The Essential Eight-cyber security mitigation strategy

Posted by Michael Trimblett on 19 August 2020

Before we talk specifically about the The Australian Cyber Security Centre's (ACSC) recommended Essential Eight-cyber security mitigation strategy; let's put the situation in perspective.

Reports are continuing to reveal facts and stats on cyber security that are increasingly alarming for small and medium sized businesses (SMB's). There are more incidents and more dollars being lost than ever before. Let me take you through a few points.

Recently, The Australian Cyber Security Centre (ACSC) published the Small Business Survey Report: How Australian Small Businesses Understand Cyber Security. They received over 1700 responses. Some of the revelations from the survey are:

  • $29 billion is lost by small businesses every year
  • Nearly 50 per cent of SMB's under-spend on IT security annually
  • One in five small businesses that use Windows have an operating system that stopped receiving security updates in January 2020
  • Many businesses had incomplete or too little implementation of the Eight Mitigation Strategies

 

The latest Notifiable Data Breaches report indicates a rise in breaches (as reported under the guidelines for mandatory reporting). In the period July to December 2019, the main categories of reported breaches were:

  • 64% - Malicious or criminal attacks (including phishing, theft by insiders or outsiders, social engineering, malware, ransomware)
  • 32% - Human error
  • 4% - System fault

 

The same report highlighted the top 5 industries being attacked the most:

  • Health service providers
  • Finance
  • Legal, accounting and management services
  • Education
  • Personal services

 

It's no secret that I have a passion for auditing, analysing and developing & implementing strategies for cybersecurity mitigation. If I was to hone in on one 'go to' mitigation strategy, it would be the Essential Eight. It is a relatively easy to understand, 8 point strategy that in its whole, cover's all angles for cyber security.

The 8 essential points are under 3 distinct defensive lines:

Mitigation Strategies to Prevent Malware Delivery and Execution 

  • Application control; 
  • Configure Microsoft Office macro settings; 
  • Patch applications; 
  • User application hardening

Mitigation Strategies to Limit the Extent of Cyber Security Incidents

  • Restrict administrative privileges; 
  • Multi-factor authentication; 
  • Patch operating systems

Mitigation Strategies to Recover Data and System Availability

  • Effective back-up regime

The first and most blatant revelation here is that standard anitvirus software hardly gets a mention. An effective strategy is more behavioural and tangiable than it is digital and automated. And just like a business's physical premises needs a lot more than just locks on a door, a business's I.T. and data require many angles for effective cyber security.

If you have any concerns or ideas for your cyber security risk mitigation or even if you are not sure what you don't know, please give us a call for a no obligation discussion (on 02 4337 0700) or email me.

.....and here are some parting insights from the above mentioned ACSC survey.....

The most common barriers identified for small business owners to implement good cyber security practices are:

  • A lack of dedicated I.T. staff;
  • Complexity & self-efficacy;
  • Planning & responding;
  • Underestimating the risk of cyber security incidents
Posted in: Services Security IT IT Consulting Networking Security Computer Software  

Phishing Emails - Don't Get Caught!

Posted by Kaylene Giff on 11 May 2020

Have you been a victim of phishing?

Do you know how to recognise a phishing email?

 

Now that so many of us are working from home and other locations, the threat is becoming more prevalent with over 7,000 phishing scams reported in 2020 so far.

Phishing is the simplest and most common method of computer-based social engineering.  A phishing attack involves crafting an email that appears legitimate but in fact contains links to fake websites or to download malicious content.  The email can appear to come from a bank, credit card company, utility company, or any other number of legitimate business interests a person may work with.  The links contained within the e-mail lead the user to a fake web form in which the information is entered and saved for the hacker's use.

Phishing can either be really good, such as perfect spelling, using insider information like specific clients or projects or known names of people - this is likely a targeted attack;  Or phishing can be really bad with poor spelling and more interest in personal areas of your life and is likely just trying to get another bot added to the hacker's botnet (i.e. to use your PC as a base for future hacking).

Phishing can be prevented by good perimeter email filters but the best way to defend against phishing is user education.

The following points indicate a phishing email and items that can be checked for legitimacy of the email:
 

  • Beware of unknown, unexpected or suspicious originators - if you don't know the entity or person sending the email, treat it cautiously. Even if the email is from a person or an entity you know but the content is out of place or unsolicited, it's still something to be cautious about. Check the 'From' address is from the company, not a random site or a free email service like Gmail or Hotmail.
     
  • Be aware of who the email is addressed to - an indicator could be the 'To' field or the opening greeting.  They'll generally address you personally in the greeting instead of providing a general salutation.
     
  • Verify phone numbers - check any phone numbers that are on the email.  Look up the Website or call the number to see if it exists.
     
  • Beware of bad spelling or grammar - emails from big companies are not going to have spelling mistakes or bad grammar (like verbs out of tense).
     
  • Always check links - many phishing emails point to bogus sites.  Simply changing a letter or two in the link, adding or removing a letter, changing the letter O to a zero or an l to a one completely changes the website you will be directed to.  Hovering your mouse over the link will show you where the link is actually going.

The simple tips described above will help you not fall victim to a phishing attempt.

Loyal I.T. can provide training for you and your team on all aspects of security.  Please contact us on 02 4337 0700 or at security@loyalit.com.au if you would like a training session or further information on how to secure your business from security threats.

Posted in: Security  

Meet our Staff

Posted by Kaylene Giff on 20 February 2020

Loyal I.T. Community


Apart from being known as the leading provider of I.T. solutions to businesses, Loyal I.T. Solutions are also a significant part of the local community. Our charitable commitment teamed with our employee's individual efforts are a constant reminder of how we act out the Loyal I.T. values.

To highlight these efforts, we will be bringing you a blog series for you to get to know the fabulous team that is Loyal I.T. Solutions. To kick things off, let's start with our first point of call...

Stef (Stefanie Cameron)

If you have phoned in or visited our office, you will know Stef; Stef is our receptionist, administrator and co-ordinator. Apart from having a booming smile that comes over big time, even on the phone, she co-ordinates tickets, jobs and technician schedules to ensure customers' requirements are met. Stef came here from Germany a few years ago and we couldn't be happier that she chose an Aussie to spend her life with!

Stef genuinely values our clients and it shows with each and every customer interaction. "Customer Satisfaction is an important code of honour for me. Customer Service has always been the focus and benchmark for my career and with Loyal I.T, it's part of the fabric, so I am loving my work here. I love dealing with clients and with my colleagues and trying my best to keep customers happy".

Loyal I.T. staff have always enjoyed and prided themselves in being involved in community work and Stef is certainly no exception. In Germany, Stef worked with refugees for over 3 years. She was part of a team who organised play groups for children and worked with young adults on apprenticeship programs and activities groups. "I'm still in contact with some of those people and when they tell me they have finished their apprenticeship, gotten a drivers licence or found friends, it makes me incredible happy and proud".

Since relocating to Australia, Stef has been involved through various Loyal I.T. community programs including the Coast Shelter Sleepout (twice-raised over $1,000), donated clothes for women returning to work and given Plasma multiple times. We should also mention that Stef's other community project is their rescue dog Bailey, who since joining the Cameron household, has received plenty of love and attention and a well-needed education in manners.

 

 

Stef is expecting their first bub soon and will be temporarily off the air, which segues us into the next Loyal I.T. employee we would like to introduce you to:

 

Terri (Terri Wilson)

Terri has recently joined Loyal I.T. to take on the Reception duties in Stef's absence.

Terri grew up in Epping but has been a solid fixture on the Central Coast since 1990. Her family have all grown up and moved away.

With previous experience in customer service, accounts and real estate, we are certain that Terri will fit right in to the Loyal I.T. mould "I try to exceed customer expectations by providing high-level communication and I'm not afraid to go above and beyond to ensure minimal disruption for clients and their business."

Terri is looking forward to getting involved in community work with Loyal I.T and is no stranger to supporting charities; she has previously done fundraisers with the Cancer Council and #rally4remedy where she raised approximately $1300.

We look forward to working with Terri - in and out of the office - over the next 12 months!

 

In our next Blog, we'll bring you two more of our fantastic staff members and let you in on a few interesting facts and features about their customer service ethos and community spirit.


LOYAL I.T. - We specialise in I.T. solutions for your business, providing software, hardware, networks, configurations, consulting and support for 15 years.
Our code of honour is LOYALTY, TEAM, CUSTOMER SATISFACTION, INTEGRITY, COMMITMENT, RESPECT, COMMUNICATION, BALANCE, GRATITUDE, COMMUNITY
Posted in: Team News Community  

Supporting the Community that Supports Us

Posted by Maddie McKechnie on 10 July 2019

At Loyal I.T. Solutions, all staff are encouraged to get involved with our local community. It is one of the core values in our Code of Honour, and we have many initiatives for staff to dedicate time or resources to help support the community that supports us. Some of our initiatives include:

Blood and Plasma Donations

Every quarter, a number of staff on our team head down to the local Red Cross to donate blood or plasma. Plasma can be used in 18 different treatments, some of which are relied upon by the friends and family of staff at Loyal I.T. Solutions. This year we've gone hard on the plasma donations and already saved 15 lives with our efforts. Since our Business Development Manager Naomi McCahon started this initiative in 2016, the team has made 44 total donations of blood and plasma, saving over 130 lives.

Million Star Sleepout

The Million Star Sleepout is a one-night campout on a cold, starry night, to help raise funds and awareness for homelessness on the Central Coast. In 2018 we had six members of our team sleeping out at Glenworth Valley and we raised over $11,000 for Coast Shelter - all thanks to our generous clients, partners, and loved ones. 

Canned Food Collection 

Once every month, we'll swap the collared shirts for hoodies and have casual Friday at the Loyal I.T. office. For staff to participate, they must donate a canned or non-perishable item to an ever-growing pile residing in our kitchen. Once there's a decent stockpile, we make the trek a few doors up and pass over all the goods to local housing organisation Coast Shelter for distribution.

Return & Earn

Something you may not know about those who work in I.T. - we drink a LOT of Coca Cola! After seeing the large amount of cans and bottles making their way to the Loyal I.T. recycling bins, our technician Brendan Lewis saw the perfect opportunity to give back to our community. Brendan has set up multiple tubs in our staff kitchen to gather empty cans and bottles, and when full he drops them to a local Return & Earn collection point. The vouchers we receive from Return & Earn are then passed over to local homelessness organisation Coast Shelter. Since implementing this more than a year ago, we have raised over $180 in vouchers - which is a lot of Coke!

The Marilyn Project

Domestic violence is unfortunately an all-too-common reality for many women here on the Central Coast, and those escaping violent situations may do so only with the clothes on their back. The Marilyn Project is a clothing drive arranged by the ladies at Loyal I.T. to pass on business-appropriate clothing to the women in our community who need it most. Whether it's for an interview, ongoing employment, or a rental inspection - The Marilyn Project empowers women with the right clothes for the job.

Work Placement

Loyal I.T. Solutions is happy to host a number of work experience students throughout the year, to help high school students gain an insight on what a career in I.T. is like. We partner with Youth Connections to coordinate Central Coast students to come and join Loyal I.T. for a week, working alongside our onsite technicians to get field experience and have a first-hand look at technical careers.

Community Groups

  • The Opportunity Collective: The Opportunity Collective is a local mentoring initiative aimed at connecting women in our business community to people in senior leadership roles. Loyal I.T.'s Managing Director Mick Goodwin has been a mentor for the past two years of the program, helping to empower local women with professional development and leadership skills.
  • Coast Shelter: Coast Shelter is a Central Coast-based charity that provides crisis accommodation and assistance to those who are homeless or disadvantaged. Mick Goodwin is a board member for Coast Shelter and with headquarters just a few doors up from the Loyal I.T. office, Coast Shelter is central to many of our community initiatives.
  • Gosford/Erina & Coastal Chamber of Commerce: The Gosford/Erina Chamber of Commerce is the voice of our business community. Loyal I.T. Solutions is a gold sponsor of our local Chamber, and our General Manager Michael Trimblett is also a Director on the Chamber's board, helping to advocate for business opportunities and development in our region.
  • Terama Industries: One of the services we offer our clients is free and secure disposal of e-waste, including old computers, printers and networking equipment. E-waste is one of the fastest growing types of waste and as an I.T. company, we see a lot of it. We have our e-waste collected by Terama Industries, a local organisation that employs people with intellectual and physical disabilities.
  • Gosford City Rotary Club: Mick Goodwin is a proud board member of Gosford City Rotary Club, which serves our local region with contributions to local organisations and community projects. He has previously served in the role of President and in 2017 was recognised as a Paul Harris Fellow.

Posted in: Team News Misc IT Community  

Windows 10: Better for Business

Posted by Maddie McKechnie on 30 April 2019

With more than 800 million users, the Windows 10 operating system has had a faster adoption rate than any other version of Windows. It has also recently been crowned as the most popular operating system for desktops, running on 44% of all computers across the globe. 

Windows 10 has kept the familiarity of a classic Windows interface, while achieving major improvements in terms of security, efficiency, and performance. Market research company Forrester has put these claims to the test and discovered the following results:

  • Increased Productivity: Managing your desktop and open programs takes 15-20% less time with Windows 10, helping you work more productively. Features such as Task View let you see all open programs at a glance, so that you can quickly locate the different windows that are required for your tasks.
  • Security Improvements: Windows 10 boasts a 33% reduction rate in security issues and their resolution time. With a firewall and basic antimalware protection built directly into the operating system, Windows 10 delivers additional security features that can assist in keeping your network safe. 
  • Reduced Costs: The ease-of-use of Windows 10 could create up to 15% in cost savings for your business. Windows 10 comes with many self-service help functions as well as built-in troubleshooters for network connections and printers, helping you to quickly resolve common technical issues. Windows 10 is also easier for your I.T. provider to manage, taking less time to install, troubleshoot, and support. 
  • Better Performance: Windows 10 devices can have up to a 75% reduction in boot time compared to a Windows 7 machine, making it much quicker for you to get started with your day.
  • No More Upgrades: Microsoft have announced that Windows 10 will be the last major version of Windows. Rather than releasing a new operating system every few years and requiring all users to upgrade, Microsoft will instead release improvements and new features to Windows 10 on a regular basis through small incremental updates. This means reduced I.T. spending for your business, as machines only have to be replaced due to hardware degradation instead of being replaced to keep up with major software changes.

With Windows 7 becoming end-of-life in January 2020, Microsoft recommend that any Windows 7 devices be replaced with Windows 10 machines in order to avoid security risks and other issues. As PCs originally built with Windows 7 are now running 10-year-old technology, Microsoft advise against installing the Windows 10 software onto these devices, as it can produce significant performance and/or compatability issues.

For more information regarding this announcement from Microsoft, please visit their information guide and FAQ.

You can also read our fact sheet to find out more about the potential risks involved with using Windows 7 devices past January 2020:

Download our fact sheet on the Windows End of Life Announcement:

Posted in: IT IT Consulting Networking Security Computer Software  
< Previous | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Next >

Latest News

The Essential Eight-cyber security mitigation strategy

Aug 19 2020
Before we talk specifically about the The Australian Cyber Security Centre's (ACSC) recomme...

Email contact

help@loyalit.com.au

for enquiries or log a job.

Hi Mick/Josh, Just a brief note to thank you both for your assistance in getting the new Beresfield site up and running.

Bruce was up there this morning and said everyone was pleased and amazed at how everything was up and running with no problems.

So thanks for your great service! Regar...

David Selle
Read All
Bookmark SiteTell a FriendPrint