Blog Layout

Improving your Online Security

Apr 29, 2022
With up to 80 per cent of cyber breaches coming from a lack of awareness, educating staff about online security is essential when protecting your business.

As a matter of general safety, we suggest you:
  1. Change passwords regularly
  2. Avoid using obvious and repeat passwords
  3. Do not store your company or personal credit card details in autofill
  4. Be wary of what you click on
  5. Work from a secured server
  6. Be sure your passwords are not easily accessible
  7. Regularly back up your data.

Types of Security Attacks

Three main types of security attacks are phishing, scams and malware. They each work in different ways, harvesting sensitive data or installing destructive software on your systems. We describe each type of attack below, offering some suggestions to reduce any chinks in your armour.

Phishing

What is it? Phishing generally comes in the form of an email that, at first glance, might be from a usually trustworthy source. Examples include emails from banks, PayPal or a TV streaming provider. These emails often feature a link that, when clicked on, asks for login/payment details. However, not all of these are legitimate.


What does it do? A phishing email (or text) is designed to gather customer, staff, login or payment details.


How do we avoid it?

  • Be sceptical when receiving unsolicited emails - mainly if it's from a company you don't usually deal with 
  • Look for:
  • content that has unusual spelling and grammar
  • low-quality logos
  • a return email address that does not match the content.
  • Check directly with the organisation claiming to have sent the email
  • When receiving an email requiring action, only log into secure sites. Even if the email received looks legitimate, avoid the link by going directly to where you usually log in and check your messages. 

SCAMS


What is it?: Like phishing, these are attacks designed to gather information for financial or other gains. They can come via email or even in shared posts that suggest you will gain prizes for doing very little. 


For example: A recent trend in scam messages includes: Senders pretending to be a delivery company. They may ask for your address so they can deliver a package, which is information a legitimate company would already have.


What does it do? A scam email, text or campaign is designed to gather login or payment details.


How do we avoid it?

  • Again, approach any unsolicited or unusual emails with a healthy dose of scepticism. If you don't know why you're receiving the email, it may be a scam.
  • Ignore requests / communications from those you have no connection with
  • Be wary of emails asking to establish a relationship or for financial assistance. This includes those emails in which the recipient must 'store' a large sum of money in their account.
  • Be sceptical of competitions that have no direct connection to the company. For example: 'If company X sees this post, you will be in the running for free airline tickets/shopping vouchers/cash' campaigns on Facebook.
  • Avoid giving any personal information to unverified callers. Some may pretend to be from a company you know, asking to renew a subscription, which most companies do automatically online.

Malware

What is it?: Malware is short for ‘malicious software’. It generally refers to any software designed to attack your systems.


What does it do? As the name suggests, malware can do some damage. It can crack passwords, work as a trojan horse to install fake software, spam you, perform data theft or spread to destroy complete systems. 


How do we avoid it?: 

  • Invest in anti-viral software for extra protection
  • Update your computer/phone software regularly; dated software can be more easily attacked
  • Only file share when absolutely necessary
  • Be careful about clicking on links - particularly in pop-up windows, downloading attachments or images.


Those involved in creating security attacks are becoming more and more efficient at what they do. Increasing your staff’s online awareness will reduce the likelihood of a cyber-attack. 


If you would like to discuss more complex methods, feel free to contact our security experts at: sales@citywatchsecurity.com.au 

Seamless Security: Boosting Efficiency and Streamlining Operations with Integrated Access Control

30 Sep, 2024
Seamless Security: Boosting Efficiency and Streamlining Operations with Integrated Access Control

Meet CityWatch's Indigenous Liaison Officer

08 Aug, 2024
Meet our Indigenous liaison officer

Enhancing B2B Security and Operations: The Role of Smart Surveillance

By Gerald Aquino 24 Jul, 2024
Enhancing B2B Security and Operations: The Role of Smart Surveillance

JUNE BLOG

05 Jun, 2024
SAFEGUARDING YOUR BUSINESS: UNDERSTANDING SECURITY RISKS IN HIGH-TRAFFIC RETAIL AREAS

SAFEGUARDING OUR SCHOOLS: THE IMPACT OF ACCESS CONTROL ON SECURITY IN AUSTRALIAN EDUCATION

10 Apr, 2024
SAFEGUARDING OUR SCHOOLS: THE IMPACT OF ACCESS CONTROL ON SECURITY IN AUSTRALIAN EDUCATION

Navigating the Mobile Frontier: Duty of Care in Mobile Technology Security

05 Mar, 2024
Navigating the Mobile Frontier: Duty of Care in Mobile Technology Security

Elevating Security: Seven Easy Steps to an Upgraded Video Surveillance System

By Gerald Aquino 02 Feb, 2024
Elevating Security: SEVEN Easy Steps to an Upgraded Video Surveillance System

Hot Security Topics Beyond 2023

19 Dec, 2023
In 2023 CityWatch Security faced a number of issues including: vaping as a fire hazard and a risk to school safety; compromised camera systems due to unsecured, overseas based cloud storage and; the use of cameras in privacy-sensitive areas. Our team faced these issues head on, offering sophisticated yet user-friendly solutions (including a locally-based cloud system) to over 180 sites across Australia. In this final week of 2023, we look toward 2024 and anticipate five challenges it will bring us; 1. Remote Workforce: More and more employees are working from home or in hybrid roles. Remote work leads to access governance, threat detection and response protocols needing to work even harder, to account for remote anomalies. These include browser-based context and storage. With remote work cyber security risks can become more difficult to identify, with the added roadblock that employees may find themselves waiting for access so they can continue their work. 2. Mobile Device Security: The importance of mobile security and education within business has reached unprecedented levels. Mobile devices, either corporate owned or as part of a Bring Your Own Device (BYOD) strategy, can present a vulnerable access point that is often-overlooked or discounted. It is crucial to implement effective security controls and provide comprehensive education to end-users regarding potential threats. As technology rises to meet contemporary challenges, the mobile era should introduce a new security paradigm designed to tackle existing threats. 3. More Sophisticated Phishing: The utilisation of generative AI tools, like ChatGPT, allows online attackers to adopt more intelligent and personalised strategies. We expect to see a surge in the prevalence of things such as deepfake attacks, making it far more difficult to tell when an interaction is legitimate. Addressing this challenge will primarily involve fostering organisation-wide awareness and education. Additionally, the role of AI and implementation of a zero-trust approach are anticipated to play an increasingly significant role in the response to these threats. 4. Less Than Zero Trust: Zero Trust is a concept that emphasises the need for continuous verification; it works on the basis that no activity can be assumed to be legitimate without a multifaceted verification system. In 2024, we expect Zero Trust interactions to evolve from a purely technical model to a more comprehensive approach, backed by continuous AI-powered real-time authentication and activity monitoring. At some point it will mitigate risks presented by remote workers and external organisations. The logistics of Zero Trust will continue to change as systems grow in complexity. 5. Posture Checks/Management: The cybersecurity equivalent of a medical for digital assets, digital asset collections, and entire businesses; Posture Management’s primary objective is to identify and address negative outcomes before they escalate into significant issues. A review of systems and controls safeguarding digital assets, can help ensure the optimal health and security of their digital infrastructure. This process generally starts with the discovery and inventory of these assets. These challenges may be too much to think about with the holiday period coming up. But we would advise tackling them head on in the new year, as you resolve to secure your business, staff and assets. Give us a call on 03 9250 4000 . CityWatch’s HQ returns to the office on January 2 nd .

Hospital Supervisor Guard Profile

03 Nov, 2023
CityWatch Guard Profile: Les B

Security for Onsite Tradies

21 Aug, 2023
site Security for tradespeople
More Posts
Share by: