Multi-Factor Authentication (MFA) is typically described as a bulletproof solution to remote access security.
It is an effective way to add an additional security 'gate' to deter unwanted access to remote databases or sensitive information. Many of you may already have seen some version of MFA when you log into your bank account or when you re-log into your email account (such as Office 365) - once you have logged in with your username and password, you are then sent a text and asked to enter the code.
The Essential Eight guide defines that MFA is for VPNs, RDP, SSH and other technologies, and for all users when they perform a privileged action or access an important (sensitive/high-availability) data repository. Why?: Stronger user authentication makes it harder for adversaries to access sensitive information and systems.
The Small business cyber security guide defines it as a security measure that requires two or more proofs of identity to grant you access; Multi-factor authentication (MFA) typically requires a combination of something the user knows (i.e. something you know), something the user physically possesses (i.e. something you have) and/or something the user inherently possesses (i.e. something you are).
Examples of the three categories of identification could be:
Something you know:
Something you have:
Something you are:
Most remote access security comes down to something you know; and that something is almost always a password. In creating a password, both length and complexity used together is the best defence. Length is perhaps more important (mathematically) from a time point of view. It will take less time to crack a 6 character letter, number and special character password than it will for a 16 character letter and number only password. It's also best not to do "keyboard walks" in password creation because every cracker will have them in their password lists. (Keyboard walking is simply typing in straight lines up and down the keyboard).
Because the first factor in remote access security authentication is vulnerable (i.e. usually a password), then it's essential to have a second or even third authentication factor.
However, implementing multi-factor authentication can be a hindrance to users as it can slow down the access to the system. There is always a balance between security and usability. There is a curve that we look to when making decisions and recommendations about the balance. Our advice is that MFA should be implemented and we also know how to determine the right combination of MFA versus user's tolerances.
Loyal I.T. Solutions can help your business set up multi-factor authentication for services that support this technology.
Governments and authorities in Australia are escalating their focus on cyber-security, including introducing more guidance, advice and mandatory reportable incidents.
If your organisation is covered by the Privacy Act 1988, then the NDB (Notifiable Data Breach) scheme applies. In simple terms, any suspected or known cyber attack must be notified to affected individuals and the OAIC (Office of the Australian Information Commission).
The real aim though is to mitigate the risk of cyber attack and remember, apart from the likes of phishing and ransomeware; the other common attack is the simple theft of a customer database, which among other things contains names and passwords - this might seem harmless enough, but in the hands of the seasoned cyber criminals, that info gives them a shot at hacking your and your customer's accounts.
In our recent blog, we talked about the Essential Eight cyber security mitigation strategy; this is a strategy that ALL businesses should have in place.
One of the most understated essentials for cyber security is having up-to-date hardware (laptops, desktops, servers etc). I.T. hardware becomes more vulnerable the older it gets and cyber crime is essentially random - the perpetrators are looking for the easiest targets. They use software over the web that, among other things, identifies the type and age of hardware and if it's over a couple of years old, they know all the vulnerabilities. A bit like a car thief and an older model car.
Click here to view Loyal I.T.'s fact sheet flyer about the importance of having up-to-date hardware.
If you have any questions or concerns about the age or vulnerability of your I.T. hardware, please contact Kaylene or myself by email or call us on (02) 4337 0700.
To wrap it up, here's some facts and figures to re-emphasise the ever present threat; a small to medium sized business is just as attractive to cyber criminals as a large 'big prize' corporation. Just like a corner store or service station is just as vulnerable or attractive to criminals as is a big bank.
Some revelations from the survey How Australian Small Businesses Understand Cyber Security:
The latest NDB report indicates that 64% of reported breaches were Malicious or Criminal Attacks. Malicious or criminal attacks is broken down to:
The same report highlighted the top 5 industries being attacked the most-
Loyal I.T. has extensive experience in supplying, setting up, installing and maintaining business I.T. hardware (as well as software, systems and managed services).
|Posted in: Computer hardware Services Security IT IT Consulting Networking Security Computer Software|
Before we talk specifically about the The Australian Cyber Security Centre's (ACSC) recommended Essential Eight-cyber security mitigation strategy; let's put the situation in perspective.
Reports are continuing to reveal facts and stats on cyber security that are increasingly alarming for small and medium sized businesses (SMB's). There are more incidents and more dollars being lost than ever before. Let me take you through a few points.
Recently, The Australian Cyber Security Centre (ACSC) published the Small Business Survey Report: How Australian Small Businesses Understand Cyber Security. They received over 1700 responses. Some of the revelations from the survey are:
The latest Notifiable Data Breaches report indicates a rise in breaches (as reported under the guidelines for mandatory reporting). In the period July to December 2019, the main categories of reported breaches were:
The same report highlighted the top 5 industries being attacked the most:
It's no secret that I have a passion for auditing, analysing and developing & implementing strategies for cybersecurity mitigation. If I was to hone in on one 'go to' mitigation strategy, it would be the Essential Eight. It is a relatively easy to understand, 8 point strategy that in its whole, cover's all angles for cyber security.
The 8 essential points are under 3 distinct defensive lines:
Mitigation Strategies to Prevent Malware Delivery and Execution
Mitigation Strategies to Limit the Extent of Cyber Security Incidents
Mitigation Strategies to Recover Data and System Availability
The first and most blatant revelation here is that standard anitvirus software hardly gets a mention. An effective strategy is more behavioural and tangiable than it is digital and automated. And just like a business's physical premises needs a lot more than just locks on a door, a business's I.T. and data require many angles for effective cyber security.
If you have any concerns or ideas for your cyber security risk mitigation or even if you are not sure what you don't know, please give us a call for a no obligation discussion (on 02 4337 0700) or email me.
.....and here are some parting insights from the above mentioned ACSC survey.....
The most common barriers identified for small business owners to implement good cyber security practices are:
|Posted in: Services Security IT IT Consulting Networking Security Computer Software|
Now that so many of us are working from home and other locations, the threat is becoming more prevalent with over 7,000 phishing scams reported in 2020 so far.
Phishing is the simplest and most common method of computer-based social engineering. A phishing attack involves crafting an email that appears legitimate but in fact contains links to fake websites or to download malicious content. The email can appear to come from a bank, credit card company, utility company, or any other number of legitimate business interests a person may work with. The links contained within the e-mail lead the user to a fake web form in which the information is entered and saved for the hacker's use.
Phishing can either be really good, such as perfect spelling, using insider information like specific clients or projects or known names of people - this is likely a targeted attack; Or phishing can be really bad with poor spelling and more interest in personal areas of your life and is likely just trying to get another bot added to the hacker's botnet (i.e. to use your PC as a base for future hacking).
Phishing can be prevented by good perimeter email filters but the best way to defend against phishing is user education.
The following points indicate a phishing email and items that can be checked for legitimacy of the email:
The simple tips described above will help you not fall victim to a phishing attempt.
Loyal I.T. can provide training for you and your team on all aspects of security. Please contact us on 02 4337 0700 or at firstname.lastname@example.org if you would like a training session or further information on how to secure your business from security threats.
|Posted in: Security|
Apart from being known as the leading provider of I.T. solutions to businesses, Loyal I.T. Solutions are also a significant part of the local community. Our charitable commitment teamed with our employee's individual efforts are a constant reminder of how we act out the Loyal I.T. values.
To highlight these efforts, we will be bringing you a blog series for you to get to know the fabulous team that is Loyal I.T. Solutions. To kick things off, let's start with our first point of call...
If you have phoned in or visited our office, you will know Stef; Stef is our receptionist, administrator and co-ordinator. Apart from having a booming smile that comes over big time, even on the phone, she co-ordinates tickets, jobs and technician schedules to ensure customers' requirements are met. Stef came here from Germany a few years ago and we couldn't be happier that she chose an Aussie to spend her life with!
Stef genuinely values our clients and it shows with each and every customer interaction. "Customer Satisfaction is an important code of honour for me. Customer Service has always been the focus and benchmark for my career and with Loyal I.T, it's part of the fabric, so I am loving my work here. I love dealing with clients and with my colleagues and trying my best to keep customers happy".
Loyal I.T. staff have always enjoyed and prided themselves in being involved in community work and Stef is certainly no exception. In Germany, Stef worked with refugees for over 3 years. She was part of a team who organised play groups for children and worked with young adults on apprenticeship programs and activities groups. "I'm still in contact with some of those people and when they tell me they have finished their apprenticeship, gotten a drivers licence or found friends, it makes me incredible happy and proud".
Since relocating to Australia, Stef has been involved through various Loyal I.T. community programs including the Coast Shelter Sleepout (twice-raised over $1,000), donated clothes for women returning to work and given Plasma multiple times. We should also mention that Stef's other community project is their rescue dog Bailey, who since joining the Cameron household, has received plenty of love and attention and a well-needed education in manners.
Stef is expecting their first bub soon and will be temporarily off the air, which segues us into the next Loyal I.T. employee we would like to introduce you to:
Terri has recently joined Loyal I.T. to take on the Reception duties in Stef's absence.
Terri grew up in Epping but has been a solid fixture on the Central Coast since 1990. Her family have all grown up and moved away.
With previous experience in customer service, accounts and real estate, we are certain that Terri will fit right in to the Loyal I.T. mould "I try to exceed customer expectations by providing high-level communication and I'm not afraid to go above and beyond to ensure minimal disruption for clients and their business."
Terri is looking forward to getting involved in community work with Loyal I.T and is no stranger to supporting charities; she has previously done fundraisers with the Cancer Council and #rally4remedy where she raised approximately $1300.
We look forward to working with Terri - in and out of the office - over the next 12 months!
In our next Blog, we'll bring you two more of our fantastic staff members and let you in on a few interesting facts and features about their customer service ethos and community spirit.
|Posted in: Team News Community|
for enquiries or log a job.