Lines of defence
Cyber-attacks aren’t easy to detect, but agencies can make it harder for cybercriminals.
Two-factor or multi-factor authentication is seen as the best way to combat the threat because it adds an additional layer of protection to online accounts. In addition to a username and password, it requires a code to be entered. This is commonly sent via text or SMS to a mobile phone, which acts as a digital fingerprint.
And while this extra step can seem like a chore, it’s becoming a necessity for security.
Martin Boyd, Director of Vertex Cyber Security, said agencies need to be agile as cyber threats are always evolving. This includes adopting security infrastructure to accommodate the shift between hybrid and remote work, which has become more popular since the pandemic.
Research shows that with brute force attacks, a standard eight-character password can be cracked in eight hours, even where that password includes numbers and special characters. As a result, he recommends passwords that are at least 12 characters long.
“With the growing popularity of multi-factor authentication on work devices, hackers have taken notice and are attempting to exploit vulnerabilities in these systems,” Mr Boyd said.
“There are some very good systems out there – but, unfortunately, they’re not all foolproof and we’ve been contacted by companies who have had their multi-factor authentication compromised in circumstances where their phone number was transferred to the hacker’s phone.
“So multi-factor authentication is just one piece of a critical plan to secure the network and data of your business. Integrating these technologies is important, but should not be relied upon as the only way to prevent malicious cyber-attacks.”
Staying ahead of the next scam
Never to miss a beat, cybercriminals are now targeting Australia’s tight rental market.
In an alarming trend detected by the ACCC, hackers are advertising fake rental properties and duping those desperate for a property.
“Such listings require tenants to pay deposits upfront, almost always without the ability to tour or view the property,” the spokesperson said. “In particular, they may promise to mail the keys to the property to the victim after receiving payment.”
Agents can play a role in alerting customers to the importance of signing a lease with a proper agent and doing their due diligence, such as checking the street address and not paying their deposit upfront.
5 ways to boost cyber security
1. Data back-up
A must for all businesses. Multiple back-up methods are advised daily to a portable device or cloud storage. In addition, data should be backed up at the end of each week, quarterly and yearly. External drives should also be stored off-site, in case of a break-in or damage such as fire or flooding. If backing up to a cloud system, it’s advisable to use encryption when transferring and storing data. This converts data into a secret code before it’s sent over the internet.
2. Security software
Computers, laptops and mobile devices should all have cyber security software installed, including anti-virus, anti-spyware and anti-spam filters. These are in addition to a firewall that protects a business’ internal system from ingoing and outgoing information from the internet. Employees will still need to be cautious about opening a spam email or clicking on a link that can expose the business to viruses and malware.
3. Passphrases
Have trouble remembering your computer password? A passphrase could be a solution. These are not only easier to recall but harder for cybercriminals to hack, as they contain more than 10-characters. A passphrase uses a string of words – like a sentence – to allow authentication. They must also include spaces, special characters and punctuation. But, just like passwords, choose something that isn’t easy to guess.
4. Two-factor or multi-factor authentication
This works by adding an extra layer of security to accounts. After adding a username and password, a person must also verify who they are by providing an additional piece of information. This could be a personal identification number (PIN), keystroke pattern or answers to a ‘secret question’. It might also require an ID card, security token or a code to be sent to a mobile device or email. In advanced systems, it might include a fingerprint, iris scan or voice recognition. This security process has become a popular way to better protect users and resources.
5. Penetration testing
Think your security systems are impossible to crack? Businesses can employ cyber experts to perform an authorised attack on their system, just as a hacker would do. Penetration testing highlights vulnerabilities and provides solutions to strengthen security. Testing needs to be done properly, as it may expose the business to some risks, such as exposure to sensitive material and system crashes.
For more information go to www.business.gov.au
CPD COURSE – Cyber Security and Fraudulent Activity
Want to learn more about cyber security? Enrol in the Cyber Security and Fraudulent Activity CPD course.
You’ll learn:
- Best practice for cyber security
- Ways to identify and reduce the risk of fraudulent activity
- How to strengthen security when making and using passwords
- Use of security systems to protect login details
- How to identify phishing emails and the risks they pose
- How to protect trust accounts and IT systems from future attacks
CPD hours: 1 hour of Compulsory CPD
Duration: 1 hour
Format: Online or face-to-face
Assessment: Multiple choice questions
Register today at training.reinsw.com.au/CPD