'Bulletproof' solution to remote access security.

Posted by Michael Trimblett on 8 December 2020

One of the Essential Eight in Business Cyber Security

Multi-Factor Authentication (MFA) is typically described as a bulletproof solution to remote access security.

It is an effective way to add an additional security 'gate' to deter unwanted access to remote databases or sensitive information. Many of you may already have seen some version of MFA when you log into your bank account or when you re-log into your email account (such as Office 365) - once you have logged in with your username and password, you are then sent a text and asked to enter the code.

The Essential Eight guide defines that MFA is for VPNs, RDP, SSH and other technologies, and for all users when they perform a privileged action or access an important (sensitive/high-availability) data repository. Why?: Stronger user authentication makes it harder for adversaries to access sensitive information and systems.

The Small business cyber security guide defines it as a security measure that requires two or more proofs of identity to grant you access; Multi-factor authentication (MFA) typically requires a combination of something the user knows (i.e. something you know), something the user physically possesses (i.e. something you have) and/or something the user inherently possesses (i.e. something you are).

 

Examples of the three categories of identification could be:

Something you know:

  • PIN
  • Username/password
  • A secret question and answer

Something you have:

  • Card
  • Token
  • Random PIN sent to your phone

Something you are:

  • Fingerprint
  • Face scanning
  • Voice recognition
  • Iris scanning
  • Retina scanning

 

Most remote access security comes down to something you know; and that something is almost always a password. In creating a password, both length and complexity used together is the best defence. Length is perhaps more important (mathematically) from a time point of view. It will take less time to crack a 6 character letter, number and special character password than it will for a 16 character letter and number only password. It's also best not to do "keyboard walks" in password creation because every cracker will have them in their password lists. (Keyboard walking is simply typing in straight lines up and down the keyboard).

 

Our recommendations

Because the first factor in remote access security authentication is vulnerable (i.e. usually a password), then it's essential to have a second or even third authentication factor.

However, implementing multi-factor authentication can be a hindrance to users as it can slow down the access to the system. There is always a balance between security and usability. There is a curve that we look to when making decisions and recommendations about the balance. Our advice is that MFA should be implemented and we also know how to determine the right combination of MFA versus user's tolerances.

Loyal I.T. Solutions can help your business set up multi-factor authentication for services that support this technology.

 

I.T. hardware; essential for security and productivity

Posted by Michael Trimblett on 21 October 2020

Governments and authorities in Australia are escalating their focus on cyber-security, including introducing more guidance, advice and mandatory reportable incidents.

If your organisation is covered by the Privacy Act 1988, then the NDB (Notifiable Data Breach) scheme applies. In simple terms, any suspected or known cyber attack must be notified to affected individuals and the OAIC (Office of the Australian Information Commission).

The real aim though is to mitigate the risk of cyber attack and remember, apart from the likes of phishing and ransomeware; the other common attack is the simple theft of a customer database, which among other things contains names and passwords - this might seem harmless enough, but in the hands of the seasoned cyber criminals, that info gives them a shot at hacking your and your customer's accounts.

In our recent blog, we talked about the Essential Eight cyber security mitigation strategy; this is a strategy that ALL businesses should have in place. 

One of the most understated essentials for cyber security is having up-to-date hardware (laptops, desktops, servers etc). I.T. hardware becomes more vulnerable the older it gets and cyber crime is essentially random - the perpetrators are looking for the easiest targets. They use software over the web that, among other things, identifies the type and age of hardware and if it's over a couple of years old, they know all the vulnerabilities. A bit like a car thief and an older model car. 

Click here to view Loyal I.T.'s fact sheet flyer about the importance of having up-to-date hardware.

If you have any questions or concerns about the age or vulnerability of your I.T. hardware, please contact Kaylene or myself by email or call us on (02) 4337 0700.

To wrap it up, here's some facts and figures to re-emphasise the ever present threat; a small to medium sized business is just as attractive to cyber criminals as a large 'big prize' corporation. Just like a corner store or service station is just as vulnerable or attractive to criminals as is a big bank.

Some revelations from the survey How Australian Small Businesses Understand Cyber Security:

  • $29 billion lost by small businesses every year
  • Nearly 50 per cent of SMB's under-spend on IT security annually
  • One in five small businesses use outdated equipment and operating systems
  • Low implementation rate of an effective mitigation strategies

The latest NDB report indicates that 64% of reported breaches were Malicious or Criminal Attacks. Malicious or criminal attacks is broken down to:

  • Phishing - 24%
  • Compromised or stolen credentials - 22%
  • Theft of paperwork or data storage device - 12%
  • Rogue employee/insider - 12%
  • Social engineering/impersonation - 9%
  • Malware - 7%
  • Ransomware - 4%
  • Brute force attack - 4%
  • Hacking - 4%
  • Other - 2%

The same report highlighted the top 5 industries being attacked the most-

  • Health service providers
  • Finance
  • Legal, accounting and management services
  • Education
  • Personal services

Loyal I.T. has extensive experience in supplying, setting up, installing and maintaining business I.T. hardware (as well as software, systems and managed services).

 

 

 

 

 

Posted in: Computer hardware Services Security IT IT Consulting Networking Security Computer Software  

The Essential Eight-cyber security mitigation strategy

Posted by Michael Trimblett on 19 August 2020

Before we talk specifically about the The Australian Cyber Security Centre's (ACSC) recommended Essential Eight-cyber security mitigation strategy; let's put the situation in perspective.

Reports are continuing to reveal facts and stats on cyber security that are increasingly alarming for small and medium sized businesses (SMB's). There are more incidents and more dollars being lost than ever before. Let me take you through a few points.

Recently, The Australian Cyber Security Centre (ACSC) published the Small Business Survey Report: How Australian Small Businesses Understand Cyber Security. They received over 1700 responses. Some of the revelations from the survey are:

  • $29 billion is lost by small businesses every year
  • Nearly 50 per cent of SMB's under-spend on IT security annually
  • One in five small businesses that use Windows have an operating system that stopped receiving security updates in January 2020
  • Many businesses had incomplete or too little implementation of the Eight Mitigation Strategies

 

The latest Notifiable Data Breaches report indicates a rise in breaches (as reported under the guidelines for mandatory reporting). In the period July to December 2019, the main categories of reported breaches were:

  • 64% - Malicious or criminal attacks (including phishing, theft by insiders or outsiders, social engineering, malware, ransomware)
  • 32% - Human error
  • 4% - System fault

 

The same report highlighted the top 5 industries being attacked the most:

  • Health service providers
  • Finance
  • Legal, accounting and management services
  • Education
  • Personal services

 

It's no secret that I have a passion for auditing, analysing and developing & implementing strategies for cybersecurity mitigation. If I was to hone in on one 'go to' mitigation strategy, it would be the Essential Eight. It is a relatively easy to understand, 8 point strategy that in its whole, cover's all angles for cyber security.

The 8 essential points are under 3 distinct defensive lines:

Mitigation Strategies to Prevent Malware Delivery and Execution 

  • Application control; 
  • Configure Microsoft Office macro settings; 
  • Patch applications; 
  • User application hardening

Mitigation Strategies to Limit the Extent of Cyber Security Incidents

  • Restrict administrative privileges; 
  • Multi-factor authentication; 
  • Patch operating systems

Mitigation Strategies to Recover Data and System Availability

  • Effective back-up regime

The first and most blatant revelation here is that standard anitvirus software hardly gets a mention. An effective strategy is more behavioural and tangiable than it is digital and automated. And just like a business's physical premises needs a lot more than just locks on a door, a business's I.T. and data require many angles for effective cyber security.

If you have any concerns or ideas for your cyber security risk mitigation or even if you are not sure what you don't know, please give us a call for a no obligation discussion (on 02 4337 0700) or email me.

.....and here are some parting insights from the above mentioned ACSC survey.....

The most common barriers identified for small business owners to implement good cyber security practices are:

  • A lack of dedicated I.T. staff;
  • Complexity & self-efficacy;
  • Planning & responding;
  • Underestimating the risk of cyber security incidents
Posted in: Services Security IT IT Consulting Networking Security Computer Software  

Phishing Emails - Don't Get Caught!

Posted by Kaylene Giff on 11 May 2020

Have you been a victim of phishing?

Do you know how to recognise a phishing email?

 

Now that so many of us are working from home and other locations, the threat is becoming more prevalent with over 7,000 phishing scams reported in 2020 so far.

Phishing is the simplest and most common method of computer-based social engineering.  A phishing attack involves crafting an email that appears legitimate but in fact contains links to fake websites or to download malicious content.  The email can appear to come from a bank, credit card company, utility company, or any other number of legitimate business interests a person may work with.  The links contained within the e-mail lead the user to a fake web form in which the information is entered and saved for the hacker's use.

Phishing can either be really good, such as perfect spelling, using insider information like specific clients or projects or known names of people - this is likely a targeted attack;  Or phishing can be really bad with poor spelling and more interest in personal areas of your life and is likely just trying to get another bot added to the hacker's botnet (i.e. to use your PC as a base for future hacking).

Phishing can be prevented by good perimeter email filters but the best way to defend against phishing is user education.

The following points indicate a phishing email and items that can be checked for legitimacy of the email:
 

  • Beware of unknown, unexpected or suspicious originators - if you don't know the entity or person sending the email, treat it cautiously. Even if the email is from a person or an entity you know but the content is out of place or unsolicited, it's still something to be cautious about. Check the 'From' address is from the company, not a random site or a free email service like Gmail or Hotmail.
     
  • Be aware of who the email is addressed to - an indicator could be the 'To' field or the opening greeting.  They'll generally address you personally in the greeting instead of providing a general salutation.
     
  • Verify phone numbers - check any phone numbers that are on the email.  Look up the Website or call the number to see if it exists.
     
  • Beware of bad spelling or grammar - emails from big companies are not going to have spelling mistakes or bad grammar (like verbs out of tense).
     
  • Always check links - many phishing emails point to bogus sites.  Simply changing a letter or two in the link, adding or removing a letter, changing the letter O to a zero or an l to a one completely changes the website you will be directed to.  Hovering your mouse over the link will show you where the link is actually going.

The simple tips described above will help you not fall victim to a phishing attempt.

Loyal I.T. can provide training for you and your team on all aspects of security.  Please contact us on 02 4337 0700 or at security@loyalit.com.au if you would like a training session or further information on how to secure your business from security threats.

Posted in: Security  

Meet our Staff

Posted by Kaylene Giff on 20 February 2020

Loyal I.T. Community


Apart from being known as the leading provider of I.T. solutions to businesses, Loyal I.T. Solutions are also a significant part of the local community. Our charitable commitment teamed with our employee's individual efforts are a constant reminder of how we act out the Loyal I.T. values.

To highlight these efforts, we will be bringing you a blog series for you to get to know the fabulous team that is Loyal I.T. Solutions. To kick things off, let's start with our first point of call...

Stef (Stefanie Cameron)

If you have phoned in or visited our office, you will know Stef; Stef is our receptionist, administrator and co-ordinator. Apart from having a booming smile that comes over big time, even on the phone, she co-ordinates tickets, jobs and technician schedules to ensure customers' requirements are met. Stef came here from Germany a few years ago and we couldn't be happier that she chose an Aussie to spend her life with!

Stef genuinely values our clients and it shows with each and every customer interaction. "Customer Satisfaction is an important code of honour for me. Customer Service has always been the focus and benchmark for my career and with Loyal I.T, it's part of the fabric, so I am loving my work here. I love dealing with clients and with my colleagues and trying my best to keep customers happy".

Loyal I.T. staff have always enjoyed and prided themselves in being involved in community work and Stef is certainly no exception. In Germany, Stef worked with refugees for over 3 years. She was part of a team who organised play groups for children and worked with young adults on apprenticeship programs and activities groups. "I'm still in contact with some of those people and when they tell me they have finished their apprenticeship, gotten a drivers licence or found friends, it makes me incredible happy and proud".

Since relocating to Australia, Stef has been involved through various Loyal I.T. community programs including the Coast Shelter Sleepout (twice-raised over $1,000), donated clothes for women returning to work and given Plasma multiple times. We should also mention that Stef's other community project is their rescue dog Bailey, who since joining the Cameron household, has received plenty of love and attention and a well-needed education in manners.

 

 

Stef is expecting their first bub soon and will be temporarily off the air, which segues us into the next Loyal I.T. employee we would like to introduce you to:

 

Terri (Terri Wilson)

Terri has recently joined Loyal I.T. to take on the Reception duties in Stef's absence.

Terri grew up in Epping but has been a solid fixture on the Central Coast since 1990. Her family have all grown up and moved away.

With previous experience in customer service, accounts and real estate, we are certain that Terri will fit right in to the Loyal I.T. mould "I try to exceed customer expectations by providing high-level communication and I'm not afraid to go above and beyond to ensure minimal disruption for clients and their business."

Terri is looking forward to getting involved in community work with Loyal I.T and is no stranger to supporting charities; she has previously done fundraisers with the Cancer Council and #rally4remedy where she raised approximately $1300.

We look forward to working with Terri - in and out of the office - over the next 12 months!

 

In our next Blog, we'll bring you two more of our fantastic staff members and let you in on a few interesting facts and features about their customer service ethos and community spirit.


LOYAL I.T. - We specialise in I.T. solutions for your business, providing software, hardware, networks, configurations, consulting and support for 15 years.
Our code of honour is LOYALTY, TEAM, CUSTOMER SATISFACTION, INTEGRITY, COMMITMENT, RESPECT, COMMUNICATION, BALANCE, GRATITUDE, COMMUNITY
Posted in: Team News Community  
< Previous | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Next >

Latest News

'Bulletproof' solution to remote access security.

Dec 08 2020
One of the Essential Eight in Business Cyber Security Multi-Factor Authentication (MFA) is ty...

Email contact

help@loyalit.com.au

for enquiries or log a job.

After working with Loyal I.T. for several years in our very busy medical practice I can confidently assure any future customers that Loyal I.T. never fails to deliver a Quality, Reliable and Professional service, that allows us to have peace of mind and confidence, in such a technology driven age.

Gina Bond
Read All
Bookmark SiteTell a FriendPrint