Intuitive IT launches Cyber Resilience Audit
Want better cybersecurity but don’t know where to start? Start here
Cybersecurity, cyber resilience, malware, hackers, data breach, change your password. It’s never-ending, and it is becoming more and more prevalent. The risk to businesses is growing day by day, and it’s important that every business has an understanding of where they sit with their cyber resilience.
What will happen to your business if you have ransomware on your network?
What will happen if a hacker gets access to an email account for your accounts department and reissues invoices with changed BSB and account details?
What happens when you’re asked to pay a ransom to regain access to your files because a hacker has encrypted them all?
These questions are not hypotheticals. The above three examples have happened to companies we’ve worked with and subsequently helped. These businesses have had to make some really hard decisions around how they proceed.
Right now, businesses all across Australia need to become more vigilant, because as a business owner, you don’t want to be spending your days trying to pay hackers in Bitcoins or talking to lawyers about who’s at fault.
You want to focus on running your business, and we want to help you do that. So to that end, Intuitive IT has developed a report for you; the business owner, so you have an understanding of where to start with your cyber resilience. This report is not a be-all or end-all for cyber resilience. It’s an ongoing process, but at least it gives you a good idea of some major risk factors and where to start.
So what are the benefits of running a report like this? You will be able to see:
-
how vulnerable your staff are in triggering a cybersecurity incident
-
how likely they are to fall for a scam or a phishing email
-
how vulnerable are some of your external facing systems to a cybersecurity incident. I.e. Have they been locked down correctly? Is there more to be done there?
-
what information about your staff is on the dark web? Has there been a data breach with usernames and passwords been leaked? And have they reused those passwords?
-
how vulnerable is your business’s website to a cybersecurity incident? Can it be taken over? Can it be brought down?
-
And how well positioned are you to recover from a cybersecurity attack? So if the worst does happen, what’s your recourse? How do you continue to run your business during and then after your incident?
So what areas does the audit cover? Well, here’s a quick rundown.
Phishing Simulation
The first area is the phishing simulation test for your staff. Phishing is an attempt to turn your email into a weapon against you and your company. The goal of phishing is to trick one of your employees into performing an action that will have a direct negative impact on your business. For example, you might receive an email from what appears to be your Office 365 administrator about you losing access. The email will ask you to click a link to restore that access. They’ll send you to a webpage that isn’t legitimate and then ask you to put in your Office 365 username and password. At that point, the hackers will have access to your username and password.
So our phishing simulation will send out one of these such emails to your staff, and it will then report back to see who opened the email, who clicked the link to go to this webpage, and who entered their details.
Please note: We will not be storing or capturing any usernames and passwords in this simulation, only the fact that they attempted to log in.
You can then use this information to decide if your staff need training in being able to detect such scams. You can have all the technology protecting your environment, but if one of your staff simply hands over a username and password then that has got to be a weakness that you need to resolve to protect your business.
Cybersecurity insurance
Why would you need cybersecurity insurance? Well, for starters, your current insurance does not cover you if you’re a victim of a cybersecurity attack. Cybersecurity insurance can protect you against third-party claims, business interruption, so you’re reimbursed for lost profits, and any remediation costs you might have due to a breach.
A key piece of cybersecurity insurance is making sure that you’re covered for social engineering, phishing, and cyber fraud, because the base package of most cybersecurity insurance providers do not protect you against that, and realistically, that is the main way that your business will come under attack. So in this section, we’ll audit what cybersecurity insurance you have.
Email spoofing check
So this is when a cybercriminal will try to deceive you or your team by making it appear as if they are someone else when sending an email. So that could appear to be from your accounts department, or the CEO, or the chairman. And unless you have blocked off the methods for that or have methods in place to detect this impersonation, then you could very likely fall victim to email spoofing. This is a technical check to see if your environment is vulnerable to email spoofing.
Multi-factor authentication (MFA)
So think of it this way, your username and password for any of your services is a single factor of authentication. The problem is if your username and password are made public, anyone around the world can log in with it.
However, if you have a second factor of authentication, for example, a mobile phone that can receive an SMS or has an authentication app, then even if that username and password are out there and someone tries to use it, they can’t log in unless they have access to your phone as well.
So we’ll do a check to see if:
-
your cloud-based services have MFA as an option
-
which ones have their multifactor authentication set up, and
-
which of your users have multifactor authentication on their devices.
This is truly low-hanging fruit when setting up your cybersecurity. Setting up multifactor authentication for your cloud-based devices will stop the vast majority of hacking attempts.
Dark web monitoring
Data breaches occur multiple times every day. I myself have been listed in over ten data breaches. It’s unfortunate and disconcerting, but knowing puts me in a stronger position to defend myself.
What you need to do is make sure that you are aware if one of your details or your staff members’ details have been breached. A breach could be on a site that has nothing to do with your core business. It could be that the data breach that’s occurred on a graphic design website or on a real estate listing website. The problem occurs when your staff member reused the username and password for their login to your company’s email. Statistics from Google study found that 13% of people reused the same password across ALL accounts and a further 52% used the same password across multiple accounts.
Why is that an issue?
Because the first thing that these hackers will do is try the username and password combination on any service available to them. They’ll try and log in to Hotmail and Gmail and your Office 365 and any other variety of sites and see which ones work. This is why it’s so important to have unique passwords – do not reuse them!
Our report for you that will list out all the breaches for a list of email addresses that we have for your organisation. Then from there, you can perform that remediation action to keep your systems secure.
Antivirus software
Everyone knows about antivirus software, it’s been around for decades, but these days you need something more advanced than your standard antivirus. You need antivirus software that’ll interface with all your business’s IT services and correlate that data across all the systems.
For example, you want to detect when something strange is happening in your Office 365 and correlate that with something strange happening on a desktop in the warehouse.
You need that kind of sophistication to be able to detect if there is something not right in your environment, in your infrastructure. So we’ll let you know if your antivirus is up capable of doing this.
Anti-spam services
Anti-spam services check an email before it hits your inbox and decide if that message is legitimate. In most cases, if it’s not legitimate, it’ll send it to your junk mailbox. A dedicated anti-spam service can also protect you against impersonation attempts such as CEO fraud and making sure that you are aware of an email that appears to come from someone internal to your business, but it’s sent from external.
Fraud emails are up 2,370% since 2015 according to a report produced by MailGuard. So you need that to help you identify and stop these phishing attempts.
We’ll let you know if your anti-spam service is running and if it is capable of impersonation detection.
Macro Lockdown
I think we’ve all heard of macros. That’s that handy piece of functionality in Excel and Word documents. They help you automate tasks. But it’s also one of the biggest security vulnerabilities being exploited at the moment. According to a report by Avira the 2nd quarter of 2020 saw an increase of 30% in Macro based attacks.
We can’t live without macros, but we sure can tighten our security around them. Yes, this adds overhead to your day-to-day when you receive a macro document that you need to execute, but if you run a malware-based macro, you’re basically giving the hacker access to all the information on your computer.
That’s why you need to spend time making sure you don’t take any shortcuts when you receive a new file with a macro on it.
We’ll check to see if your macro settings are up to standard. Office macro lockdowns are a mitigation strategy by the Australian Cyber Security Centre, and it’s part of their Essential Eight strategy.
Website Firewall Application (WAF)
You might say,
“My website? How could that be a target? It’s just a brochure website. It lists our services, about us, and contact page.”
Hackers out there don’t target your business based on how big, or how small, or how sophisticated your website is. They don’t care if you process credit cards on there or not.
They simply want to take it over so they have another platform at their disposal to do their dirty work, whatever that might be.
That’s why you need to protect your website no matter how big or how small it is.
A web application firewall can help you do that. It sits in front of your website and it inspects the traffic that is going to it, and it can make decisions on whether it’s legitimate traffic or not. Your website might be vulnerable but a web application firewall can act as a virtual patch to that. So you need to make sure that you have a web application firewall in place. All of the websites Intuitive IT host for their clients sit behind a WAF.
They’re the key nine areas that we will test in our audit. The audit itself will be run over the course of a two week period. At the end of it, you will receive two reports.
The first thing, a traffic light report covering those nine key areas, and the second is the dark web monitoring results. Once you receive these reports, we’ll sit down and go through with you what these issues are, and then we can discuss what remediation you want to undertake.
The report itself costs $750 ex GST. If you’re interested, please check out the sample documents below and go from there. We’re looking forward to helping secure your business environments from cybersecurity threats.
About the author
Yener is the founder and Managing Director of Intuitive IT. Prior to running his own business Yener worked for a number of corporate organisations where he gained invaluable experience and skills, as well as an understanding of how IT can complement and improve business outcomes.