• Daniel McDermott

    Dan is a 20 year veteran of the ICT industry working for global and local vendors in bringing new and innovative technologies to market in the ANZ region. During his career, Dan has been passionate about bringing a local voice and insights to global technology challenges. As the Editor of GetCyberResilient.com Dan casts a keen eye across the hot topics, trends and pulse of local security practitioners to curate stories from near and far that are most impactful in addressing our evolving risks.

    Comments:0

    Add comment
Content

Attacks on Australians are rising year on year, and reports of scams and breaches – including the recent breach at Optus that exposed two million ID numbers – continue to pile up.

In response, the Australian Cyber Security Centre (ACSC) is hoping to shine a light on online safety with Cyber Security Awareness Month, a national campaign with an urgent headline: “have you been hacked?”


Cyber Security Awareness Month

The ACSC’s flagship annual campaign, Cyber Security Awareness Month runs throughout October. Tips, resources and online activities are on offer, plus weekly themes (“is your email secure?”, “How do you act now to stay secure” and “It’s time to take action!”) that suggest Australians shouldn’t just be passively listening: they should be taking immediate action.

The ACSC’s own figures covering the last twelve months underline the stark message. They detail the rise of ransomware and business email compromise (BEC), as well as the dominance of fraud and online scams. Australians recorded losses of $33 billion to cybercrime over the period, with a crime reported every eight minutes. Scamwatch, meanwhile, notes that losses to scams alone total over $2 billion, with investment, payment redirection and romance scams responsible for over half of that figure.


Spotting threats is at the heart of the campaign

To help individuals assess whether an incident has put them at risk, an online ACSC quiz asks Have You Been Hacked?, and offers tips on how to deal with the most common types of cybercrime. It’s a useful resource for anyone staring a potential attack in the face, but it’s an effective learning resource too. Many organisations will find it helpful as a guide to employee learning or a tool to discover gaps in training. It covers classic risks such as:

  • Suspicious emails or messages (tip: avoid clicking on links and watch out for classic social engineering tricks)

  • Calls from someone who wants to access your device (be suspicious of claims from “tech support”, and contact the business independently on a number you have verified to be sure)

  • Your device behaving unusually (you may have been infected with malware)

  • Not being able to get into your account (someone else may have gained access and changed your password – especially if you can see suspicious activity, such as a password reset request)

  • Being unable to access your files (if you receive a message demanding money to regain access, you are the victim of a ransomware attack)

  • A criminal who claims to know your password, or have compromising photos or videos of you (unless you see clear evidence that they do have your data, this is probably an extortion scam – they likely have nothing)

  • Your information being leaked (various sites allow you to search for data breaches, and if your data held by a third party is stolen they have a duty to tell you. If your data has been leaked, change your passwords immediately)


How to stay safe online

As its name suggests, the Have You Been Hacked exercise is most useful when you or your employees suspect they’ve been affected by cybercrime. But you shouldn’t just focus on crime after it hits you. Staying safe is a full-time job, but a few simple steps can make a big difference. Important ways to reduce your cyber risk include:

  • Use MFA and strong passphrases, and update them regularly

  • Check privacy settings on social media and apps

  • Ensure apps, firewalls and anti-virus software are up to date

  • Back up your data regularly

  • Read up on the approaches behind particular scams, such as those that target online dating or seek to trick employees

  • Stay on your guard when reading emails and visiting websites – sophisticated spoofing can make it hard to differentiate scammers from the real thing. If in doubt, quit the page, and use only well-known sites displaying a padlock next to the url, particularly if you’re giving payment or personal details

  • Report scams via reportcyber and consider becoming an ACSC partner

  • Encourage friends, family and colleagues to stay safe – there are several specific guides, including those aimed at the young and older adults
     

It seems like everyone is getting hacked, but you can limit the damage

The idea of staying completely safe from attack is a pipe dream. But individuals and corporations can limit their risk, and reduce the damage caused by cybercrime. We can all learn to recognise danger signs, keep a close watch on settings and updates, and be ready to respond fast to a suspected attack. Cyber Security Month offers plenty of useful resources and is a great time to scover and share tips on cyber awareness and hygiene. One day, sooner rather than later, it will stand you in good stead.

Editor, Get Cyber Resilient

Dan is a 20 year veteran of the ICT industry working for global and local vendors in bringing new and innovative technologies to market in the ANZ region. During his career, Dan has been passionate about bringing a local voice and insights to global technology challenges. As the Editor of GetCyberResilient.com Dan casts a keen eye across the hot topics, trends and pulse of local security practitioners to curate stories from near and far that are most impactful in addressing our evolving risks.

Stay safe and secure with latest information and news on threats.
User Name
Daniel McDermott