Threat Protection - Cube Cyber

Beginners Guide to Cloud Computing & How it Can Help Small Businesses

Cloud Services, Remote Working, SME's, Threat Protection

With more businesses working from home, it may be time to invest in cloud computing for your company. In fact, it is more than likely you are already using some form of cloud computing. If you have ever used Dropbox or Google Docs, as two examples, then you are already familiar with working from cloud-based systems.

As more organisations are moving to online working, now is a good time to learn more about cloud computing, and how it can help your business.

What is cloud computing?

Simply put, cloud computing is using programs and storing data online, rather than using your computer’s hard drive. Local computing or storage systems will use programs and store data directing to your computer, whereas cloud computing runs all these programs over the internet.

Cloud computing types include data storage, software, application hosting, databases, servers, and online programs, such as Google Drive or Microsoft Office Online. These web-based systems mean that users can access the same files from any location or device.

Types of cloud computing

There are numerous ways cloud computing works. Types of services include:

Software as a service (SaaS)

Software a service applications are typically run on subscription or pay-as-you-go models. They allow users or members of the same team to work on files simultaneously. Teammates can collaborate on the same file, which is updated in real time, so users will always have access to the most recent version. Examples of SaaS are Microsoft Office 365 and Google Workspace.

Platform as a service (PaaS)

Similar to SaaS, platform as a service (PaaS) allows you to create a service that is used over the web. Cloud based resources such as APIs, web portals and gateway software are used by software developers. This is the more multifaceted form of cloud computing. Examples include Salesforce and Google App Engine.

Infrastructure as a service (IaaS)

Infrastructure as a service uses cloud-based servers, rather than traditional physical systems, to deliver a range of services such as storage and servers. Examples of IaaS include Amazon Web Services, Microsoft Azure and IBM Cloud.

Examples of cloud computing

Google Drive

Google drive is a cloud-based storage service, where users upload files directing over the internet. These files can be accessed from any location or device connected to the internet. With the ability to gain access to files from your phone, laptop or tablet, Google Drive is an efficient way to work remotely and data is easily accessible.

Other Google Apps

Many of Google’s applications are cloud-based, such as Google Sheets, Google Docs, Google Calendar, Gmail, and Google Maps. Being able to access these apps from anywhere makes it easier and quicker to access data and work productivity.

Microsoft Office 365

Microsoft Office 365 is great for businesses of all sizes to work collaboratively and access systems from any location. Co-workers can use Microsoft Office email, work on the same projects, and share information and files amongst the team. This is a subscription-based service, with varying prices depending on how many users it is for.

Dropbox

Dropbox has been around for years and is a service that allows users to upload and store files over the internet. These files can be synchronised and shared amongst users. Prices start from AU$18.69 per month for individual users to AU$33 per month for larger teams.

Salesforce

Salesforce is one of the world’s leading providers in cloud computing, allowing users to access CRM, sales, marketing automation, commerce, ERP, analytics and more.

Apple iCloud

For Apple users (and those using Windows devices), iCloud synchronises all your data onto a virtual server. This includes emails, photos, messages, your calendar, contacts, and backups. This is a storage based system which allows you to have a backup of your files.

Cloud Security

Cloud computing stores data via three different methods; public, private and hybrid.

Public cloud

Public cloud providers use the internet for their storage and web services. Your data will be handled by a third party and you will receive a portion of the cloud service, over a shared infrastructure. For larger companies it may not be wise to share sensitive data over a public system, although advantages are that you will be getting up to date services at a cheaper price.

Private cloud

Instead of storing all data over the internet, a private cloud system is installed within your company. This will be conducted by an in-house IT team and can be a great option for bigger corporations with large amounts of data or any company wishing to have a higher level of security.

Hybrid cloud

As the name suggests, this cloud service provides both public and private cloud based systems. This is a flexible way to store the most confidential information on the private cloud and general data on the public cloud. The private cloud will be managed by the organisations own IT team.

Positives of cloud computing

Flexible working

One of the biggest benefits of cloud computing is the flexibility and efficient way of working it offers. Employees can access services from any device and any location. When previously many systems could only be accessed from the office, which had the software installed, staff can now work from anywhere. This is especially important now as many more people are working remotely.

Up-to-date files

With programs such as Google Docs and Microsoft Office 365, teammates can be assured that they are working on the most up to date file and can do so simultaneously. This seamless workflow can mean projects can get completed faster and better communication is had amongst the team.

Cost efficient

Although cloud computing is still an expense, it is also predicable. You know how much money is coming out of the account each month, making budgeting easier. Rather than paying for an expensive server and the expertise to run it, businesses can work more efficiently when managing a monthly subscription.

Your data is backed up

One of the benefits of cloud security is that if your system crashes, you should be able to retrieve your data. A cloud backup service is different from a cloud storage service, which will allow you to store any files you upload to it. A cloud backup will allow you to restore data which has been lost or damaged.

Negatives of cloud computing

With potentially sensitive information being stored in the cloud, there will always be some vulnerabilities to watch out for. If the cloud service provider crashes from a bug, power cut or cyber attack, then company data can be lost.

There is also the rapid development of the Internet of Things (IoT). Smart devices and anything which uses the connection to the internet can be a vulnerability path into your network and cloud services.

A main concern for many business owners is how exactly their data is stored in the cloud. Before paying for a cloud service, you should be asking the right questions. Ask them how they will store your data and who has access to it. Be sure they are following security protocols, have a good support service and ask which methods they use to keep your data safe.

Cloud computing is evolving as technology evolves. This is the new way to work and as long as you are using good cyber security measures to protect your cloud services, then you are in a good position.

At Cube Cyber we help businesses protect themselves when using cloud based services and can help you stay protected whilst online.

Find out more on how we can help your business.

May 13, 2021/by Andrew Oshea

GDPR Cyber Security and How It Might Impact Your Business

Cyber Crime Australia, Large Corporation, SME's, Threat Protection

The European Union’s General Data Protection Regulation (GDPR), came into effect back in May 2018, but what does that mean for Australian businesses and cyber security?

What is GDPR?

First of all, what actually is GDPR? The GDPR is short for General Data Protection Regulation. It was brought in by the European Union on 25th May 2018. The regulations were created to give individuals more control over their personal data and to ensure businesses comply with how they handle personal customer data. This data could include name, address, IP address, phone number, email address or location data.

It is worth noting that an IP address or a transaction ID alone is not enough to identify an individual. However, if you only collect this information the rules are likely to still apply to you. While this data seems anonymous, if you were to cross-reference a transaction ID with your online store data, the individual could be identified. Therefore, the GDPR regulations will still apply, even though you may not be openly collecting personal information.

If you are collecting detailed personal information such as gender, biometrics, ethnicity, or personal data about children, then you will need to be extra careful when handling this data.

Is GDPR relevant to Australian businesses?

Even though you may not be a business in the EU, you may still have to comply with GDPR regulations.
Any business, no matter where you are in the world will need to comply with GDPR if they process any personal data from a person living in the EU. This could be a client, customer or even someone signing up to your online newsletter or visiting your website.

For Australian organisations it is likely that you will be dealing with customers or suppliers who are from the European Union. If this is the case, then GDPR regulations will apply to you.

The basic values or rules concerning GDPR is that you must tell the person that you are collecting their data, what specific data you are collecting and how you will use that data. You must have a lawful reason to collect someone’s data and only use the data for the reasons you have told them. You must get an individual’s consent before collecting any personal data from them.

For example, if someone is signing up to an email newsletter, you must include consent boxes for email marketing, if any future emails will be used to advertise or promote your business. If you state to the customer that by putting in their name and email, they will get some sort of ‘freebie’ or a monthly newsletter with tips for businesses, you cannot then use that email for advertising purposes, as that is not what the person signed up for. You will need a consent box that clearly states by adding their email, they may receive advertising and promotional emails. It is up to the individual to decide and if they do not want such emails, so you must only send emails for the reasons you have stated in the sign up form.

The data should be secured safely and not be held for any longer than need be. You should have a detailed privacy policy which is easy to read and understand, outlining what information you are collecting and what you are doing with it. You also need to state that you will delete all personal data upon an individual’s request.

GDPR cyber security

In terms of GDPR cyber security, you will need to ensure that personal data is processed and stored securely, in order to lower the risk of any data breaches. Not only does a major data breach hurt a company’s reputation, you may also be liable for a hefty fine (up to €20 million or 4% of worldwide yearly income), if you have not fully complied with GDPR regulations. This is enough for cyber security professionals to up their game and to ensure businesses have the best protection to prevent any data loss.

Organisations should make sure that only authorised staff can access any personal information from customers or suppliers. Limiting the amount of people who can access that data and ensuring only those who need the data for their jobs are allowed access, can help prevent accidental data breaches. Those employees who do have access to sensitive customer data should also have training on how to handle, store and send any data and to make sure it complies with your privacy policy.

Any data you collect that can be adnominalized or ‘Pseudonymised’ should be. This will make it harder to identify individuals. Whether you are the controller (the person who decides what data is collected and how) or the processer (the person collecting, storing, and organising the data), you are liable if any information is leaked. If you are working with a third-party processer, such as Mail Chimp for email marketing, then you should ensure they also are complying with GDPR regulations.

Data Loss Prevention (DLP) devices should be implemented to ensure that data is kept secure and personal information is not shared outside the company. In case of an unfortunate data breach, you must have an incident response plan already in place. This sets the groundwork for how you deal with a cyber attack, from identifying the attack and what data has been lost, to containing the attack, notifying the Data Protection Authority, and then recovering and learning from the incident.

For the best protection for GDPR cyber security, it is best to have a multi layered security solution. Firewalls will help prevent malicious software from entering or leaving your network, endpoint protection will help secure all devices (or entry points) into the network, VPN’s and other encryption tools will ensure data is kept secure and cloud security will protect data storage. Managing and monitoring threat detections is also key to preventing any attempted attacks early.

Risk assessment and vulnerability scans need to be performed to assess cyber security solutions and to make sure everything is working correctly.

If you are worried about GDPR cyber security, or would like advanced protection for your organisation, then get a quote with Cube Cyber today, and our friendly experts will talk you through everything.

March 2, 2021/by Andrew Oshea

Managed Security Services: Why Small & Mid-sized Businesses Should Consider It

Managed Protection, SME's, Threat Protection, Vulnerability Assessments

As the rate and sophistication of cyber crime is ever-growing, more businesses are turning to managed security services for their cyber protection. But what exactly are managed security services and how can they help your business? Read on for the benefits of outsourcing your business IT security.

What are managed security services?

A managed security service provider (MSSP) will provide security protection to your business, usually remotely, and will oversee all of the cyber security measures needed for the business. They can help with anything from finding vulnerabilities in your business, to implementing cyber protection, and then managing that protection 24/7.

Common services include cloud protection, firewalls, endpoint security, intrusion detection, anti-virus security, email security, VPN’s (virtual private networks), and monitoring. This protection is usually in the form of software-as-a-service (SaaS), meaning you do not have to employ a dedicated IT team to run your cyber security.

How can managed security services help your business?

Expertise and knowledge

One of the main benefits of hiring a managed security service provider is that your business will gain access to industry experts who have been professionally trained in cybersecurity. For small and medium sized businesses (SME’s) who may not have a dedicated team of IT experts, then managed security services can help immensely.

Outsourcing your cyber security to a team with industry expertise, specific knowledge and experience can mean you are getting the best protection for your company.

Cost effective

Using managed security services can be cost effective in several ways. First of all, it eliminates the need to hire, train and keep an in-house team of IT professionals. The cost of hiring a team and providing ongoing training can much outweigh the cost of managed IT services. Hiring an MSSP means you get 24/7 protection, whilst knowing exactly how much is coming out of the budget each month.

Latest technology

With an MSSP, you get access to the latest technologies and the best applications for your cyber protection. With cyber attacks evolving at an alarming rate, you want to be sure that your business is receiving the latest in cyber protection.

Focus back on the business

By using managed security services, you are able to put your attention fully on the business and the goals you are aiming for. Instead of trying to fix time-consuming tech issues yourself, resulting in slower business operations, you can put more time into growing your business and meeting goals.

24/7 security

By hiring a MSSP, you can have peace of mind that your business is being protected day in, day out. Efficiency is improved via automatic detection and vulnerability scans. If a threat is found, you can be assured of a quick response time. With some cyber applications, the longer it is installed, the better the system recognises abnormalities or suspicious behaviour. Threats can be seen sooner, before they infiltrate your network.

What can managed security services help with?

Next Generation Firewall Security

Installing firewalls is essential for any business. They can stop harmful or malicious content from entering and leaving your network. This is particularly important if your business handles customer data or sensitive company information. Firewalls should be one of the first lines of defence.

Cloud Security

If you are using any cloud-based systems, then you will want to ensure you have some cloud security in place. Cloud applications can include systems such as Office 365, Google Docs and OneDrive. Cloud security will protect your data being stored over the cloud, using the latest technologies and controls.

Backups and reports

A managed service provider can do all the hard work for you, including regularly backing up your data and providing easy to understand reports. This can help save you time to focus on other areas of the organisation.

Monitoring

Regular monitoring and patch work will all be carried out by the third party provider. You do not have to worry about updating systems and checking that they are working ok, that is all taken care of for you.

Anti-malware

Advance malware protection is a necessity to protect your organisation against malicious websites, downloads and spyware that can destroy your business. A MSSP can provide the latest technologies to detect known and unknown malware.

Email security

Email security is vital, since most cyber attacks are caused by someone in a company opening a phishing email. The simple act of clicking on a malicious link via an email can cause a major data breach, even within a large corporation. Managed security services can ensure that all emails are scanned, filtered and clean of malicious content before arriving in your inbox. At Cube Cyber, we work with CISCO systems to give our customers the best protection available.

Vulnerability management

Vulnerability management will scan your devices and network for any vulnerabilities, evaluate any risks, and then decide on how to deal with those threats. Vulnerability scans will provide reports of the strengths of the risks and prioritise what needs to be dealt with first.

Conclusion

Cyber security requires an understanding of the current threats, the best cyber practices, technological cyber solutions and how to measure, report and implement defence plans. For smaller businesses without the expertise, time, or budget for an in-house IT team, using managed security services is an appealing and cost-effective way to stay cyber secure.

At Cube Cyber we provide managed services, using the latest technologies and trusted world-class partners. If you would like a quote for your business, then please get in touch with one of our experts today.

January 13, 2021/by Andrew Oshea

Microsoft Office 365 Security Tips for Small Businesses

Cyber Attacks, SME's, Threat Protection

Microsoft Office 365 is one of the most used cloud-based systems worldwide, with over 70 million users and counting. But with all cloud-based systems, comes with a level of vulnerability. Office 365 security measures need to be considered to make sure your team is working safely.

By employing good simple Office 365 security methods, your company will be placed in a much better position from a cyber security point of view. As more and more staff members are working online and via cloud-based systems, it is important now more than ever to implement a good cyber security policy. By securing Office 365, you are helping to keep your data as safe as it can be online.

Below are some helpful Office 365 security tips and ways to keep your business secure.

Why Office 365 is a target

Firstly, why is Microsoft Office 365 a target for cyber crime? Well, being a highly popular cloud-based (and particularly email) application, Office 365 is a prime target for phishing attacks. Millions of user’s log-in to Office 365 everyday, which makes it easier for cyber criminals to hack into this one system. With so many people using the same system, the rewards for hackers can be just too tempting.

Back in 2016, Skyhigh Networks research reported that out of 600 enterprises and 27 million customers, 71% of corporate Office 365 users had at least one account compromised every month. As technology advances, so does the sophistication of phishing and other cyber attacks.

Every organisation is at risk of a security breach, but particularly small and medium sized enterprises (SME’s), who may have only limited security measures in place. Office 365 security measures may not be good enough, unless you pay extra for additional add-ons, such as the Advanced Threat Protection (ATP). This is available under the enterprise subscription or users can pay for each additional security measure separately. You can imagine this can become fairly costly, quickly.

For users wishing to add advanced cyber security measures for securing Office 365, hiring an expert firm to go through your individual needs could be a better option. Many businesses opt for managed security to help keep their customer and company data safe and secure.

Microsoft Office 365 security tips

Secure passwords

Having strong passwords is essential. Instead of getting staff members to change their passwords regularly or using complex passwords such as ‘!$4763&-(37653@’, you should encourage the use of passphrases. Although complex passwords such as the previous example are strong, there is always the chance for a computer system to generate millions of random letter and number sequences. Although it is unlikely that these complex passwords will be hacked, it is likely however that these passwords will be written down or saved somewhere by the user.

A passphrase is a series of random words, such as ‘fool foil village gravy2’ is much harder for computers to guess, and much easier for users to remember.

Staff training

There is no point in having added security measures if your staff do not know how to use them. Staff should be aware of the most common cyber security threats, the best Office 365 security measures, how to create a strong password and how to use the systems security measures on their devices.

Securing Office 365 should include training how to spot phishing attacks, as these are commonly reported. If staff know the signs to look for when spotting a phishing attack, it is far less likely that they will click on a malicious email link.

Use Multi-Factor Authentication (MFA)

Using multi-factor authentication is one of the best Office 365 security measures you can initiate. Staff members will have to enter another form of login (usually a code sent to their phone), as well as their usual password and username.

This extra step (or multiple steps) adds another layer of security, even if passwords are not particularly strong. Hackers will find it hard to gain access to the user account, as they will not have the use of the user’s phone, which the code is sent to. MFA is one of the most effective ways to secure your organisation.

Protect against malware

Microsoft Office 365 does come with malware protection included; however it is worth going one step further by blocking attachments with file types frequently used by hackers. You should block any file types which are commonly used to inflict malware on systems, so the email is blocked before it even reaches a user’s account. Common suspicious filetypes usually come in the forms of EXE, CHM, CMD, COM, JS, BAT, CPL, VB and VBS.

How to block certain file types from your Office 365 application:

1. Go to the Security & Compliance Centre and go to the left navigation panel. Click ‘Threat Management’ then ‘Policy’, then ‘Anti-Malware’.
2. Click on the default policy and edit.
3. Click Settings.
4. Go to ‘Common Attachment Types Filter’ and switch to ‘On’. Below this, you are able to add or remove file types that are blocked. Then click save and you are done.

Protect against ransomware threats

Ransomware attacks are one of the most common attacks on businesses. Files will be encrypted by hackers, who will then demand a ransom (usually in a cryptocurrency such as Bitcoin), or even threaten to publish your files online. The files will be compromised until the ransom is paid and you are given the encryption key.

To help prevent ransomware, you are able to set up rules for email which will block the common file types associated with a ransomware attack. For a helpful video on how to do this, please see Microsoft’s training video.

You should also ensure that there is a warning given to staff members before they are about to open an email which contains macros (ransomware is often hidden within these). Be sure to install next-generation endpoint protection for added protection.

Use spam notifications

If a hacker is able to gain login credentials during a phishing attack, they may send out many emails to a user’s contacts. These emails will often contain spam or malicious links. Office 365 security measures should include setting up a notification for when an email has been sent out excessively from a user or contains spam. This will give you a heads up on suspicious activity and a chance to warn your staff members not to open an email sent from the compromised employees account.

Stop email auto-forwarding

If a cyber criminal has gained access to a user’s login credentials, they can easily set up auto-forwarding of that user’s emails. Malware can be attached to these emails, which will be sent out to other employees around your organisation.

To stop this, you can set up an email flow rule which prevents emails being automatically forwarded to an external network. Here is how to set up a mail flow rule:
1. Go to Exchange admin centre.
2. Click ‘mail flow category’ and then ‘rules’.
3. Click the t ‘+’ icon, and ‘create a new rule’.
4. Go down to ‘more options’ to see the full list.
5. Apply the settings you want in the table. Unless you want to change anything else, then leave the rest as the default option. Then save your settings.

At Cube Cyber we have a friendly and dedicated team of experts to help with Office 365 security, and much more. To talk to one of our security experts, please call 1300 085 366 or visit out contact page.

January 2, 2021/by Andrew Oshea

IT Cyber Security for SME’s is Important Now More Than Ever

SME's, Threat Protection

IT cyber security is at it is most crucial. The pandemic has seen an alarming rise in COVID-19 related threats in which small to medium sized businesses (SME’s) can be particularly vulnerable to. According to a recent report by Cyber Readiness Institute (CRI) , only 40% of small businesses have some sort of cyber security employed in their company. For the other 60%, there is an alarming concern, particularly with these types of threats ever escalating.

As well as this, a surprising 59% of small business owners reported that several members of their staff are using personal devices when working from home. SME’s have always been at risk from cyber attacks, but that risk is rapidly rising throughout this pandemic.

The Rise in Cyber Attacks During the Pandemic

2020 has been a challenging year for most, with statistics from the OECD showing all countries other than China to be experiencing a recession and the global economy estimated to fall by 4.5%. Organisations are struggling to cope with the demanding changes needed for their business and having to adapt quickly to members of staff working from home. This brings about new challenges for cyber security.

If anything, we have seen just how important IT cyber security is and how much of our organisations do rely on digital devices and systems. Cyber criminals have only jumped on the opportunity that has arisen, with more staff working from home, often on personal devices or over unsecure networks, this vulnerability is dangerous.

Cyber criminals will often employ business email compromise (BEC) scams, sending scam messages via email, instant message, text message and social media, to illegally steal data or money from businesses. There has been a substantial increase in BEC attacks since the start of the pandemic. According to the Australian Cyber Security Centre (ACSC), over $142 million was lost in the 2019/20 financial year with 4355 reports of email scams.

Phishing emails are particularly popular amongst cybercriminals, and in smaller sized enterprises, where staff may have not had sufficient training in IT cyber security measures, the chances of an employee clicking on a malicious link is greatly increased. Any devices used at home or at work will also need to be protected.

In the UK, according to Hiscox, 65,000 cyber attacks are attempted every day. The Australian Cyber Security Centre (ACSC) reported back in 2019 that a high percentage of Australian SME’s will not have adequate cyber security practices in their organisation. SME’s play a crucial role and are known as the backbone of the Australian economy, so IT cyber security is essential for organisations of all sizes.

Many small to medium size enterprises simply are not aware of the risks of cyber threats, perhaps thinking this is only something to worry about in much larger corporations. Before companies can implement good IT cyber security practices, they really need to understand the risks associated to their business. IT cyber security measures will ensure every part of your business is protected and can respond quickly and effectively should any threat arrive.

IT Cyber Security & Preventing Attacks

There has never been a better time to implement strong and capable cyber security systems in your organisation. Examples below indicate the cyber security measures you could be taking, to ensure your business is well protected.

Use strong passwords

Ensure every member of staff is using strong passwords and not reusing the same password for multiple devices or systems. Ensure passwords are updated and changed regularly and any default passwords are changed.

Be careful when working in the cloud

More SME’s are working online in the cloud, sharing, and receiving important documents and sometimes sensitive data over the cloud, which could pose the threat of an increased vulnerability. Working with a cloud service provider (CSP) or cybersecurity firm can provide you with the support you need and help you better protect your business.

Ensure staff are being vigilant

Educating staff and initiating staff training on IT cyber security best practices is one of the best things you can do to protect your organisation from a cyber threat. Make sure employees are aware of the increasing amount of attacks and to watch out for potential fraudulent emails, such as those with an urgent call to action, strange wording or links or emails asking you to send a payment. If they are unsure, they should double check the email before clicking on any link.

Use multi-factor authentication (MFA)

Multi-factor authentication is an automated authentication technique where the user will be asked to verify two or more ways to login to a system, for example you may provide a password and then a code which has been sent to your phone. This preventative measure is a great way to ensure devices and data are secure.

Implement a cyber security policy

It is a good idea to have a cybersecurity plan and policy across your company. You should have an emergency plan, in case of the unfortunate event of a cyber security attack and ensure all members of staff are informed about the cyber security measures that have been put in place. Hiring an Information Security Officer (ISO) who oversees the security policy or outsourcing your cyber security to an expert firm is a great way to safeguard any potential threats to your organisation.

Make certain remote access is secure

It is always a good idea to keep remote access at a minimum if you can. With more people working from home nowadays, it is vital that remote connections are secure and properly encrypted.

Keep data backed-up

Help protect your business and data from ransomware attacks by performing regular backups and keeping those files offline. You should also try to have two versions of your backups for even further protection.

If you are a small or medium sized business looking to update your cyber security, why not try a free trial with Cube Cyber today. We have expert professionals ready to help you and your organisation implement secure cyber security solutions.

December 9, 2020/by Andrew Oshea

11 Cyber Security Tips for Working Remotely

SME's, Threat Protection

With the coronavirus pandemic in full swing, more and more businesses are making the switch to working remotely. This brings about new challenges, particularly when it comes to cyber security.

Small and medium sized enterprises are having to deal with a wealth of new problems that working remotely brings; everything from insecure home-networks, staff using personal devices, sharing of sensitive information over the cloud, complying with legal guidelines and using shared family computers for work.

SME’s have had to quickly adapt to this new way of working and in the meantime, cybersecurity can easily be overlooked. However, teams working remote can be one of the biggest risks in cyber security. Cyber threats are often underestimated, and it is easy to forget the risk whilst working from your kitchen table.

Staff need to be aware that the same cyber security measures are just as important when working from home as they are in the office.

Hackers and cybercriminals are taking advantage of the vulnerabilities that have arisen from working remotely, so it is vital that employers and staff are all aware of the risks and ensure safe cyber security measures are being put in place, when working from home.

Here are 11 cyber security tips for SME’s working remotely:

Use company devices

Use a company owned laptop or device that is properly secured to reduce the risk of data breaches when managing sensitive information and data online. This is a far better way of safeguarding than employees using a variety of personal devices which could have outdated software and security measures.

If you are running an SME and simply do not have the means to provide every member of staff with their own device, then think about employing a secure remote desktop service. Providing employees laptops have the adequate amount of protection, this solution means all of the data will be stored on the office device and staff members personal devices are merely acting as a display.

Install internet security at home

If employees are using personal devices whilst working remotely then it is a good idea for them to install internet security at home. The usual home internet security antivirus software may be too basic for staff working for home. It is important that all home computers are just as secure as those in the office.

Be aware of common scams

It is important to know what the most common cyber security scams are, so you know what to watch out for. Small and medium sized enterprises can be in a particularly vulnerable position if they are not aware of the threats to their organisations. Being aware of how such threats work, for example spear phishing attacks, increases the likelihood that you will spot the threat before it is too late.

Ensure the safety of your devices

We are not just talking about internet safety here; you also need to make sure your devices are physically safe and not being put in a position where they could be easily stolen. Whilst most of this is pure common sense, it is also just as easy to get lapse with our judgement, particularly if we are not used to working from home, and in a more relaxed environment. Those of you who have young children need to be particularly vigilant that your work computer does not fall into the wrong hands! Devices should automatically lock if you are not using them, and ensure they are not left on when out of the room, especially if there are kids around. Preferably when leaving the house, any devices with sensitive work-related information on should be secure in a locked room.

Avoid using USB thumb drives

Portable storage devices should be avoided if possible. If a member of staff saves confidential and sensitive information to a USB thumb drive, and then looses it, the chances are there for anyone to pick it up- and you certainly don’t want that information falling into the wrong hands. On another note, USB drives have been known to have been placed by hackers near the place they are trying to attack, in an attempt for colleagues to pick up the drives and plug them into staff computers to find disruptive malware which will lock their system. Shockingly, this happens more than you might think.

Use secure VPN’s

Virtual private network’s (VPN’s) allow a secure and encrypted communication between a device and a remote network. This is an excellent way to secure private information being compromised if a hacker is stealing data from public Wi-Fi services or attempting to attack an unprotected private home network. When choosing a VPN ensure that your data is properly secure and will not be passed on to a third party.

Two factor authentications (2FA)

Two factor authentication (2FA) provides an extra level of protection when logging in to secure networks. You may need to provide a username and password, and then again, another method of identity such as a code from a SMS message. This means that if a hacker gains access to your password, they still will not be able to login using your credentials, as they do not have access to your phone.

Backup data

All company data should be regularly backed (preferably a double backup) and stored in an offline location. This is a vital way of protecting data in case of a ransomware attack. In such an attack, the hackers will steal your data and demand a ransom in order to get it back. If you are running a small enterprise, you may not have the funds for the ransom and may be at risk of loosing important data.

Setup firewalls

All your networks should have a firewall installed to protect your computer from potentially harmful sites. Firewalls are essentially filter’s, they control all the information coming in from other sites and computers, allowing some communication through and restrict what it believes to be harmful threats. At Cube Cyber we have next generation firewall services that can help you block threats and reduce costs.

Keep updated and patch systems

Old and outdated software has vulnerabilities that hackers can easily use to get into your computer. All operating systems need to be regularly patched and updated to help keep your business secure. Hackers will always find weak points in devices and networks using outdated software, so it is important that systems are updated as soon as a new update comes out, or better yet install auto updates.

Get the right training

The weakest link in cyber security is usually the human factor. People make mistakes, even the smartest amongst us will occasionally click on a dodgy link after being fooled into think it was something else. Good training on cyber security is essential for the safeguarding of company information. Staff members need to be aware of phishing attacks and what to look for in a spammy email, which can look incredibly realistic at times. Regular training sessions and keeping staff up to date on the latest cyber threats will reduce the risk of someone unknowingly giving away sensitive company information.

Using these cyber security tips should help to implement good protection measures across your company. If you found this article useful, then give it a share and let us help spread good cyber awareness across the board.

December 9, 2020/by Andrew Oshea

Pandemic Cyber Security: Is your Business at Greater Risk Due to Covid-19?

Cyber Attacks, Remote Working, SME's, Threat Protection

An overwhelming majority of reports are indicating that cyber crime is increasing at an alarming rate. INTERPOL’s COVID-19 Cybercrime Analysis Report shows that cyber criminals are taking advantage of the COVID-19 pandemic to switch their target from small businesses to large corporate and major organisations, as well as government entities. Due to the pandemic, cyber security is as important now more than ever.

With organisations having to install remote working in their companies and with more staff now working from home, the risk of a cyber attack is ever increasing.

Working from Home is Increasing the Risk

With remote working increasing in this pandemic cyber security should be high on every organisations to do list. With the increased vulnerabilities of more employees working from home, employers need to ensure their cyber security systems are both up to date and doing the intended job.

Since COVID-19 made it’s ugly appearance at the start of the year, cyber criminals have taken advantage of the situation and of staff members who are working remotely, perhaps not thinking about cyber security in the same way as they would do in their corporate office jobs.

PwC’s 2021 Global Digital Trust Insights survey of large businesses, reported a 65% increase in cyber security attacks from April to June this year. According to a Webroot study, there has been a 40% increase in devices running unsecured remote desktop protocol (RDP). These insecure machines only make it easier for cyber criminals to take control over the entire device. And according to a report released by cyber security firm Kaspersky, the increase in these brute force attacks have risen by 400% in just March and April this year.

Individual users are similarly being targeted too, with pandemic related cyber security incidents on the rise in the general public. WHO reports more scammers impersonating them, in order to get people to donate funds for COVID-19 donations into a fake account. Phishing scams trying to trick users into giving away personal or secure information have likewise been growing since March. Individuals could be even more likely to click on a phishing link now than before the pandemic, with clickbait words such as ‘covid vaccine’, ‘testing’, and ‘quarantining’.

Claroty recently released a report from 1100 information technology (IT) and operational technology (OT) security professionals, who stated an average rise of 56% in cyber security threats since the pandemic began. As well as this, 70% of organisations reported cyber criminals are using new tactics to target their company. Hacking, identity theft, ransomware, and web application threats are just some that have been most common.

The threats from working from home during this pandemic means cyber security is more vulnerable due to unsecure or weak Wi-Fi networks, more secure data being transferred across unsecure networks and a lack of digital infrastructure.

Organisations are having to quickly react to the changing situation, creating temporary and fast solutions to staff working remotely and often compromising security in the process.

Pandemic Cyber Security Attacks

COVID-19 has given risen to new cyber threats, as well as an increase in malware and ransomware attacks. Here are some of the way’s criminal are taking advantage of poor cyber security in the pandemic:

Spammy coronavirus domains

Since the pandemic began, there has been a huge rise in false domains and spammy accounts related the COVID-19 virus, 90% of which are completely fake. Scam sites have propped up here, there, and everywhere, with everything from fake coronavirus news, vaccines, fake cures, fraudulent donation websites and fake shopping stores selling masks and other medical supplies. These domains will use words with COVID related terms to trick users into giving away details from phishing attacks, malware threats and C2 servers.

Online ‘zoom’ related scams

Webroot reported a staggering 2000% rise in malicious attacks containing the word ‘zoom’. With more and more companies resorting to online video Zoom calls, this is a tempting target for cyber attackers. Zoom login details are being sold over the internet with over 530,000 accounts being sold on the dark web.

Ransomware Attacks

Skybox Security 2020 Vulnerability and Threat Trends Report says a 72% rise in ransomware attacks have been documented. Healthcare institutions and other large organisations are being targeted in exchange for ransom. These attacks can be completely disruptive to enterprises.

Phishing Attacks

Phishing attacks have always been a popular method amongst cyber criminals and that has been no exception during the pandemic. Cyber security phishing attacks have been COVID-19 themed, convincing users to part with their personal data. Criminals will impersonate government agencies or health organisations to be even more convincing.

Malware Threats

Using pandemic associated wording in order to entice users, cyber criminals will then use disruptive malware to compromise secure networks, using spyware, banking trojans and remote access trojans. Data and money are then able to be stolen.

How Companies Can Protect Themselves

Government and large corporations can help protect themselves from new threats by building secure internal platforms and increasing their cyber security structures.

Review current cyber security

Now’s the time for organisations to really take an in-depth look at their cyber security protection and continuity plans. Do you know what you would do in a cyber attack? Do you have a plan and procedure to follow such an attack? It is a good idea to go over everything, ensure you are fulfilling privacy, government and compliance guidelines and keeping up to date with the latest guidelines for businesses. We all know the saying ‘fail to prepare, then prepare to fail’. Do not let this statement ring true.

Educate staff on procedures

Use this time to educate your staff on your security procedures and on cyber security awareness. This can ensure the opportunity for employees to be tricked into giving away secure information is massively reduced. Make sure they are using two-factor authentication, keeping strong passwords, and updating them regularly.

Use a VPN

Try and implicate employee access to a VPN (Virtual Private Network) which will help safeguard sensitive information when using remote connections. Make sure staff devices have end-point security installed to keep important information safe.

Install cyber protection

Having an extensive and managed cyber protection is the best thing you can do for your organisation. Using an expert cybersecurity firm such as Cube Cyber, can break down the complicated problems for organisations and ensure your company is in the best hands.

For more information on Cube Cyber and how we can help your organisation, please get in contact with us today. We have a wealth of experience and knowledge and help companies of all sizes.

December 9, 2020/by Andrew Oshea

Traditional Antivirus Software vs Next Generation Endpoint Protection

Threat Protection

How would you rate your device security?

As cybercriminals gain access to sophisticated technology, it is critical that organisations utilise state-of-the-art cyber defences to safeguard against a cyber-attack.

Nowadays, almost all businesses collect and store some form of sensitive data. Unfortunately, SME’s continue to underestimate the risk of a cyber-attack due to the size of their operation. The implications to a business can be detrimental, including financial loss, reputational damage, and loss of staff productivity.

Did you know that 43% of cyber-attacks target small businesses, while only 14% of these businesses would rate their cyber security as highly effective? Cybercriminals consistently exploit this false sense of security, often targeting smaller businesses who have let their guard down.

‘But I have antivirus software installed on my computer, so these cybercriminals won’t be able to get my data.’Unfortunately, traditional antivirus software only provides a fraction of the security required to provide effective protection in today’s environment.

To help you understand why traditional antivirus software is no longer a sufficient security mechanism, let’s discuss how it operates.

A signature is a static string or pattern of text that uniquely identifies a virus. These signatures allow antivirus software to detect and trigger alerts when a virus is present. As these are static identifiers, the virus needs to be known and understood, if the virus behaviour changes or a new virus is released then new signatures will be required. Signature updates range from once a day to once a week.

These antivirus products are often referred to as point-in-time detection technologies.

Traditional Antivirus vs Next Generation Endpoint Protection

Traditional antivirus software was originally designed to prevent and detect single devices against malware infections. While it used to be considered a must-have in the battle against cybercriminals, legacy antivirus provides little protective value in today’s advanced cyber landscape for the following reasons:

Antivirus software can only detect known threats. With thousands of new malicious threats being developed every day, traditional antivirus software simply can’t keep up. Moreover, antivirus is limited to point-of-entry inspections, meaning it doesn’t analyse behaviour once it has infiltrated the device.
Most antivirus software conducts static analysis on the device, rather than leveraging real-time cloud-based threat intelligence.
Legacy antivirus also lacks the real-time visibility of newer cyber protection models that utilise machine learning and fuzzy fingerprinting to analyse and catch the malware at the point of entry, in real-time.

Taking these things into consideration, it’s clear that traditional antivirus is no longer effective. So, what can you do to protect your business?

Next Generation Endpoint Protection

As the name suggests, Next Generation Endpoint Protection (NGEP) offers the latest technology in anti-malware and hacking protection. As a comprehensive security model, NGEP mitigates the risk of unauthorised access at every step of the way, meaning devices get the best possible protection against infiltration, data loss, and malicious activity.

Within the Next Generation Endpoint Protection space, we recommend Cisco Advanced Malware Protection (AMP) for Endpoint.

AMP for Endpoints was specifically designed to work together with existing security products that may be installed on an endpoint such as traditional antivirus. AMP does not clash with existing antivirus products nor does it try to compete with them.

A current trend that we are seeing is the replacement of traditional antivirus software with AMP. AMP for Endpoints goes beyond traditional normal signature-based detection and prevention technologies, by including multiple processes and analysis engines to enhance AMPs ability to detect Malware. AMP provides,

Multiple preventative engines utilising cloud-based threat intelligence, effectively doing the heavy lifting for you in the cloud and not on your device, AMP automatically identifies and stops advanced threats before they reach your endpoints.
Continuous analysis, remediation and retrospective security, when a file arrives on an endpoint, AMP watches the file continuously and records its activity, regardless of whether the file is deemed good or bad. If a good file starts to exhibit bad behaviour in the future, AMP can alert your team, so you can contain and remediate the threat quickly.
AMP utilises threat intelligence provided by the Cisco Talos group, Talos analyses millions of malware samples and terabytes of data every day. Once available, Talos pushes this threat intelligence to AMP for Endpoints so users are protected 24/7.
AMP integrates with Cisco Threat Grid to provide Advanced Sandboxing functionality. AMP can perform automated static and dynamic analysis of files, against a large number of behavioural indicators, to determine whether a file is malicious

Taking an integrated approach

Next Generation Endpoint Protection offers an integrated approach to cybersecurity that just isn’t possible through traditional antivirus software.

AMP for Endpoints prevents threats at point of entry, then continuously tracks every file it lets onto your endpoints. AMP can uncover even the most advanced threats-including fileless malware and ransomware–in hours, not days or months.

Thinking back to the beginning, how would you now rate your device security?

If the answer is anything less than excellent, we’d love to chat! Call 1300 085 366 or email us on info@cubecyber.com to book your complimentary security assessment today.

June 21, 2019/by CubeCyber Team

Medical Device Network Security, the prognosis is good

Cube News, Internet of Things, Operational Technology, Threat Protection

Are networked medical devices secure? We know that a significant number of medical devices have security vulnerabilities, known and unknown. Identifying the known vulnerabilities before a threat infects the device then eventually the network is the role of having a solid cyber security strategy in place. In Australia, the health sector has recorded the highest amount of data breaches since the Mandatory Data Breach regulations came into effect earlier this year.

The reporting tends to ignore the fact that the security of a device does not equate to the security of the system. The chants of self-appointed researchers and some fear-slinging security vendors would have us believe we’re all at risk of remotely controlled death, triggered by smart-phone.

In this article, we explore the current landscape of the network security for medical devices and architecture to ensure a secure environment.

So are medical devices secure?
The likelihood of actual harm from medical device insecurity is of course far removed from the worst case scenarios we read about in often-sensational media reporting or researcher claims. Those of us that actually work with medical systems know this. Nevertheless, vulnerabilities and threats obviously exist and medical devices are high-value targets. A better question perhaps would be “can networked medical devices operate safely and acceptable level risk to patients?”. Addressing this question, of course, is the daily challenge of professionals charged with managing risks on clinical networks.

What makes medical devices so different?
Just as for other waves of cybersecurity hysteria around IoT and Critical Infrastructure sabotage, medical devices are often cited as vulnerable to manipulation into misbehaving or leaking information. It is important to realise as security professionals that biomedical devices have unique needs that don’t always neatly fit into regular security practices. Like other critical infrastructure systems, medical devices and their local ecosystems are commissioned and tested extensively and formally so that they function exactly according to manufacturer specs. Change to these systems becomes complex, risky and expensive.

How then can devices be protected, yet allowed to communicate with all their necessary integration points – local users, remote support, external vendor monitoring systems, head-end servers, cloud-based health record services, other connected health systems?

Enter the modern security-centric network. A modern network security infrastructure can provide increasingly sophisticated protections from known attack vectors and these advances are the main thrust of this post. What’s changed? The loosely connected, hardware-centric, open networks of the past are giving way to Application Programming Interface (API) driven, integrated, software-centric, “zero-trust model” networks of today providing very powerful tools to achieve secure network architectures.

But first, let’s take a look at the external factors driving risk.

The Healthcare Threat Environment

There’s no question medical devices in clinical environments make high-value targets for cyber-criminals, where a breach of security could be both profitable to the attacker, potentially catastrophic to the victim, and very costly to a healthcare delivery organisation’s reputation.
Since the mandatory data breach notification scheme came into effect in Australia on February 22, health service providers have been top of the class when it comes to the number of data breaches reported, importantly though, a large percentage of the reported breaches were the result of either human error or a lack of basic cyber hygiene.

Threats commonly referenced for medical device security include malware infections, targeted attacks and Advanced Persistent Threats (APT’s), Denial of Service (DoS) attacks, theft, unintentional misuse and directly connected devices (e.g. USB devices).

Further complicating the security landscape the increasing integration with cloud-based electronic medical record systems represents the new risk.

Secure Network Architectures
Network Access Control (NAC) has been readily available for many years providing reliable and highly secure protection where it is needed most – at the point of access, the network edge. Pushing strong identity and access control mechanisms to the network edge using protocols like RADIUS and 802.1x, goes a long way to preventing unauthorised access. Use of a comprehensive NAC solution like the Cisco Identity Services Engine (ISE) now allows for extremely flexible deployment models, easily supporting both newer and older legacy devices – a major plus when dealing with a diverse mix of medical device capabilities.

Not only does NAC protect the wired and wireless network edge, it supports the dynamic placement of devices into segregated and isolated sub-networks (zones). Furthermore, the telemetry provided by connection attempts provides excellent visibility of not only the movement and connection state of device assets but the ability to detect unauthorised connection attempts and take action accordingly.

The Medical NAC Ecosystem
A medical grade network ecosystem centred on NAC now enables highly flexible and integrated security to be achieved. Now that a security ‘event bus’ using the likes of Cisco’s pxGrid can be tightly coupled to both the NAC system, the segregation firewalls and beyond that to secure operations platforms like SIEM and automation tools, comprehensive and integrated security is readily achievable.

These abilities go well beyond traditional network segmentation and access control mandated by most standards. Let’s consider some of these. The ability to provide effective micro (device-level) segregation and isolation policy for one. The ability to quarantine unauthorised devices before they can send a malicious packet. The ability to perform real-time behavioural analytics on traffic flows. The ability to link security systems together and share context and behaviour. The ability to respond automatically to abnormal conditions and coordinate countermeasures using API calls.

Features within the Cisco Medical NAC ecosystem are underpinned by ISE/pxGrid, Stealthwatch and optional elements of Cisco’s Trustsec architecture. Of particular note are features like these:

• Medical device profiling – More than 250 profiles for medical devices out of the box with ability to customise your own. The ability to automatically detect the device type can really boost the flexibility in policy authorisation control and provides excellent visibility into the activity of the device fleet.

• Downloadable Access Lists (dACL) – Layer-3 packet filtering at the edge, including the option for Active Directory integration for per-device/class ACL’s using custom attributes

• Identity PSK – The recently introduced capability to use multiple pre-shared keys on the same WLAN SSID, with the dual benefit of keeping the number of SSID’s low and supporting migrations, key updates and per device/group PSK

• pxGrid – Cisco’s context and event integration publisher/subscriber backbone for Rapid Threat Containment and multi-platform.

• Stealthwatch – The network flow security analytics engine, detecting abnormal network behaviour and attacks

• SIEM integration – Push logs and events into your log repository or SIEM for maximum analytical and troubleshooting value

• API driven automation and response capability – All of the products mentioned have API interfaces that your DevOps or SecOps team can take advantage of to start exploiting full visibility and control of the environment.

Using network segmentation to protect devices and medical records from threats requires Medical-Grade NAC. By monitoring behaviours to detect and contain threats, healthcare security can be improved drastically to mitigate risks to the organisation. Putting it all together requires some planning and experience, but the tools available today are vastly improved and proven in the field today. As the saying goes, the whole is now much bigger than the sum of the parts when the parts fit together effectively. This, of course, is just a component of the overall security approach, but as the point of control closest to the medical device, it is a critical one to get right.

Cube Cyber, a Cisco Certified provider based in Brisbane, has been delivering solutions for the healthcare industry since 2015. Contact us today on 1300 085 366 to discuss your next project.

References:

Office of the Australian Information Commissioner
https://www.oaic.gov.au/

US Health Care Breach register
https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

University of San Diego “Cyber Security Threats in 2018”
https://onlinedegrees.sandiego.edu/top-cyber-security-threats/

NIST / NCCoE Infusion Pump Security August 2018
https://www.nccoe.nist.gov/sites/default/files/library/sp1800/hit-wip–nist-sp1800-8b.pdf

September 21, 2018/by CubeCyber Team