Author: Michael Terlich
Too big to fail used to apply exclusively to banks and financial services institutions, but now regulators around the world are concerned about a different type of organisation creating systemic risks to the global financial system. As more and more banks move critical processes to the cloud, reliance upon a very small number of dominant cloud service providers is creating risks to operational resilience.
ESET Cybersecurity Awareness Training is specifically designed to educate your workforce—because employees who recognize phishing, avoid online scams and understand internet best practices add a vital layer of protection for your business.
Phishing attacks are growing more sophisticated and are still one of the most common threats to organisations. Phishing can lead to credential theft, unauthorised access to sensitive systems, and data breaches of confidential information. In this guide, we dissect the anatomy of a phishing attack using a real-life case study of a popular social network that was breached through targeted phishing, and how it could have been prevented.
The Australian Cyber Security Centre’s Essential Eight are a prioritised list of mitigation strategies to assist organisations in protecting their systems against a range of adversaries/security attacks. The mitigation strategies can be customised based on each organisation’s risk profile and the adversaries they are most concerned about.
While no single mitigation strategy is guaranteed to prevent cyber security incidents, organisations are recommended to implement eight essential mitigation strategies as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems. Furthermore, implementing the Essential Eight proactively can be more cost-effective in terms of time, money and effort than having to respond to a large-scale cyber security incident.
There is a suggested implementation order for each adversary to assist organisations in building a strong cyber security posture for their systems. Once organisations have implemented their desired mitigation strategies to an initial level, they should focus on increasing the maturity of their implementation such that they eventually reach full alignment with the intent of each mitigation strategy.
Mitigation Strategies to Prevent Malware Delivery and Execution
 Application control to prevent execution of unapproved/malicious programs including .exe, DLL, scripts (e.g. Windows Script Host, PowerShell and HTA) and installers.
Why: All non-approved applications (including malicious code) are prevented from executing.
 Configure Microsoft Office macro settings to block macros from the internet, and only allow vetted macros either in ‘trusted locations’ with limited write access or digitally signed with a trusted certificate.
Why: Microsoft Office macros can be used to deliver and execute malicious code on systems.
 Patch applications e.g. Flash, web browsers, Microsoft Office, Java and PDF viewers. Patch/mitigate computers with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest version of applications.
Why: Security vulnerabilities in applications can be used to execute malicious code on systems.
 User application hardening. Configure web browsers to block Flash (ideally uninstall it), ads and Java on the internet. Disable unneeded features in Microsoft Office (e.g. OLE), web browsers and PDF viewers.
Why: Flash, ads and Java are popular ways to deliver and execute malicious code on systems.
Mitigation Strategies to Limit the Extent of Cyber Security Incidents
 Restrict administrative privileges to operating systems and applications based on user duties. Regularly revalidate the need for privileges. Don’t use privileged accounts for reading email and web browsing.
Why: Admin accounts are the ‘keys to the kingdom’. Adversaries use these accounts to gain full access to information and systems.
 Multi-factor authentication including for VPNs, RDP, SSH and other remote access, and for all users when they perform a privileged action or access an important (sensitive/high-availability) data repository.
Why: Stronger user authentication makes it harder for adversaries to access sensitive information and systems.
 Patch operating systems. Patch/mitigate computers (including network devices) with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest operating system version. Don’t use unsupported versions.
Why: Security vulnerabilities in operating systems can be used to further the compromise of systems.
Mitigation Strategies to Recover Data and System Availability
 Daily backups of important new/changed data, software and configuration settings, stored disconnected, retained for at least three months. Test restoration initially, annually and when IT infrastructure changes.
Why: To ensure information can be accessed following a cyber security incident (e.g. a ransomware incident).
I know you’ve probably received many, many emails re COVID19 over the last few weeks, some useful, some hype and some just plain advertising. The aim of this one, is to give you some helpful information so that you can be ready to work from home, as well as hopefully to help make working at home better and easier if you are already there. Over the last few weeks we’ve helped transition many of you to working from home and most likely more of you will need to do the same.
We know that there are so many things to worry about at the moment for everyone – family, work, how long will this go on for, what plans do we need to make and so on and whilst we can’t change any of this, we can help you to continue to be able to work productively whether that’s from the office or home. We’re on the end of the phone, email, video and chat. Even if you simply just need help getting something working, get in touch and we’ll get you through this transition as easily as possible.
On a personal level, if anyone is quarantined or working from home leaving you isolated from family or friends, we can help you get set up with any of the technology discussed below so that you can stay in touch.
Anyone with access to an internet connection and a PC/MAC/Tablet/Android/iPad can work from anywhere. We know some of you don’t have access to any of these devices, so we can even help you to get your work computer taken home. Please note though, there are certain small pieces of hardware such as small wireless adaptors that might be needed, that have almost completely run out Australia wide so a little bit of lead time may be needed to get hardware you will need.
The landscape is changing by the day e.g. mobile and internet capacity issues are already being experienced in some areas and as more people work from home and more students are kept home, this will worsen. Please get in touch if these things do become a problem for you.
In this email we’ll cover off things like WifiTalk for your mobile phone if you have trouble receiving or making calls at home as you don’t have great coverage, mobile email – access this from any web browser, server and desktop access (RDS and web based), video conferencing to stay in touch with customers and staff, Telegram – a free chat service, browser syncing, headsets, WiFi, VPN’s and offline files and folders for securely accessing your server or desktop, using your office phone on your PC (if you have VoIP phones) and contacting your customers via email and SMS easily. We’ll continue to update you regularly with tips and tricks and technologies we can help with but in the meantime, below are the first items we believe its worth you being aware of.
Do you have trouble receiving or making mobile phone calls from home due to poor mobile coverage? Customers and staff will probably be calling you on your mobile during your work from home time. Have you heard of WiFi Talk?. If you have WiFi for your internet at home, WiFi Talk lets you connect your mobile phone to your home WiFi/internet connection. Your mobile phone and number will now work so that you can make and receive calls and send SMS and MMS using your internet service instead of the mobile network. This is a free service from the phone providers. See the links below for each provider for the instructions on how to set up and use WiFi Talk.
Remember you can access your email via a web browser. How you do this depends on which service you use:
sideEffekt/ITHosting hosted email – in a web browser go to owa.yourdomainname (e.g. if your domain name is city.com.au go to owa.city.com.au) and enter your usual email address and password
Google – in a web browser go to mail.yourdomainname (e.g. if your domain name is city.com.au go to owa.city.com.au) and log in using your normal email address and password
Office365 – in a web browser to go portal.office.com and enter your usual email address and password
If you have RDS servers you can easily connect to these just like you do from the office from any device on an internet connection. We will set up, or send you instructions on how to set up this access. If you don’t have great internet speed but still need to access your files, folders and network, we can set up a VPN for you. You might already be familiar with this but if not, it creates a secure connection between you and your office and works a little better when your internet is not the fastest.
If you have information on your office desktop computer that you need to access from home, we can also set up remote access to that.
You can keep in “personal” touch with your customers and staff easily using Video Conferencing. You can talk, use video and share documents and use many other features to keep in touch with online meetings for just two people or a group. Some staff working from home find that being able to use online meetings makes them feel less isolated and more productive. There are a lot of video conferencing systems out there but from our perspective, the three that best suit most needs are:
Microsoft Teams – note that Microsoft have released full featured services at no extra cost during this COVID19 period. They are also allowing via Cloud Partners such as us, 6 month free trial periods for Teams to allow you to message, video and collaborate with staff and customers for no cost for 6 months. There is no “catch” if at the end of any time during or at the end of six months you don’t wish to continue, it is turned off with no penalty fee.
Google Hangouts – Google have also released full features without extra cost
Zoom – Zoom have actually reduced features a little during this time however is still a good, simple system. Possible privacy issues so might not be the best one if security is of mind.
Chat to us about what you’d like to do and we’ll recommend which one we think will work best for you and your business.
You will probably want to use a bluetooth headset if you’re using online meetings to give better sound quality but also means others who may be at home aren’t disturbed. They’re also really handy if you’re using your mobile phone a lot – keeping your hands free and your neck uncricked! If you’re purchasing headphones or speakers to use voice, video or otherwise there are many brands out there. Below are our preferences for performance. If you have other brands in mind and aren’t sure about them, just ask us.
All of these are available in over the ear and over the head.
Plantronics – Great interaction from this headset. It announces the calls, you can have your phone on silent so as not to disturb others but it will still announce the call through the headset, good quality noise cancelling and call quality
Jabra – Same as Plantronics above
Sennheiser – This is probably the most comfortable of the headsets and does have voice commands but is missing a few of what we feel are the nice features (call announcements, the ability to get notified even if your phone is on silent)
Logitech – A good headset for using in smaller offices and homes with reasonable noise cancelling features, voice commands and call quality.
If you’re like most of us and have lots of bookmarks and favourites in your web browser and find yourself a bit lost when you’re on another device and don’t have access to them, let us know and we’ll show you how to sync your browser so that you can access these no matter which device you’re using. (including your mobile phone)
Have you heard of Telegram? It’s a really good free online chat service where you can message, have a voice call, leave voice messages and send files and attachments via your mobile phone number. Anyone who has signed up for Telegram can be invited to be a contact. You can chat one to one or create groups of people and have group chats. The app can be installed on both your mobile phone and your PC so you never miss notifications. To install, go to Telegram.org to get the app, enter your mobile phone number and name when prompted and you’re away. Any of your contacts in your mobile phone that already use Telegram will not only show in your contact list, but they will receive a notification that you’re now on Telegram as well. We can help you set this up and show you how to use it too.
Did you know that you can use your office VoIP telephone system on your computer so that you can be working from anywhere but still use your office phone system? We simply install an app and configure this as your office phone and you can then make and receive external and internal calls, transfer, put on hold and all of the usual phone system tasks via your PC. This same app can also be installed on your mobile phone.
Do you need a way to contact all of your customers quickly via email or SMS? Let us know and we can sort this out for you.
Lastly, we don’t only give IT advice. If you’re not working and bored Kathy can give you cooking advice too!
As Australians, and considering data sovereignty, control of our data, and privacy, I feel it’s time to put this issue on the radar in our decision making processes.
I can’t help but feel we can no longer trust the international technology giants and overseas governments when it comes to being in control of our data and ensure our data stays safe and private. We can blame no one else if we have data breaches when we haven’t made educated decisions. It turns out it’s not a long stretch to have the rug pulled out from under us (see Donald Trumps actions 17/05/19)
To date I have mostly taken the approach with my own personal internet presence and data that “I have nothing to hide”. What I do in our own business has been different – its key that our private data, and the data we hold for our clients, stays private. Do we trust Google? Do we trust Microsoft? Do we trust Huawei? Do we trust Apple? What public Clouds do we trust or do we keep everything at arms length and stay with on Premises solutions for our clients or our own Private Cloud?
We have been big proponents of the “Cloud” since 2001.
Here at sideEffekt we use a mix of Google Pixel’s, Samsung Galaxy, Apple iPhones and Huawei!
Confidential mode provides built-in information rights management controls in your emails by allowing senders to create expiration dates and revoke previously sent messages. Because a sender can require additional authentication via text message to view an email, it’s also possible to protect data even if a recipient’s email account has been hijacked while the message is active. Additionally, with confidential mode, recipients don’t have the option to forward, copy, print, or download their content or attachments.
This is “crazy stuff!!” See the Motherboard article here Ransomware Forces Two Chemical Companies to Order ‘Hundreds of New Computers’
While there is no single mitigation strategy to guarantee the prevention of cyber security incidents it’s fair to say the basics of securing a network and its resources were most likely not covered off appropriately by these two organisations.