, it doesn't matter how much Cybersecurity your business has in place, cybercrime is a matter of when not if.

Cyber security is about risk mitigation, so a business can minimise the effects of a cyber incident and hopefully survive it as well.

Until data privacy legislation is forced on all businesses, many just won't act until it's too late.

As a business you need to start planning now, otherwise, it will be a mad rush and costly to get everything in place when stricter legislation does get passed.

Unfortunately, businesses worldwide don't budget enough for cyber security. Australian businesses on average only allocate 10.9% of their IT budget to cyber security.

Cyber security is everyone's responsibility and should be a forethought, not an afterthought.

What's in a password?

/

Some of you may still not be convinced about the need for a password manager.

It's 2022 and still not all cloud sites and services have the option to enable multi-factor authentication on your account.

Even those of you who have MFA turned on for everything that offers it, may still be at risk for an account breach, depending in the type of MFA you're using.

The standard password complexity we have enforced in ternally and also setup for our clients, is 20 characters - upper and lowercase, numbers and symbols.

That way, even if MFA is not present or is circumvented, it's a pretty difficult password to crack. And because each password is unique as well, there's no risk that the password was involved in a breach on another site.

How secure are your passwords?