cybersecurity

Current phishing trends that may impact YOUR cybersecurity

When it comes to phishing in 2022, cybercriminals continue to target people more than tech infrastructure. That is, ‘pirates’, using social engineering, are probing for weaknesses in our defences, rather than in our cybersecurity defences. After all, it’s easier to get someone to open the 6ft gate than to find a way to climb over it or punch through it. Which brings us to our first major 2022 phishing trend:

Help Ukraine, Help the people, Help the children.

As insidious as this is, phishing and cryptocurrency scams are using the Russian invasion of Ukraine to their advantage. Indeed, as 2020 was to Covid phishing scams, 2022 is to the Ukrainian conflict, with new cyber threats popping up daily that pull on heartstrings to collect donations, data and/or cryptocurrency from victims. Look out for email subject lines such as ‘Support Ukrainian Children’ or ‘Ukraine donations desperately needed.’ (And only ever donate to organisations that you have confirmed are 100% legitimate.)

Brand and business impersonation

This form of phishing is increasing not only in scale but also in sophistication. As users become savvier, phishing attackers are using brands or businesses that we know and commonly interact with to create a facade of legitimacy. Users are asked to click on links and provide personal information; including passwords – via emails titled ‘Data breach’, ‘Potential account termination’ or ‘Password reset required’. And these emails are (allegedly) coming from the likes of Microsoft, LinkedIn and Amazon. Always be suspicious of emails that link you to a site requesting for your log-in and other details. Never provide your credentials via such a link. 

Tax season scams

Tax season: time to buy some last-minute office equipment (or some top-tier business tech!), worry about the shoebox of receipts and fend off tax-season scams. The main thing to remember when it comes to tax time is that the ATO will never ask for personal information by email or text. (And they’ll never call you with a doom-laden message threatening arrest or jail time, either.) Any such message – requesting your tax file number or credit card details – can be disregarded as cyber fraud.

And remember: clicking such a link can also lead to disaster; potentially allowing scammers access to your computer system and then holding you or your business to ransom. If in any doubt: DELETE.

The ATO also has a regularly updated list of scams if you need to verify or report a problem.

Contact Geelong’s cybersecurity experts to reduce your risk of being scammed

At Geelong Technology Group, we’re kind of enthralled by scammers. (They’re always doing something new! Smishing attempts keep proliferating! They’re getting tricksier!) And we keep up with the latest cybersecurity threats. But what we really love is helping homes and businesses in Geelong, Ocean Grove, Barwon Heads, Torquay, the Bellarine Peninsula, the Surf Coast, Golden Plains, Colac and Warrnambool with their online security. We’re here to help with our anti-piracy solutions and cyber-attack prevention services, so don’t hesitate to contact us today on 1300 GET GTG (1300 438 484). Or drop by to chat with the team at 166 Francis Street, Belmont.

work computer

What NOT to do on a work computer

Work computer. The name says it all really. This is your computer for work. And yet with more of us working from home and the work-life divide getting ever blurrier, sometimes it’s easy to slip! There are, however, numerous reasons to keep your personal and professional lives separate. One is to avoid cybersecurity breaches – the last thing you want is to inadvertently introduce a virus or malware to your organisation. Another is for your own privacy: employers can install software to monitor what you do on your work-issued device, so act accordingly!

Five things you should never do on your work computer

You know the simple things – don’t search for a new job, click on dodgy websites or download the entire Lars von Trier back catalogue. But what else should you avoid?

1. Don’t save personal passwords

Storing passwords and personal information in a keychain is easy – and tempting for that reason – but this is a definite no-no. Imagine your computer is an open book that can be taken and read by your employer at any time. Or by the tech team tasked with upgrading it. Or by the new hire who is using it temporarily while you’re home sick. Saving your personal passwords is risking the security of your personal data.

2. Don’t store personal documents

Just as saving passwords is not recommended, neither is storing personal documents. Don’t assume that your company’s Google docs and desktop folders are private. It’s important to remember that a work device is not your property – it belongs to the company and can be taken back at any time, along with anything you’ve stored on it.

3. Don’t access free public wi-fi

Public wi-fi networks cause several security risks, including hackers accessing your device or the risk of malware infections. In order to protect both your own and your company’s data, ensure you’re only ever connected to a secure, password-protected internet connection (and never leave your laptop physically unattended). 

If you must use public wi-fi, use a good, preferably employer-provided, VPN.

4. Don’t turn off company-installed applications

Company-installed apps such as anti-virus software and backup utilities have been added to your computer for a reason – generally for cybersecurity, data security and business continuity. If you turn off these applications without prior authorisation you’re putting your workplace at risk – not only of losing information should your device suffer a mishap but of possibly calamitous damage from a targeted cyber attack. 

5. Don’t ‘talk smack’ over slack

Or Campfire. Or Google Hangout. Messaging software is fantastic for team collaboration, but remember that admins have access to private messages, and messages are likely stored indefinitely. Be very intentional about what you say over chat room platforms – if you wouldn’t say it to your boss or your colleagues face-to-face, definitely don’t put it in writing!

Some extra work laptop no-nos

  • Don’t work on your side gig Using company equipment to work on your second (or third) job is unprofessional (and possibly a disciplinary offence), even if it’s not on ‘company time’. The same goes for looking for a new job or updating your resume!
  • Don’t allow friends or family to use it Even if your work laptop is now a permanent kitchen-table fixture, allowing others to use it could breach organisational data-protection regulations.
  • Don’t play games or spend time on social media Enough said?

Contact Geelong’s computer technology specialists

Getting out of the habit of using a work computer for non-work-related tasks can be difficult – but worth it in the long run. Streamlining the use of your work device will not only ensure your workplace cybersecurity but also improve your everyday productivity.

And if decoupling your personal and professional online tasks leaves you high and dry tech-wise? Give us a call or drop by the showroom! At Geelong Technology Group, we stock a range of different desktops and laptops to suit all needs, including Acer, Asus, HP and more.

📞1300 GET GTG (1300 438 484)

📍 166 Francis St, Belmont

password manager

Should I use a password manager? Simple answer: Yes

According to a 2021 article in The Guardian, ‘the tyranny of passwords’ may be coming to an end – well, at least some time in the next ‘two to five years. Biometrics (including not only fingerprint IDs and face recognition, but more sci-fi stuff such as tech that recognises the shape of your ears, how you hold your phone and move, and even breath detectors) will eventually save our overburdened brains from remembering if we used mYpa$$w0rD or MyP@ssWORd (please don’t use either of these!). In the meantime, however, how best to navigate the password conundrum of easy to remember/easy to crack versus impossible to remember? The answer is a password manager. Indeed, a good password manager can be your first and best defense against being hacked (as long as you are also avoiding phishing/smishing scams).

What IS a password manager?

When it comes to the safety of your accounts online, you should use a strong and UNIQUE password for each app or website you use. (Reusing the same or similar passwords across websites is a serious NO-NO, security-wise.) Apparently, on average, that’s around 190 passwords per person. Possible? Possibly… Likely? Not at all. This is where a password manager comes in. A password manager is a software application that acts like a digital vault, securely storing your login credentials, which are then encrypted with one master password. Once you’ve set up a password manager account, you only need to remember the one (strong and unique) master password. A good password manager will also generate strong passwords on your behalf, and provide auto-fill services, saving you from entering details such as postal addresses or credit card numbers each time you require them.

Password managers can be desk-top based (that is, storing your passwords locally on a device, such as your laptop), or cloud-based, whereby your encrypted passwords are stored on the service provider’s network (and can thus be accessed from any device, as long as you have an internet connection). Depending on the password manager chosen, your master password can generally also be further strengthened by enabling multi-factor authentication (MFA) and/or biometric authentication on your account.

Choosing a password manager

There are plenty of password managers out there – some free, some available via annual subscriptions. Options (in no particular order) include KeePass, Bitwarden, LastPass, 1Password, Dashlane, Zoho Vault, Keeper, and RoboForm, among scores of others. Differences can lie in whether they offer MFA or biometric authentication, whether they allow you to share passwords with trusted family and friends, and even whether they feature data breach scanners – scouring the dark web to check if any of your logins appear online.

To choose a password manager, ensure the manager uses industry-standard AES 256-bit (military-strength) encryption, as well as ‘zero-knowledge architecture’ (whereby your passwords are encrypted prior to leaving your device). Check as well that your chosen manager works across all of your devices (syncing between your computers and phones, if required). You can also take advantage of free and/or trial options in order to try a couple of different password managers to find the one that’s right for you.

Remember: once you’ve chosen a password manager, you need to protect your account with a master password (or a ‘passphrase’), which needs to be super strong and memorable. Once your account is activated, it is best practice to further protect it with MFA. Extra security can be applied by allowing access to the password manager only from registered, trusted devices.

Need more information? Contact Geelong’s IT security specialists

Alongside your chosen password manager, you should also ensure your antivirus software is up to date, check your overall cybersecurity, and always double-check the legitimacy of any apps or extensions you’re planning to install.

With decades of IT experience helping homes and businesses in Geelong, the Bellarine Peninsula, the Surf Coast, and surrounding regions, the Geelong Technology Group team are well versed in IT security and protection – if you have any questions about password managers or any cybersecurity concerns, don’t hesitate to get in touch:

1300 GET GTG (1300 438 484)

📧 support@geelongtechnology.com.au

📍 166 Francis St, Belmont

Cybersecurity

Cybersecurity and the Essential Eight

Although it may sound like a bulked-up bedtime story (remember The Famous Five?!) or a Tarantino flick, the Essential Eight is instead a list of eight essential strategies for Australian businesses to mitigate cybersecurity incidents. The Australian Government, in conjunction with the Australian Cyber Security Centre (ACSC), has created this security to-do list to help businesses and organisations avoid the – sometimes catastrophic – fallout that can occur following a targeted cyber attack.

Read more