SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
ESET: Cybersecurity is everyone's fight against dangerous criminals
Fri, 6th Oct 2017
FYI, this story is more than a year old

Next week marks the start of the Australian Government's Stay Smart Online week, which aims to raise awareness about cybersecurity best practices and how individuals can protect themselves online.

The initiative was started in 2008 as a collaborative effort between government, external agencies, industry bodies and SMEs.

Security firm ESET is also taking the opportunity to reiterate the importance of online vigilance.

“Raising awareness in this industry has never been more important. A quick look at the events of the past couple of months reveals much about the current state of cybersecurity,” comments ESET senior research fellow Nick FitzGerald.

“Attacks such as WannaCryptor.D (aka WannaCry) and Diskcoder.C (aka ExPetr, PetrWrap, Petya, NotPetya), set disturbing new high-water marks for the number of users and companies around the world whose data was maliciously encrypted in one campaign. This marks 2017 as the year of locked and lost data.

The company believes that comprehensive endpoint software is the first step in securing machines. Antivirus is not enough and extra layers are needed.  Just because machines may be file servers and has a firewall, it does not exempt them from needing additional protection.

ESET offers three key areas for ensuring strong security:

Reliable backup: Planning well in advance by backing up your systems at regular intervals is crucial. Keep at least one such backup on offline storage at all times to protect your most recent data from an attack and consider having backup storage securely placed outside of your home or office.

Make sure you always back up data, and regularly check that your backup systems are working properly by ensuring you can reliably restore data from them. This will not prevent any kind of malware attack, whether it is ransomware or not, but it is necessary as an overall safety measure, as following a natural disaster, fire or theft, backups will likely be the only place from which you will be able to restore important data.

Ensure digital devices are up to date: Patches and system software updates can be difficult to deploy across an entire company's network. However, investing time in ensuring your software is up-to-date will save you in the long run. Those depending on managed service providers should check what system update policies are applied to their systems and carefully consider their applicability.

Individuals should double-check that automatic updates are enabled. This advice applies equally to non-Windows devices too, despite popular misconceptions, iOS is in fact vulnerable to cyberattacks. Apple's systems, most smart phones, tablets, and some other “smart” devices, have automatic update functionality which should either be enabled, or managed through corporate network management systems.

Employ safe password practices: Data breaches of online systems are becoming increasingly common, and with end-users having little influence on the management of such systems, user account details (and worse) can be exposed. All you can do to improve login account security is to practice safe password habits.

Always create strong passwords, preferably by using a long passphrase. Never use the same password on two or more sites and wherever possible, enable two-factor or multi-factor authentication options. If it is onerous to remember all those different passwords, using a password manager is a great option.