Cloud Computing – Get Your Head In The Cloud

In spite of the data pointing to the business efficiencies it creates – and the cost-savings it offers – a large portion of businesses strangely still operate without cloud computing.

Yet, as technology advances, it becomes more evident that traditional IT infrastructures are limited. Many businesses struggle to adapt to changes in the marketplace and new trends, because their infrastructure does not consistently measure and respond to these.

Taking advantage of cloud-based services can help businesses streamline performance and manage growth without the costs of investing in expensive hardware and software.

What Is Cloud Computing?

Cloud computing as a delivery model for IT services is defined by the National Institute of Standards and Technology (NIST) as “a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction”.

How Does Cloud Computing Work?

All the features and files of a cloud computing system can be accessed without having to maintain all the files on their computers. Cloud computing works similarly to web-based email clients. 

There are many cloud computing services already available to people without their knowledge. Even Facebook and Instagram are cloud-based apps, as well as Office 365. 

Users send their personal data to a cloud-hosted server which then stores it for later access. 

While these applications are useful for personal use, they are even more important for companies that need to have secure, online access to data in large quantities.

Taking advantage of cloud-based services can help businesses streamline performance and manage growth without the costs of investing in expensive hardware and software.

What Is Cloud Computing Used For?

Cloud computing refers to a variety of cloud services, including:

File storage services: Store your files and back them up regularly. These files can also be synced between devices. 

Cloud backup: While cloud storage and cloud backup are often confused, cloud backup serves as a failsafe in case your company is attacked by a cyberattack or loses data. 

Software as a service (SaaS): SaaS solutions use the web to provide a service. Examples of SaaS applications include Office 365, Google Apps, Xero and Salesforce. SaaS solutions may also be called platform as a service (PaaS). 

Cloud hosting: These solutions facilitate multiple types of information sharing, such as email services, application hosting, web-based phone systems and data storage.

The Business Benefits Of Cloud Computing

Here are some of the key advantages of cloud computing for your business:

Cost savingsSecurityFlexibility
MobilityInsightIncreased collaboration
Quality controlDisaster recoveryLoss prevention
Automatic software updatesCompetitive edgeSustainability
Super fast performanceGet new apps running quickerAutomatic software integration
Scalability and performanceThe cloud is future enabledBusiness continuity

How do cloud services store data?

Cloud computing services are available in four main forms:

PublicPrivateCommunityHybrid
When a firm uses a vendor’s cloud infrastructure which is shared via the internet with many other organisations and other members of the public.A firm’s exclusive use of cloud infrastructure and services located at the organisation’s premises or offsite, and managed by the organisation or a vendor.Shared by several organisations with similar security requirements and a need to store or process data of similar sensitivity.A hybrid cloud model involves a combination of any or all of the other cloud models. 

Choosing a storage model that doesn’t fit your company’s needs can pose a security risk.

Questions To Ask About Cloud Computing For Your Business

Before signing up for cloud computing services, you should ask the following:

  • Can anyone see my information?
  • Is my data spread out across several data centres in different locations to protect it from regional attacks?
  • Is my data protected by any redundancies?
  • Is my data encrypted by you? What steps do you take to protect my data?
  • Do you manage encryption keys in any particular way?
  • When there is a crash or cyberattack, what happens and how are my files restored?
  • Can you tell me about your security certifications?
  • Is your security policy up to date?
  • Is there anything that could go wrong with implementation?
  • Is your company a reseller? Is there a person in charge of service and support?

Cloud hosting provides businesses with many benefits. A cloud-based system is highly reliable, cost-effective, and provides the scalability, flexibility, agility, high performance, and security businesses need for their IT systems.

For businesses of all sizes, we offer cloud computing services. Check out OneCloud IT Solutions’ managed cloud hosting packages if you are interested in a managed cloud solution backed by 24/7 expert technical support.

Cloud Computing FAQs:

  • What are the main challenges of cloud computing?

The cloud has two challenges. Any new technology must be implemented with training of personnel and a strong troubleshooting process. Your employees may also be resistant, especially those unaccustomed to cloud technology.

  • How does data stay safe in the cloud?

A cyberattack can affect any business. The safety and security of their information stored in the cloud is especially important to business owners. A reliable cloud service provider knows all contingency plans in the event of a breach, and takes the necessary steps to bolster your security.

Related Cloud Computing Links

ACSC: Cloud Assessment and Authorisation – Frequently Asked Questions

Cloud Computing Security Considerations

Strong Cyber Security Can Save Your Business

Cyber security is a growing concern for businesses. If your business is on the internet, it is vulnerable.

Fraudsters are becoming more sophisticated as cyber-defence tools improve. Putting in place security measures alone is not sufficient. With the shifting landscape, you need to be monitoring and updating them all the time.

So, businesses must understand the extreme importance, right now, of how implementing and adapting solid cyber security protocols helps them to protect their operations.

And, a major problem with cyber crime is it doesn’t just affect big business and government agencies. It’s more prevalent among smaller companies whose vulnerabilities are subtle.

The Federal Government recently announced a national initiative to raise awareness of the need for small and medium businesses to have effective security.

The platform being provided for SMB’s by the Federal Government for cyber security mitigation is based on what’s called the “Essential Eight”.

The Essential Eight Broken Down

Mitigation Strategies to Prevent Malware Delivery and Execution

  • Configure Microsoft Office Macro Setting
  • Application Control
  • Patch Applications
  • User Application Hardening

Mitigation Strategies to Limit the Extent of Cyber Security Incidents

  • Restrict Administrative Privileges
  • Multi-factor Authentication
  • Patch Operating Systems

Mitigation Strategies to Recover Data and System Availability

  • Daily Backups

At OneCloud IT Solutions, we are committed to delivering you these proven strategies to secure your business operations online as part of our security service.

With OneCloud IT Solutions, we understand businesses are looking for professionals with a combination of technical skills with expertise in data security along with the understanding of business risk.

When you use our cyber security service, you are leveraging the experience and proven expertise of a team across these valuable IT skills and disciplines:

Cyber Security AnalysisCyber Security ConsultingSystems EngineeringSystems Administrating
Vulnerability AnalysisComputer Forensics AnalysisEthical HackingPenetration Testing

To protect your computer systems from suspicious behaviour, strong security is necessary. Our full cyber security service for your business focuses on these key areas:

  • Application security
  • Network security
  • Cloud security
  • IoT security (internet of things) – e.g. printers, hardware, other peripherals

Why You Should Be Worried About Cyber Crime

Cyber crimes cost the Australian economy roughly $1 billion dollars a year.

A report by the Cyber Security Cooperative Research Centre estimated that cyber crime has cost the global economy US$1 trillion. 

Among the recent ransomware attacks in Australia are:

  • February and May 2020 – Two attacks in a few months against logistics company Toll Holdings
  • March 2021 – An attack against Nine Entertainment that left the company struggling to televise news bulletins and produce newspapers
  • June 2021– An attack against JBS Foods, the world’s largest meat supplier, which affected 47 facilities in Australia

Rachel Noble, director-general of the Australian Signals Directorate (ASD) told a Senate committee in June that these attacks on JBS, Nine, and Toll Group have been “catastrophic” for the businesses affected. [source: ABC]

Interestingly, one-third of Australian organisations hit by ransomware attacks paid the ransom. That’s a lot of money to avoid embarrassment. There has been a 60 per cent increase in ransomware attacks against Australian entities in the past year, according to the government’s cyber security agency, the ACSC.

The Key Cyber Attacks

Email phishing – a growing threat to individuals and businesses as hackers use these channels to send malware.

The strengthening of passwords is one of the common problems companies face, specifically in B2B. Using the same password across multiple accounts causes the issue.

Ransomware – the name comes from the fact that malware is often used to lock a device, data or system until a hacker is paid a ransom.

Though DDoS attacks still tend to be the most expensive of the cyber claims, ransomware is now the most prominent threat and the most costly.

Because of the expansion of remote work arrangements during the COVID-19 pandemic, businesses have likely been exploited by malicious cyber actors through recently disclosed software flaws. Four of the most targeted vulnerabilities affected remote work, VPNs, or cloud technologies.

Among those highly exploited in 2021 are vulnerabilities in Microsoft, Pulse, Accellion, VMware, and Fortinet software. [source: Australian Cyber Security Centre]

“In cyber security, getting the basics right is often most important. Organisations that apply the best practices of cyber security, such as patching, can reduce their risk of cyber actors exploiting known vulnerabilities in their networks,” said Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA.

Australians spent approximately $5.6 billion on cyber security in 2020, according to AustCyber. By the year 2024, this figure is predicted to amount to $7.6 billion.

OneCloud IT Solutions Is Your Trusted Cyber Security Team

Firms often have difficulty hiring trained security professionals due to the difficulty of finding professionals with the right blend of technical and soft skills. That’s where we come in. We keep things simple. We won’t sugar coat things, or confuse you with techy jargon. We are down to earth, straight-shooters who work hard to protect your business.

OneCloud IT Solutions’ team of professionals offers:

  • A service which is enthusiastic, analytical, and adaptable with an understanding of vulnerabilities on the web
  • Business acumen, business risk awareness, and problem-solving abilities
  • The ability to communicate technical and nontechnical information in a manner that is clear and easy to understand
  • Excellent understanding of operation systems, networks, and visualisation systems, including architecture, administration, and management
  • Knowledge of programming languages, such as PHP, Python, Java, and C++.
  • Working within your business to develop your cyber security experience

To check the vulnerability of your business and to discuss your security strategy, please contact One Cloud IT Solutions today.

We are here for you.

Related Cyber Security Links

Australian Cyber Security Centre

Cyber Security Cooperative Research Centre

Australian Signals Directorate

Security Brief Australia

Australian Cyber Security Magazine

IT News: Security

Channel Nine: Cyber Security News

CISA (US)

ECPI University

Managed IT Services: A Complete Overview

For small businesses still growing, every cent matters on your balance sheet. Cuts and sacrifices have to be made in order to survive, and a common area this occurs in is your Information Technology department. But what if there’s a solution that doesn’t just save your business money, but actually improves your bottom line while ensuring your IT systems stay secure?

What Are Managed IT Services?

Managed IT services involves outsourcing IT system management and maintenance to a firm that specialises in all aspects of the industry, including:

  1. IT Support
  2. Monitoring
  3. Disaster Recovery
  4. Reporting
  5. Security
  6. Maintenance
  7. Hardware and Software

Why Use Managed IT Services

Expertise and Cost

For SME’s, employing an in-house team of IT specialists is simply not realistic, nor is it necessary.

The average salary for an IT specialist is $90,000, and that’s before you factor in infrastructure costs such as computers, software programs, and data management.

A managed IT service gives you access to everything you need, at a fraction of the cost.

Enhanced Security

One aspect of managed IT services includes monitoring your systems and servers for a potential breach, and implementing software and protocols so your system will be secured from external threats. Furthermore, in the event of a security breach, experts will be on-hand to resolve any concerns.

Efficiencies and Operating Improvements

Innovation is an important aspect for businesses that want to grow. Old computers can cost a business over $4000 a year, and software that is five years old will cost a business more to maintain it than what was originally spent on acquiring it.

Using old computers or software can inadvertently be costing you time and money. By working with a managed IT provider, you get access to the newest technology that your business can take advantage of.

Maintenance

An often overlooked aspect of IT systems is the maintenance required to ensure the business can continue to operate smoothly. The average cost of IT downtime is $5,600 per minute.

Managed IT services involves proactively assessing and updating systems to ensure you’re consistently operating at full capacity.

Solutions

Managed IT Services gives businesses access to experts in the industry, and also experience driven solutions. When you have experts working with you to plan and implement change, it gives you the power to drive change within your business.

Managed IT Service Inclusions

Every managed IT service provider is different, so the following is a list of common inclusions that IT companies will provide for you.

Support

From minor issues to major compromises, a business utilising managed IT services will have an open communication line with their IT service provider, to ensure all matters regardless of complexity and severity are handled in a timely fashion.

Monitoring

Through both software and proactive measures a managed IT service will supervise your entire system to ensure problems that arise are identified and dealt with quickly.

Disaster recovery

From a website crash to system downtime, disasters cost your business money and reputation. With a managed IT provider you’ll be in safe hands to guide you through this stressful period, and better yet – prevent it from happening in the first place!

Reporting

A Managed IT service will provide data and analytics regarding the performance of your systems, so you can make informed decisions about your business.

Security

Common security aspects provided by managed IT services companies include email and server protection. However, an often overlooked aspect of security that not all IT businesses will provide is internal testing. Human error accounts for 24% of data breaches, so a managed IT provider will perform tests to see how secure your systems and employees are from external threats.

Maintenance

Maintenance is an important aspect of a managed IT service. IT firms will plan out maintenance schedules, and implement these check ups and improvements in safe periods where downtime will not affect business activity.

Hardware and Software

Managed IT service includes both the provision and maintenance of hardware and software products your business needs to function.

Migration

With innovations in cloud services (Data Centres, Virtual Servers and Software Services), using cloud services has become increasingly popular for its cost effective, secure solution to managing your files and business critical applications as well as providing greater flexibility and uptime. 

A managed IT service provider will help you evaluate your cloud service needs, and implement a cloud migration strategy to ensure the transition is smooth and successful.

Common IT Issues Small Businesses Experience

If your business has or is currently experiencing any of the following IT issues, contact a managed IT service provider.

Server crashSystem compromise
Computer downtimeOld software not working
Lost login detailsNetwork / internet issues
Deleted / lost filesHardware issues
Integration issuesBackup / disaster recovery issues
Cyber security risksHardware / Software set up
Lack of IT planningInternal communication issues

Does Your Current Managed IT Provider Have You Covered?

You want Managed IT to operate like a duck on water – cool, calm and relaxed on the surface, but busy underneath, ensuring everything is running smoothly. Because if they’re constantly having to react to situations, your business has a big underlying problem.

In saying that, it’s natural to think “what am I paying you for?”, which is why we’ve provided a free downloadable resource for you to use in your next meeting with your IT service provider.

It’s full of questions you can ask to find out what they do for you, and how prepared they are in the event of a breach. Download your free questionnaire below.

Wrapping Up Our Managed IT Service Overview

As we’ve discussed, a good managed IT provider will not only save you money, but will help your business grow. It’s important for your business to remain technically proficient, and managed IT service providers help you achieve this.

Case Study: Hacker stings user after lying in wait

Cybersecurity Hacker Case Study

What happens when a hacker gets access to your system and lies in wait?

One such case happened where emails were hacked and the criminal watched in the shadows for 120 days before striking.

In one transaction, the hacker secured a $40,000 payment for just one client breach.

Read more on the hacker’s plan of attack and how OneCloud IT resolved this issue.

The issue

A user’s emails were compromised, however the hacker did not scam the victim straight away. 

The hacker viewed their emails for 120 days – learning their behaviours and accessing their contact lists, understanding how invoices were sent and how much was an appropriate transaction amount. 

Once this knowledge was achieved, the hacker emailed multiple clients, updating them that the company had changed its bank account details and provided a new invoice for the client to pay. 

In one instance, this happened to be a $40,000 payment.

The client then told the company they had paid the new invoice, to which they then discovered that no invoice was sent and no bank details had been changed. 

Once the client and company compared notes and realised the money had left the client’s account, they called the police to start investigating. 

What was done

Once the client discovered their emails were hacked, the below was implemented:

Change your credentials

New username and password: secure passwords should have 12 characters, have a mixture of symbols, number, capital and lowercase letters. Ensure all your passwords are different and keep track of your new passwords. 

Change security question

Without being sure what the hacker was able to access, you need to ensure all account details are changed to reduce the likelihood of the client being hacked again. Avoid questions that could easily be guessed or found online.

Turn on two-step verification

This extra step allows the user to not only reduce the likelihood of being hacked but also reduce the chances of the user being locked out of their account. 

Warn your contacts

Warning your clients provides them the chance to delete any suspicious messages, therefore reducing the chance of them being hacked. 

Also it allows them to avoid invoice notifications, causing them to pay the hacker instead of the users.

Look for signs of trouble

Hackers may have made changes to the user account, allowing them to gain access to your account easier next time or continue to scam people after you’ve taken back control of the account.

Check email signatures, auto-forwarded rules, or any further tips from your email provider.

Look for signs of a computer virus, slowness, pop-up windows, problems shutting down and restarting, or any unfamiliar applications on your device.

Protect yourself for the future

  • Join OneCloud Services
  • Disaster recovery plan for the future
  • Managed IT services
  • Cyber security services
  • Staff training for the future 

The Outcome

After three months, the hacker was found and the money was returned to the user – which is a rare occurrence.

Measures were put in place to reduce the issues happening again.

Sadly the user took a hit in customer reputation and trust.

The downtime resulted in a loss of income.

Contact OneCloud IT Solutions to start work on your cybersecurity and disaster recovery plan today and start future-proofing your business from the inevitable disasters.

How IT horror stories can help your business

Nobody – no matter how big you are – is ever 100% safe from an IT disaster.

Some of the most famous names in business have been hit with epic data breaches over the years.

Every day is a learning experience and with IT, you can’t be too careful when it comes to the security of your data.

There are several precautions you can take to secure your important business records to reduce the risks of a data breach or other preventable disasters.

7 Ways to prevent phishing and cyber attacks on your business

Sadly, throughout history, it was too late for some of these companies, who took a hit at the time.

But you can hopefully learn from their mistakes or oversights.

Social media breaches

Facebook

Phone numbers, full names, locations, some email addresses, and other details from user profiles were posted to an amateur hacking forum in 2021. The leaked data includes personal information from 533 million Facebook users in 106 countries.

Yahoo

In 2014, Yahoo! suffered a massive attack which leaked the real names, email addresses, dates of birth and telephone numbers of 500 million users. Yahoo revised that estimate in 2017 to include all of its 3 billion user accounts. The breaches cost the company an estimated $350 million.

MySpace

In 2016, the world learned 360 million MySpace user accounts were leaked onto LeakedSource and put up for sale on dark web market The Real Deal with an asking price of 6 bitcoin. The breach related to passwords created in 2013.

LinkedIn

In 2012, the business networking site said 6.5 million passwords were stolen by attackers and posted onto a Russian hacker forum, selling for 5 bitcoin.

Dubsmash

In 2018, US video messaging service Dubsmash had 162 million email addresses, usernames, password hashes, and other personal data such as dates of birth stolen. The data was put up for sale on the Dream Market dark web market. The company advised users to change their passwords.

Sina Weibo

Chinese social site Sina Weibo said 538 million real names, site usernames, gender, location, and – for 172 million users – phone numbers were posted for sale on dark web markets in March 2020.

Zynga

In 2019, 218 million Zynga users were targeted by a hacker who hit the Draw Something and Words with Friends player databases. The hacker stole email addresses, passwords, phone numbers, and user IDs for Facebook.

Payment site breaches

eBay

A 2014 attack on eBay exposed its entire account list of 145 million users, including names, addresses, dates of birth and encrypted passwords. The auction giant said hackers used the credentials of three corporate employees to access its network and had complete access for 229 days.

Equifax

A breach in 2017 compromised the personal info (including the social security numbers, birth dates, addresses, and in some cases drivers’ licence numbers) of 147.9 million customers of US credit bureau Equifax.

Dating site breaches

Adult Friend Finder

In 2016, the FriendFinder Network, which included casual hookup and adult content websites like Adult Friend Finder, Penthouse.com, Cams.com, iCams.com and Stripshow.com, was breached. The stolen data spanned 20 years on six databases and included names, email addresses and passwords, and  was protected by the inadequate SHA-1 hashing algorithm.

Ashley Madison

In 2015, a hacking group stole more than 60Gb of company and user data of Ashley Madison, a site enabling extramarital affairs. The group threatened to release users’ names and personally identifying info if Ashley Madison would not immediately shut down. Resignations, divorces and suicides followed.

MeetMindful.com

In January 2021, a hacker leaked the data of 2.28 million users of dating website MeetMindful that includes real names, Facebook account tokens, email addresses and geo-location information. The  1.2GB file was shared as a free download on a public hacking forum.

Productivity site breaches

Adobe

In 2013, 153 million usernames and passwords were stolen from Adobe. The hack exposed customer names, IDs, passwords and debit and credit card information. The breach cost Adobe $2.1 million.

Canva

In May 2019, Aussie graphic design tool website Canva was attacked. Exposed were email addresses, usernames, names, cities of residence, and passwords of 137 million users. Canva says the hackers managed to view, but not steal, files with partial credit card and payment data.

Hospitality site breaches

Marriott International

In 2018, Marriott International was reportedly hit by Chinese hackers who stole the data of approximately 500 million of its customers. The breach was believed to have started in 2014 and was not discovered until September 2018.

Software faults

AT&T

In 1990, AT&T’s long-distance telephone switching system crashed. 60,000 people  lost their telephone service completely for nine long hours while 70 million phone calls went unanswered. The problem boiled down to some stray C language code in a piece of software.

The Paderborn Baskets

A German pro basketball team was relegated to a lower division due to a Windows update in 2015.

The Paderborn Baskets, a second division German basketball team, was relegated to a lower division for starting a game late, due to a necessary 17-minute Windows update to the scoreboard’s laptop.

Key things you can do to avoid an IT disaster

Can you afford to leave your network unprotected? OneCloud IT can further enhance your network security.

The sky is falling! Why you need a disaster recovery plan

Disasters sound dramatic.

If your business is ever on the receiving end of one, you can believe the pain can be crippling. Some firms never recover.

The clock is ticking on your next big disaster.

Yet, some firms keep rolling the dice in an effort to save money.

Having no disaster recovery plan in place is inviting trouble.

What is a disaster recovery plan?

A disaster recovery plan (DRP) is a documented process or series of procedures that help recover and protect your firm’s IT infrastructure in the event of a disaster.

These disasters hurt your business

Fire Disaster Recovery Plan
  • Fire
  • Flood
  • COVID-19 or other pandemics
  • Earthquakes, cyclones, etc.
  • Cyberattacks
  • Software failures
  • Hardware failures
  • Human error
  • Power failures
  • Internet outages

Brutal results of no recovery plan

  • The average small business can expect to lose $100,000 worth of revenue in unplanned downtime every year
  • 70 percent of small businesses that experience a major data loss go out of business within a year.

And even though you may have made a copy of your data, the time it takes to restore those files can be crippling in terms of downtime to your business.

Over 50 percent of businesses can only handle one hour of downtime.

How to set up disaster recovery

Assessment

Understand what areas of your business are vulnerable and get a better idea of what protections are needed to be put into place.

Planning

Figure out the best course of action which works for you to help keep your business running.

Installation

Install and configure a BCDR (business continuity and disaster recovery) solution for your business, to ensure that you have verified backups, instant virtualisation, local and cloud recovery, and restore options for any scenario. All backups need to be scanned for ransomware and mounted to ensure they are ready to restore.

Training/Testing

Brief all relevant staff on the recovery processes. Do some thorough stress-testing and run-throughs.

Implementation

You’ll need support and assistance to ensure you are able to avoid costly downtime and lost data.

It can be overwhelming.

OneCloud IT Solutions is one such firm that helps small, medium and large businesses across the Central Coast put comprehensive plans in place.

Benefits of a disaster recovery plan

  • The loss is minor
  • It becomes a temporary problem
  • Business operations can be restored quickly
  • You can prevent legal liability
  • Improve your security
  • Saves money and protects profits

Contact OneCloud IT Solutions to start work on your recovery plan today and start future-proofing your business from the inevitable disasters.

Related links:

RE:NSW – Small Business Disaster Recovery Toolkit

NSW Small Business Commissioner: Building small business resilience

Case Study: Attackers try to gain vital information via email scams

The Issue

A business on the Central Coast was receiving a large number of unfiltered emails, of which many were spam – some were obvious but a lot were not.

We found that a lot of these emails were phishing attempts, so they appeared to be legitimate but were actually scammers in disguise.

What We Did

We implemented a cloud-hosted spam filter to combat a large percentage of the spam/phishing attempts.

We ensured all machines and devices were updated to the latest versions.

We made some specific changes to the devices to ensure there was an extra layer or protection.

We sat down with the staff and trained them on what to look for to spot a phishing attempt.

Finally, we advised the client to call OneCloud if they receive anything that concerns them, and have one of our techs look at the email to determine whether it’s truly legitimate or not.

Note: User training is the most important backed by experts.

The Outcome

The company saw a large reduction of spam emails, meaning they were more efficient as they didn’t have to continually clean up their mailboxes.

Their risk of a staff member accidentally clicking on the wrong link was greatly reduced.

The staff are now very aware of what attributes to look for, they’re able to identify phishing attempts, and they have a process to reach out for help if they’re unsure.

Our client felt at ease knowing we were there to help and they could concentrate on their business rather than trying to fix it themselves.

7 Ways to prevent phishing and cyber attacks on your business

Phishing is a cyber attack that uses disguised email as its weapon of choice. While it may not attract the media attention of large data breaches, phishing scams are a serious threat to companies:

  • In 2020 Australians lost a combined sum of $141.5 million to phishing scams
  • Reports of phishing attacks in Australia were up 75% in 2020, compared to 2019
  • The most damaging types of scams included investment scams, dating and romance scams, false billing, threats to life or arrest, and online shopping scams

Source: Security Brief Australia

Phishing is a very real threat for your company, so in this article we will discuss practical steps you can take to prevent it, and save yourself from potentially losing a lot of time and money.

What is phishing?

The scammers essentially trick the email recipient into thinking the message is from a source they know and/or believe they can trust, e.g. a bank, a company the recipient normally does business with or a legitimate person or institution.

They use a deadly combination of psychology and technology to gain access to someone’s email address details so they can:

Steal personal information:

Scammers may sit and watch the recipient’s email activity (on average for 280 days) to collect data, such as login credentials, credit card and bank account details, and other sensitive information.

Gain an entry point for malware and ransomware attacks:

Once the scammers have an understanding of their recipient, they will deliver the recipient with an invitation to take an action – typically to click a link or download an attachment.

This invitation will be highly targeted and relevant to the recipient (e.g. a special offer from a company they regularly do business with, a personalised email from their bank asking them to confirm details, or unexpected news from a fake legal outfit that requires your immediate response (by clicking on a link).

Once the action is taken, the malware or ransomware is downloaded onto the computer.

How to prevent phishing

1. Check your preferences

Ensure your browsers’ anti-phishing preferences are turned on:

Phishing Preferences

Disable automatic loading of images and external content stored on remote servers:

Email Phishing Preferences

2. Check your emails more closely

When emails contain links, get into the habit of checking their validity more closely. Pay attention to spelling or grammar errors, and hover over the links before clicking them to assess where they actually intend to take you to.

If you are requested to give personal information, avoid clicking on the link. Rather, go to the company’s website or call them directly; if it’s a legitimate request they will have a record and be able to deal with the issue directly.

3. Beware of pop-up screens

Pop-ups are often linked to malware and phishing attacks. You can help to protect yourself from malicious pop-ups by installing an ad-blocker software that will automatically block them. If you are asked to enter personal information via a pop-up screen – don’t do it!

4. Rotate passwords regularly

By changing your passwords on a periodic basis, you can prevent attackers from gaining unlimited access to your account and lock out potential attackers.

5. Install a third party managed spam filter

Managed spam filters add an extra layer of protection, as they’re able to block some of the phishing attempts before they get to the users.

6. Keep your updates up to date

Staying on top of your updates will ensure you stay protected against the latest cyber-attack methods, as they patch holes identified in your security. 

7. Train your team

Of course it only takes one user to compromise your entire business, so make sure your whole team understands data security and email attacks, as well as your policies and procedures. 

The ultimate prevention

Of course, the ultimate strategy is to work with IT professionals, who can set you up with all the appropriate security measures and even consistently monitor your systems to identify potential issues and ensure you’re consistently up to date.

When it comes to cyber security – prevention is most definitely better than cure. Investing in a professional security solution could save you thousands or even millions.