There’s no doubt that cybercrime is big business, with a recent study by Dr. Michael McGuire revealing that cybercrime revenues total an estimated $1.5 trillion annually. Considering these numbers, it’s no surprise that incidents of cybercrime are on the rise across the globe, including in Australia. In 2016, Australia saw cybercrime incidents doubling, with another drastic increase of 25% in 2017. This is particularly worrying for small and medium business owners, who are acutely vulnerable to cybercrime because they often lack the financial or IT resources necessary to deal with it.
As this intangible threat grows, users and companies need to take steps to ensure they are safe from future cyber attacks.
Simple tips to protect yourself from cybercriminals
Be careful what you click on
Whether it’s a banner ad on a website, or a link to a “Windows” update in your email inbox, you need to be cautious about what you click on. Hackers will take advantage of you to run malicious code, malware or install trojans, so they can access your system and your data.
Ensure you have strong passwords
If you use passwords like “123456” or “password” to secure your data, you’re asking for trouble. Cybercriminals will begin with passwords like these due to how frequently they are used.
The Missing Link recommends that you make use of the following criteria when choosing a password:
- Your password should be a minimum of 12 characters.
- It should consist of numbers, symbols, capital letters and lower-case letters.
- Avoid dictionary words, dictionary word combinations, and obvious substitutions.
- Best practice would be to setup a complex master password for the password manager that controls all other passwords.
Regularly update your software
If you’re lucky, software developers will find holes in their software and fix them before someone takes advantage. Unfortunately, sometimes software developers only become aware of vulnerabilities in their systems after someone has exploited them. In these scenarios, updating your software will protect you against future attacks.
Don't reveal too much on your social media profiles
People regularly share personal information such as birthdays, favourite hobbies or foods on their social media channels. This information is likely linked to their social media passwords. Knowing this, hackers will trawl your social media looking for clues that they can use to guess your passwords.
Be careful when asked for your personal data
Cybercriminals are becoming increasingly skilled at spoofing (cloning) websites, making it difficult to tell the difference between a fake page and the real thing at first glance. These pages are used to trick users into sharing their private information.
You can avoid falling victim to a spoofed site in the following ways:
- Check the URL — Check the URL in the address bar for anything out of the ordinary. For example, an attacker might try to spoof apple.com using app1e.com.
- Confirm the source of the URL — Did you enter the address manually, or did you click the link on an email? Cybercriminals take advantage of the fact that users often incorrectly type in addresses to steal their information, or send phishing emails with links to achieve the same goal.
- Check the SSL/TLS certificate of the site — The most advanced form of SSL/TLS, Extended Validation (EV) SSL will display the company name in the address bar. Many major brands take advantage of this since their websites are often spoofed.
- Check if the address is a homograph — Certain language character sets are interpreted by browsers as certain English characters. It’s only by copying and pasting the address into another address bar, or by looking at the certificate info, that you’ll be able to identify that the URL is being faked.
- Look for a trust seal — Third parties review the security of websites and offer a seal of certification to websites that meet their criteria. For example, our preferred partner Entrust.
Protect yourself against social engineering attacks
Social engineering is when cybercriminals manipulate users into performing actions or revealing sensitive information. They exploit the weaknesses inherent in each of us, like fear, hope, love and greed, and can often be simple yet devastatingly costly for businesses. The Missing Link provides 10 steps on how to avoid these nefarious attacks.
Take advantage of a security suite
Windows operating systems come with basic firewall and antivirus tools, but additional security might be found in a security suite. However, it’s important to choose the right one, as an ex-Mozilla developer claimed certain antivirus tools can cause as many problems as they supposedly fix. To ensure you’re properly covered in the event of attack, it’s a good idea to install next-gen firewalls and anti-viruses.
Make local and off-site backups
Advanced users who make backups are usually great at doing either local or off-site backups, but whether it’s due to forgetfulness or lack of resources, they often don’t do both. Remember that to protect your company’s data and systems, you need the redundancy of both backups.
Ensure SSL certificate validation is enabled
Where SSL/TLS was once only used by websites such as banks or online stores which regularly processed personal data, websites across the globe are increasingly taking advantage of encryption. However, the same basic idea applies as it did in the past: if a website is processing your personal data, make sure it is SSL certified.
Enforce an internet usage policy
The reality is that certain types of websites are more likely to infect a machine with malware than others. The first step is to configure your network so that all internet traffic runs through a centralised server. This will allow you to filter traffic and block people from accessing risky sites, such as pornographic, file-sharing and illegal streaming sites, thereby reducing the likelihood that an employee accidentally infects your systems with a virus or malware.
Take advantage of DRaaS
Companies that are exploring their disaster recovery options, or looking to reduce costs around their current disaster recovery solution, should take advantage of our Disaster Recovery as a Service (DRaaS). DRaaS leverages the power of the cloud to provide redundancy for your systems, either by running your systems off the cloud itself, by mirroring them, or a combination of both. Should a hacker strike, these options will help keep downtime to an absolute minimum. The Missing Link also offers specialist cyber security services which mitigates the chances of your business being compromised, you can talk to one of security specialists to assess your needs.
Is your business prepared for an IT disaster?
These tips will help you improve your company’s defences against cyber-criminals and ensure your business doesn’t become a victim to a cyber attack, but is your business prepared for other IT problems that could cripple it? To find out if your business is disaster-ready, be sure to check out our interactive tool here.
