What do dating and romance have in common with IT and cyber security?
Probably not the opening you’d expect from a cyber security provider in Perth, right?
But back to the question – and more importantly, the answer. Which is, well, quite a lot.
Be it searching, messaging, exchanging contact details, or sharing private information, the realms of dating and IT share a lot of common ground. Specifically knowing who – and what – to trust.
Now, if you’re thinking ‘Wow, Office Solutions IT are really entering into new markets we’re not. This isn’t an article about dating. Let’s be honest, you’d know better than to ask a bunch of IT geeks for dating advice. Instead, we’ll stick to what we are good at. Like helping you – and your business – to avoid scams, so you can stay safe online.
So why are we talking about dating and IT? Well, it’s because they both feature prominently in the ACCC’s Little Black Book of Scams.
Let’s cut to the chase for a second. It’s common knowledge that we are susceptible to hundreds and thousands of scams every day. They are everywhere. From your inbox to your social feeds. And don’t even think about opening up that junk mail folder. It’s scary stuff.
It’s also common to hear of the millions of dollars scams cost Australians, businesses and the economy every year. So, why does it happen?
Have we become a little complacent? Or have the hefty sums involved and scare statistics lost their effect? In all seriousness, we’d be keen to hear your thoughts on this topic in the comments below.
What is scary is that scams are here to stay. And the rate of small and medium businesses falling victim is on the up. We know. Our cyber security specialists see it every week. And it's not just financial damage here – it’s the emotional stuff too. Having your personal reputation, your brand or your identity stolen can be devasting.
So, how can you avoid scams?
Well, removing them altogether is nearly impossible. But the good news is, that not falling victim to them isn’t hard either.
Yes, some scams are incredibly sophisticated and can lure even the most technically proficient into an ill-fated tap of the thumb. However, the vast majority are simple to avoid. All it takes is a little know-how – and it starts with arming yourself with a little cyber security insight. And you don’t have to go far to get it. In fact, it’s something that the Australian Competitor and Consumer Commission’s pocket-sized guide on scams does for you. And it’s right here.
While originally released back in 2016, the content remains very much applicable today. Better yet, the ACCC has done a great job of making the content easy to read, so you don’t need an IT degree to understand the recommended tips and suggestions to help keep your business safe.
It covers the basics of how scams work, examples of each and the methods you can use to protect yourself.
It also gives you a broad snapshot of:
· the most common scams to watch out for;
· the different ways scammers can contact you;
· the tools scammers use to trick you;
· the warning signs; and
· where you can find help.
Download your copy at the ACCC website here.
To save you from a double-up of reading (and us from an expensive plagiarism lawsuit), we’ll leave The Little Black Book of Scams to cover the basics. But here’s a quick summary of six common scams targeting:
- computers and mobile devices
- identify theft; and
- small businesses.
We’ve even thrown in eight golden rules you can follow to help protect your data, finances and business from falling into the wrong hands.
Common scams targeting computers, mobile devices, your Identity and your businesses
1. Keyloggers:
A keylogger is a type of virus that is unknowingly installed on your device to record the keys you strike on your keyboard – specifically the login details of your online accounts. This data is then shared with the cybercriminal who could access and take ownership of your email and online banking accounts.
2. Brute Force Attacks:
A brute force attack is a fancy name for a bit of software that automatically generates millions of password combinations in the hope of breaking into your online accounts through an exhaustive trial and error-effort. Sadly, for a hacker clicking a button to get it started doesn’t require much effort at all.
3. Ransomware:
Perhaps the most popular in recent times. Ransomware is another form of malware that is designed to block access to your data until a ransom has been paid.
4. Spam Email & Phishing:
Spam email is the electronic version of the leaflets that get deposited into your mailbox. However instead of every week, it can happen thousands of times a day. Like the leaflets, spam is annoying and most of it is harmless unless it’s part of a phishing scam. Phishing is a practice cyber criminals use to pose as a legitimate organisation to extract sensitive and personal information from you, such as credit card information, tax file numbers and passwords.
5. Payment redirection:
Cybercriminals know small and medium businesses are busy by nature - and use this to their advantage. Payment redirection typically starts when an email account has unknowingly been compromised by a hacker. The hacker will then intercept a conversation between your accounts payable and a payee to ‘update their payment details and ask that all future payments are processed accordingly.’
6. False Billing:
Similar in fashion to payment redirection, hackers may compromise your supplier’s email account to later issue you with false invoices and updated bank details.
8 Golden rules to protect your data, finances and business from costly downtime
1. Maintenance and updates
Contact your IT department to arrange ongoing routine audits, tests and updates, across every aspect of your IT environment. This includes backup restoration tests and updates to your operating systems and essential anti-virus systems.
2. Use a password manager. Please.
Using a unique and complex password for every single online account is easier said than done. This is why we suggest using a password manager that does all the complex password-creating, remembering and typing for you. It even syncs across all of your devices, so you’ll have access to all of your complex passwords everywhere you go, and better yet, you won’t have to spend 5 minutes typing them out every time you want to log in.
3. Install Two Factor Authentication
Combating brute force attacks and malware such as keyloggers is made easier with Two-Factor Authentication. Also known as ‘ugh I have to enter an extra code after entering my password’, Two Factor Authentication provides an extra layer of security when you log into your online accounts. The truth is, yes, you’ll need to spend a few extra seconds once a month to enter a code to verify your identity, but it also means you can relax knowing your data is protected, even if your password is compromised.
4. Don’t Open Attachments
Perhaps a little extreme. But in all seriousness, unless you are 110% certain of the contents of an email attachment. Do not open attachments or click on links within emails – especially if they are from an unknown source. It’s much safer to hit delete.
5. Secure Web Browsing and shopping
Phishing scams are becoming more sophisticated, often almost identical replicas of popular websites are created in an attempt to capture your data. Prior to logging in to, or making a purchase from, your online accounts, be sure to take a peek in the address bar of your web browser to ensure it matches the name of the website you are visiting. While you are there also check to ensure the website address is secure and displays an https:// and a padlock icon.
6. Verify, Verify and Verify Again
If you have received an email, letter, instant message or any form of communication requesting an update to payment details call the payee/organisation/team member to verify their request, so you don’t become the next victim of payment.
7. Always be suspicious
The best tip is to always be suspicious! Think twice about clicking, sharing, or opening an unknown email and if you’re ever in doubt, just press delete. It’s unlikely you’re going to cause more disruption by deleting an email than opening the wrong one.
8. In case of emergency
If you suspect your security has been breached, turn off your computer, speak to your manager and contact your IT support team immediately.
Conclusion
On page 6 of The Little Black Book, the ACCC states “The best way to protect yourself is through awareness and education”. And we couldn’t agree more.
Complex systems, anti-virus software and the latest breach detection algorithms are all well and good, but if the wrong user matches up with the wrong email…well, even we know that’s a date with your IT provider you’d rather avoid.
Here’s a date you - and your business - won’t want to miss
Join our cyber security specialists as they host a free and informal Cyber Security Seminar on Wednesday, May 29th, so you - and your team - can walk away with the skills to protect your business, identify malicious emails and manage security risks. Seats are limited.
