Cybercrime is becoming a more prevalent issue in today’s society. After the 2016 Census failure, many Australians began raising serious questions and concerns regarding their privacy and safety online. It’s not just the Census that has everyone worried, currently in Australia more than 74,000 cybercrimes have been reported since November 2014, 42% of which were online scams1.
With 8 in 10 Australians accessing the Internet daily, cyber security is becoming an increasing concern2. As the globe becomes increasingly interconnected, the amount of personal information online grows exponentially. If cybercrimes continue at the rate and significance that they are currently, the trust Australians have in our Internet will be lost, leaving the Australian economy to suffer2.
So what can we do to stop this, you ask?
Well currently, since the 2016 Census debacle, the Australian government has created and modified a National Cyber Security Strategy, to help keep citizens, organisations and corporations safe from online threats. The Strategy plans to cover five main themes over the next four years (until 2020)3:
A National Cyber Partnership – The government hopes to form strong relations with researchers and businesses, specifically analysts in this field of cybercrime, so together, they can tackle the emerging cyber security issues and generate solutions, to minimise threat cybercrime poses to our nation3.
Strong Cyber Defences – The government hopes to fund, invest and create better defences against cybercrime. It is hoped that these defences will be able to better detect, deter and respond to threats more effectively, while also anticipating upcoming risks3.
Global Responsibility and Risk – Together with Australia’s international partners, the government hope to advocate for a secure, open and free Internet, while also developing cyber defences, to attack cybercrime and cyber criminals3.
Growth and Innovation – The Australian government wants to nurture our own Australian cyber security businesses and firms. By cultivating and supporting our own expertise and skills, the government aims to generate jobs and growth in this field, while also investing in new business models3.
A Cyber Smart Nation – The Australian government hopes that by investing and cultivating the cyber security field, that it will generate a greater interest in this area. Allowing them to support the creation of cyber security professionals by establishing Academic Centres of Cyber Security Excellence in universities, which will not only foster skills but raise a much needed awareness of cyber security here in Australia3.
However, there are many steps that individuals and businesses can also take to protect yourselves from cybercrime.
Understand your business environment:
One of the first steps to protecting yourself against cyber security threats, is to understand your business and the environment that you work in. If you’re unsure, ask yourself and/or colleagues some basic questions, such as4:
What data do you require to operate your business or home operating system?
What data requires protection?
Who has access to this data?
What technologies do you have available?
(Hypothetically) if you were hacked or your data/device was infected by malware, what would the ramifications be?
What is your budget to improve your security defences?
In doing this, you can work out what data is the most important and establish strategies that allow you to protect your data in the most cost effective way, while ensuring that you will not suffer from any serious consequences in the event of a cybercrime4.
Run hypothetical “what if” scenarios:
Another simple strategy is to (with either yourself or your colleagues), form a list of possible scenarios that would put your data or business at risk, that could hypothetically occur4. For example, asking questions such as:
What would happen if your data was accidentally erased (either by an individual or malicious infections/software?
What would happen if your data was stolen (in general, or by someone specific such as an angry employee or client)?
What would happen if your server was struck by lightning or burnt in a fire?
In forming these scenarios, you and/or your business will be able to determine possible risks or where you and your data are most vulnerable, and allow you to form strategies to overcome this vulnerability4.
Develop and document security policies to address these scenarios:
After establishing possible scenarios that would place you and/or your business at risk or vulnerable to cybercrimes, you should be able to employ an execute security policies that address these issues4.
When writing your policies, ensure that they are simple, short and easy to understand (i.e. limit technical language), but encapsulate your goals, requirements and build a defence against cybercrimes. In doing this everyone that has access to your data (i.e. work colleagues) can understand the policies and help to maintain them, so your sensitive data remains safe and secure on the Internet4.
Implement the policies using the technology and expertise you have at your disposal:
Execute these policies (that you established in the above section), by using all technology and expertise that you have access to. If you are a business or organisation, work together with your IT team to find solutions to possible threats and weaknesses in your plan/policies (or already established ones), that will minimise the level of risk your business and data is at4.
If you have set aside a budget for IT related purposes, invest in some professional help and technologies (i.e. security software), to help you implement your policies and find further solutions to help keep you and your data safe online4.
Monitor threats:
One major step that is highly recommended is to monitor incoming threats. Cyber threats can come in many forms including spam, phishing and viruses and spyware.
Spam is unwanted junk email, that is sent and received by businesses. More often than not these emails are distributed by businesses to clients and customers, to share with them the latest news and happenings at their business5. When these emails are distributed, there are set requirements that must be met. Sometimes however, these emails are not sent from reputable sources or have been hacked. If this has occurred, opening the email can put you and your device at risk of contracting a virus or malware, that can completely disable your network and/or view and steal your data5. Therefore, it is very important that you are wary when opening such emails, and are certain of the sender, if it looks suspicious DON’T open it.
Phishing is when an individual will distribute falsified emails to trick consumers into sharing their personal data, such as passwords and financial information5. There are three different ways phishing can take place, via: fraudulent emails, keystroke programs and/or website hijacking.
Fraudulent Emails: This type of phishing deceives consumers by distributing emails that appear to be from a reputable source or company. These emails will often comprise of links to a fake website (often very similar to the reputable company’s but with slightly different spelling in the URL), where the consumer will be required to enter personal information5. If the consumer enters this personal information, the source behind the falsified email will have immediate access to it5.
Keystroke programs: Again the individual behind this will use falsified emails, but rather then send the consumer to a website, the email will contain a program or software that once opened will infect the computer5. This software will record every keystroke the consumer makes, allowing the individual behind the cyber-attack to obtain the consumers passwords and any personal data that they enter5.
Website Hijacking: This type of phishing is when an individual takes control of a reputable company’s web address5. Often when this occurs, when a consumer visits the reputable site, they will find them redirected to the fake webpage, which will look remarkably similar, but again steal the consumer’s sensitive information5.
You can prepare for such attacks and reduce your own risk by taking certain actions. One such action is to monitor your own webpage, for any discrepancies and also monitor the Internet for websites that have similar spelling to yours or are using your logo in their own webpages5. This will let you know if anyone is trying to replicate your website. Another action that can be taken, to ensure that your customers and clients don’t mistake your emails for spam, is to provide an email address, that allows the client to validate the email5. This will let both of you know that the email is trustworthy. A final area that should be monitored is customer service calls. When monitoring these calls, check for any changes or increases in particular complaints (passwords for example), or any unusual account activity5. As this can inform you of any cyber activity that is occurring without your consent or knowledge.
Viruses and spyware can cause serious harm to your data and device. They enter your device through emails, downloads and malicious links and corrupt your entire system5. Viruses in particular enable hackers to steal valuable information, such as “corporate, customer or employee information, distribute spam, delete files or crash the entire computer system.”5 While spyware generally only monitors your activity online, record and steal your sensitive data. Any easy way to overcome this issue is to maintain a clean device5. This can be down by ensuring that you have the most up-to-date security software, browser and operating system. This will help defend you against any cyber risks, and help keep your device free of any nasty viruses5. Another easy way to avoid viruses and spyware is to delete anything that looks suspicious, whether that be a tweet, email or link. To help you avoid this type of spam, enable filters on your email, so that dodgy emails are automatically placed in the trash or spam folders5.
By following these few steps, you can help keep yourself and your business safe from cyber threats!
References:
Inside Small Business Staff, Stay Smart Online Week targets cyber security, Inside Small business, Octomedia, Australia, 2016, viewed 30 November 2016, https://insidesmallbusiness.com.au/planning-management/stay-smart-online-week-targets-cyber-security
Australian Government, Cyber Landscape, Australian Government Department of the Prime Minister and Cabinet, Australia, 2016, viewed 30 November 2016, https://cybersecuritystrategy.dpmc.gov.au/cyber-landscape/index.html
Australian Government, Cyber Security, Australian Government Attorney-General’s Department, Australia, 2016, viewed 30 November 2016, https://www.ag.gov.au/RightsAndProtections/CyberSecurity/Pages/default.aspx
N Hampton, Unsecured and unaware: Why your business needs cyber security policies now!, ComputerWorld, IDG Communications, Australia, 2016, viewed 30 November 2016, http://www.computerworld.com.au/article/610444/unsecured-unaware-why-your-business-needs-cyber-security-policies-now/
National Cyber Security Alliance, Monitor Threats, Stay Safe Online.org, 2016, viewed 30 November 2016, https://staysafeonline.org/business-safe-online/monitor-threats/