We’ve been prepping for this for a while now. No more scare tactics. No more warnings.
In the last 30 days you’ve no doubt seen the successful cyber attack and data breach of Medibank, Optus, Telstra, NAB, Woolworths & Australian Federal Police.
Just like covid, cyber-attacks are now a part of our lives. Customer data & sensitive data is like cash. If you’ve got it, cyber criminals want it.
Need more convincing?
-
Here’s my blog about 50 Cyber-attacks on Australians to October this year that didn’t make the front page. *** This is a big eye opener. Expect to be scrolling a while. And remember, not everyone reports these!
-
The Australian Government website from last year’s National Census was online for just 65 days and had 1 billion hack attempts from cyber criminals. Yes, I said billion with a B!
-
The ATO just announced their website is currently getting hit with 3 million attacks every month!
Cyber crime will affect many businesses, no matter the size.
Small business owners use the same tools & have the same cyber security vulnerabilities as enterprise.
A cyber attack & data breach will allow criminals to gain access to small businesses the same way. Humans make mistakes, we’re using the same phones, computers & servers, Microsoft 365 for our email, cloud for our file storage, cloud for small business information backup.
We need to protect your business.
Good cybersecurity practices will protect your business & sensitive information
My role is to work through this with you, using Australian Cyber Security Centre, Australian Information Commissioner & Privacy Act guidelines, best practices, industry proven techniques, systems and education to make your environment as safe as possible.
Let’s start this discussion and apply cyber security now. Like, right now!
CYBERSECURITY PRINCIPLES
Protect your critical systems and sensitive information from digital attacks.
The cyber security principles provide an approach to building and managing an effective cybersecurity program. It’s a set of five functions that, when implemented together, provide strategic guidance to improve information security and manage risk. These five functions are: Identify, Protect, Detect, Respond and Recover.
Identify
The identify function is about identifying your assets (physical & software), the value to the business, the resources that support critical function, their level of risk, what criminals might want to steal and how they might do it.
It’s also about identifying legal & regulatory requirements & where gaps in your security could be exploited. This all enables you to focus and prioritise the efforts, consistent with your strategy and needs.
Protect
Once you know what needs protecting and what the threats are, you need to put security controls in place to protect those assets.
The protect function is about creating the right security controls to protect small businesses data, systems and networks. It also includes: creating processes & procedures, using protective technology, IT maintenance, staff training, identity management & access control.
Detect
The detect function is about monitoring what’s going on in your organization’s network environment at all times and being able to detect threats and attacks as soon as possible.
This includes building an effective security monitoring system that can tell you what’s happening on your network at any given time, as well as giving you actionable data so that you can take immediate action when needed.
Respond
The respond function is about being able to react quickly in the event of a security incident or breach, to contain the impact of a potential cybersecurity incident.
This means having a plan in place for how you’re going to respond to the incident and effectively communicate with your customers, employees and other stakeholders. The response phase should also include plans for containing any damage that may have been done by the breach.
Recover
The recover function also involves being able to restore your business data and operations back to a secure state after the security incident has been resolved. This may involve changing passwords, updating software and patching any vulnerabilities that were exploited during the incident.
Recovery is about getting back up and running as soon as possible so that operations can resume without interruption. It also includes reviews & implementing improvements.
5 key points on cyber threats & cyber attacks for small businesses
-
Plan & Checklist. Have a checklist and plan in place, so everyone knows what to do
-
Expect a breach. The Sophos State of Ransomware 2022 report found that 80% of businesses surveyed suffered a cyber attack in 2021, up from 45% the year before.
-
Use the tools. We have the tools that allow us to apply a layered approach to cyber security.
-
Education. We can educate your staff on what to look for & what to do in the event of an attack and keep you updated on new risks.
-
The Cost. Most cyber events mean downtime for between 7 & 30 days. We have the tools to help calculate the cost of downtime of your small business. The financial losses can be far greater than you think.
IT Security Services for Businesses in Brisbane
At Bridge IT, we prioritise the security and protection of your business data and systems. Our comprehensive IT Security Services are specifically designed to safeguard businesses in Brisbane against cyber threats and vulnerabilities. With our expertise in hardware and software security, staff training, phishing testing, and industry best practices, we ensure that your business remains resilient in the face of evolving cyber risks.
Hardware Security
We recognise the importance of a strong foundation for your IT security. Our experts assess your hardware infrastructure to identify vulnerabilities and implement robust security measures. From firewalls and intrusion detection systems to secure access controls, we fortify your network against unauthorised access and potential breaches. We ensure that your hardware components are configured securely and regularly updated to maintain optimal protection.
Software Security
Protecting your software environment is crucial in today’s digital landscape. Our IT Security Services encompass comprehensive software security solutions. We conduct regular vulnerability assessments, apply necessary patches and updates, and implement advanced antivirus and anti-malware solutions. By proactively managing your software security, we mitigate risks and ensure that your systems are equipped to defend against emerging threats.
Staff Cyber Security Training
Employees play a critical role in maintaining a secure business environment. Our IT Security Services include comprehensive staff cyber security training programs. We educate your employees about potential risks, common attack vectors, and best practices for data protection. Through interactive training sessions and workshops, we empower your staff to recognise and respond effectively to cyber threats, ensuring a culture of security awareness throughout your organisation.
Phishing Testing and Awareness
Phishing attacks continue to be a significant threat to businesses. Our IT Security Services incorporate regular phishing testing and awareness campaigns. We simulate phishing attacks to assess your employees’ susceptibility to such threats. By identifying vulnerabilities, we can deliver targeted training and education to enhance their ability to detect and avoid phishing attempts. Our proactive approach minimises the risk of successful phishing attacks, safeguarding your sensitive information.
Industry Best Practices
As security experts, we stay up to date with the latest industry best practices and emerging security trends. We apply our knowledge and expertise to develop tailored security strategies for your business. We work along side partners who follow established frameworks and standards, such as ISO 27001, to ensure that our services adhere to recognised security protocols. By implementing industry best practices, we help you establish a robust security posture that aligns with regulatory requirements and industry standards.
Continuous Monitoring and Threat Response
Our IT Security Services provide ongoing monitoring and threat response to protect your business in real-time. We utilise advanced security monitoring tools to detect and respond to potential threats promptly. Our team of security experts actively monitors your systems, analysing security logs, and implementing proactive measures to prevent security incidents. In the event of a security breach, we initiate rapid incident response procedures to minimise the impact and restore the integrity of your systems.
Partner with Bridge IT for comprehensive IT Security Services tailored to the unique needs of your business in Brisbane. With our hardware and software security expertise, staff cyber security training, phishing testing, and adherence to industry best practices, we ensure that your business remains secure against cyber threats. Contact us today to discuss how our IT Security Services can fortify your business and protect your valuable assets.
Cyber Security & Business Continuity Checklists
The goal here is to identify potential risks and common threats so you’re not an easy target of a cyber attack. We need to secure your important files, business information, intellectual property, financial information and customer information from the latest threats.
Apart from financial losses to criminals & reputational damage, the proposed government fines could exceed $50 million. Time to get serious! Lets keep your business secure and keep your business running with these simple steps.
Hardware & computer systems security
- Warranty & Support All devices (phones, printers, computers) are currently in warranty and under support by manufacturers.
- Legacy Hardware – There is no legacy hardware in use.
- Hardware drivers & bios checked quarterly, if they aren’t already done in auto updates
- Bitlocker Drive Encryption – On – If your computer is lost or stolen, your hard drive data can’t be viewed/extracted without the security key. It can also be remotely wiped. Bitlocker keys securely stored.
- Trusted Platform Module – TPM Security Chip is used with Windows 11.
- All devices with company/client data should be secured & backed up daily
- External hard drive & USB devices locked out
Software Security
- Updates – Operating systems, software and apps are automatically updated twice per week.
- Anti-virus software – Cloud managed, business grade antivirus for malicious software
- Legacy Software – There is no legacy software in use.
- Internet Banking monitored
- Advise Clients, Suppliers & Partners that you will contact them and verbally confirm any change in bank details or requests for money.
- Microsoft Office Multi Factor Authentication is switched on for all users
- Microsoft Azure Active Directory – On – If a device is stolen it can be remotely located or wiped to protect your data.
- Microsoft Access Security Check – Quarterly review of staff access and permissions.
- Microsoft Office Suite Backup – Backed up every 6 hours, Australian based server. Backing all your email, teams, sharepoint/onedrive data.
Compliance info:
FINRA – Financial Industry Regulatory Authority
FRCP – Federal Rules of Civil Procedure
GDPR – General Data Protection Regulation
HIPAA – Health Insurance Portability and Accountability Act
NIST – National Institute of Standards and Technology (SP 800-53 and SP 800-171)
SEC – Securities and Exchange Commission (17a-3 and 17a-4)
SOX –Sarbanes-Oxley
Australia Corporations Act s286 and s262A - Enterprise Cloud Email Security – Anti-Phishing, Malware & Ransomware, Account Takeover Protection, Data Loss Prevention & Compliance.
Some awesome technology in place which leverages the industry’s most advanced tools to identify & mark files containing confidential, financial, & personally identifiable information, including credit card numbers, Passport details, Medicare numbers, & Driver’s License numbers!
Compliance Info: FISMA, GDPR, HIPAA, DSS, SOX & FERPA compliant.
Onsite & Office Security
- Security Cameras
- Keycard door access
- Server/Network cabinet – Locked
- Firewall – Software or hardware-based firewall in the modem. This should be updated to a monitored hardware firewall.
- Data Access Control – Staff limited to only the areas, files and folders they need.
- Computer Security – Lock computer when not in use (Windows Key + L Key)
Offsite – Work From Home, Mobile Devices
- Work Phones, Mobile Devices, Portable Devices & Home Computers – Should have monitoring, management & security software installed if they are connected to any Microsoft Service or remotely accessing the office network.
- Network Security Don’t use public Wi fi without a VPN
- Computer Security Lock computer when not in use (Windows Key + L Key)
- Don’t let your children use your work devices
- Don’t download illegally
Staff Training & Education
Simulated phishing – scheduled quarterly to test and train management & employees how to identify threats.
This training will help you raise awareness about the importance of cybersecurity among your team members and help everyone in your company become more efficient in protecting small businesses data from cyber threats, ransomware attacks, phishing scams, BEC frauds and other cyberattacks. Also, an opportunity to make them aware of any growing threat, zero-day attacks, new scams etc
Cyber Attack & Data Breach Response Plan
A Cyber Attack & Data Breach Response Plan is a document outlining how you will respond in the event of a data breach. It outlines what constitutes a cybersecurity and information security incident, who is involved in the plan and their contact information, and steps to take in a breach and follow-up actions.
General Cybersecurity Advice & Checks
- If your device is lost or stolen, contact IT support immediately
- Lock computer when not in use (Windows Key + L Key)
- If you are unsure about an email, phone call, text message or social media message, forward/contact IT support.
- Don’t use public Wi fi without a VPN
- Use 2FA/MFA wherever it’s available.
- Don’t use default passwords
- Use a password manager whenever available & don’t re-use the same password. Use strong passwords. Change the default password of your printers and modems.
- Keep personal and business passwords completely separate
- Passwords are not shared and are changed if inadvertently shared
- Cyber Insurance – If any of your systems are able to have 2FA set up, you have a breach and you weren’t using 2FA, your insurance may not pay out. ALL 2FA able systems MUST be used.
- Password protect any document sent with personally identifiable information
- Personally identifiable information is not contained in the body of an email
- Client emails requesting changes to nominated bank accounts, withdrawals, contributions and transfer are verbally verified with the client
- All clients are informed that they will never receive an unsolicited email requesting a money transfer or personal information without a previous and relatable communication. This can be done through the email disclosure wording
- Emails that contain client data are not forwarded from your business email account to your personal email account
- Suspicious emails are deleted without being opened or forwarded to your IT Team
- Wipe, format or destroy hard drives of leased or old equipment when being returned/disposed of
- All devices are secured when not in use (eg screensavers, lock away) and report any loss or suspicion of loss immediately to your manager
- Threatened, suspected or actual cyber incidents and/or data breaches are reported to the IT Team
- An IT asset register is maintained for all devices issued by the company
- Include cyber security and data privacy modules in your new staff inductions
More Technical Checklist for IT Devices
Server Maintenance
- Active Directory Domain Controllers – Check replication (Logs, Replmon, Perform Manual Replication)
- Hardware Cloud Services: Check Resource Consumption
- Hardware Server/SAN/Networking: Physically check all equipment
- Hardware Switch – Check fans and power supplies
- Networking VPN: Check Utilization, Latency & Packet Loss
- OS/Software Check Backups and Replication
- OS/Software Check Windows Services
- Active Directory Check for inactive user & computer accounts
- Active Directory DNS: Check Zones, Name Servers, Dormant Static Records, Forwarders, Update Root Hints
- Hardware SAN – Check Volume Usage (thin provisioned)
- Hardware Server: Check RAID – Disks
- Hardware UPS – Check Voltage, Utilization, Temp, Humidity, Batteries
- OS/Software Check Application & System Event Logs
- OS/Software Check Server CPU, Memory, Disk & Network Utilization
- OS/Software Delete Temp Files (Windows & Users Temp locations)
- OS/Software End Point Protection – Check for inactive computer membership
- OS/Software Endpoint Protection – Run Clean up Tools if applicable
- OS/Software IIS – Check Logs and purge
- OS/Software Run Windows Updates
- OS/Software Update Software (i.e. Adobe Reader, Flash, Java)
- OS/Software Windows Logs – Check (C:WindowsLogs) especially CBS
- Security – End Point Protection – Check Policies & Scan Schedules, Workstation Membership
- Security – Security Logs – Check for brute force/unauthorized access
Maintenance – Weekly/Monthly Maintenance
- Logs & Services
- Check Windows Event Logs
- Check Watchguard Event Logs
- Check Sophos Control Centre for events
- Check All Automatic Services are running
Backups
- Check Backup Logs and repair any issues
- Restore some files from previous nights tape
- Check Selection Lists conforms to Standard
- Check Selection Lists contains all data necessary
- Ensure Shadow Copy is running on all Disk’s with shares
- Restore a file from Shadow Copy on all disks
- Any major SQL Database is backed up to file overnight
AntiVirus
- Check Sophos Control Centre is running
- Confirm all PC’s have AV installed and active On Access Scanning and up to date definitions
- Check the Last Update versions to ensure recent updates
- On Access Scanning is turned off on all servers
- Use Central Configuration is turned off for all servers
Windows Small Business Server:
- Admin password is to standards
- Update all details on the intranet – one record for each site
- Microsoft Update has been run and server restarted if necessary
- SBS Licences are sufficient
- Microsoft updates are set to Download but not install
Microsoft Exchange
- The latest SP is installed
- SMTP Virtual Server is locked down for spam
Hardware
- Check Disk Space and record
- Check there are no outstanding hardware issues
- All Raid’s fully functional and built
- Ensure UPS software is installed and working
- Wireless routers have Encryption >= WPA
For more information on Cyber Security, read more on the Layered Approach to Cybersecurity in our blog, and please feel free to book an appointment for a discussion or discovery session.
Bridge IT is a cybersecurity services provider that offers a range of solutions to help organizations protect themselves against cyber threats. One of the tools used by Bridge IT is Check Point, which provides a comprehensive suite of security solutions to protect against various types of cyber attacks.
Cybersecurity is a game that requires constant vigilance and adaptability to stay ahead of cyberthreats. One of the ways that organizations can protect themselves is by implementing comprehensive cybersecurity programs that include both technical solutions and employee training programs. It is essential that employees understand the importance of cybersecurity, including the protection of login information and other sensitive data.
Resources are a critical component of any cybersecurity program, including both financial and human resources. Organizations need to invest in technologies and other cybersecurity measures to protect their networks and data, as well as in hiring cybersecurity professionals and a Data Protection Officer (DPO) to oversee their cybersecurity strategies.
Cyberattacks are becoming increasingly sophisticated and challenging to detect and prevent, which is why many organizations are turning to advanced technologies such as artificial intelligence (AI) to enhance their cybersecurity measures. However, human intervention remains a critical factor in detecting and responding to cyber threats.
The network perimeter is no longer sufficient to protect against cyber threats, as many attacks occur within the network itself. Endpoint detection and response (EDR) solutions have become an essential part of many organizations’ cybersecurity strategies, providing a more comprehensive view of the network and enabling faster response times in the event of an incident.
Governments are increasingly taking an active role in cybersecurity, developing regulations and guidelines to help organizations protect against cybercrime. IBM is one example of a company that offers a range of cybersecurity products and services to help organizations mitigate the risks of cyber threats.
Costs are another critical consideration for organizations when it comes to cybersecurity. Implementing effective cybersecurity measures can be expensive, but the costs of a cyber attack or data breach can be even more significant. It is essential to balance the costs of cybersecurity with the risks and potential impact of cyber threats.
Incidents and breaches can happen even with the best cybersecurity measures in place, which is why organizations need to have a robust incident response plan in place. This should include procedures for reporting incidents, assessing the impact of a breach, and responding quickly and effectively to mitigate the damage. Links and other online resources are valuable tools for organizations looking to stay up-to-date on the latest cybersecurity trends and best practices. However, it is also important to be cautious of the risks associated with cross-site scripting (XSS) and other cyber threats that can be used to exploit vulnerabilities in web-based applications.
Hackers and cybercriminals are constantly evolving their tactics and techniques, which is why it is important for organizations to stay up-to-date on the latest cybersecurity solutions and best practices. This includes investing in cybersecurity professionals who can help develop and implement effective cybersecurity strategies.
Cybersecurity is an ever-evolving field, and Bridge IT is at the forefront of developing and implementing new cybersecurity measures to stay ahead of emerging threats. One of the most significant concerns for many organizations is the protection of credit card information, and Bridge IT has developed a range of solutions to help organizations safeguard this data.
Distributed Denial of Service (DDoS) attacks are another common threat to organizations, and Bridge IT has extensive experience in mitigating these attacks. Endpoint security is another critical area of focus for Bridge IT, as it is often the weakest link in an organization’s security posture.
Critical infrastructure, such as power plants and transportation systems, is also a significant concern for many organizations, and Bridge IT has developed specialized solutions to protect these systems from cyber attacks. Supply chain attacks are another area of focus, as they can have far-reaching consequences for multiple organizations.
Bridge IT helps organizations protect themselves against a wide range of attacks and threats, including social engineering, data breaches, network security, application security, and sensitive data protection. They also use artificial intelligence and other advanced technologies to stay ahead of emerging threats.
As organizations increasingly rely on cloud services, Bridge IT offers cloud security solutions to protect against cloud-related cyber threats. In the event of a security breach or cyber attack, Bridge IT provides incident response services to help organizations respond quickly and effectively.
Bridge IT also provides training and guidance on best practices for cybersecurity, including the role of the Chief Information Security Officer (CISO) and security orchestration. The Internet of Things (IoT) is another area of concern for many organizations, and Bridge IT provides solutions to protect against IoT-related cyber threats.
In conclusion, Bridge IT offers a range of cybersecurity services to help organizations protect themselves against a variety of cyber threats, including those related to identity theft, navigation, text messages, ransomware, end-user devices, and cloud environments. They provide incident response services, training and guidance on best practices, and use advanced technologies such as artificial intelligence to stay ahead of emerging threats.