As a Certified Xero Practitioner we are encouraged to keep up to date with smart practises and most importantly our online security.
If you are a Xero user, or you use cloud software it is important that you understand what you use that is considered to be the cloud and what is not. Online banking, twitter, Skype, Facebook, Xero, Salesforce, Mailguard, LinkedIn, ebay are all cloud based.
Cloud apps enhance a layer of security to your online presence.
You need to be aware that email is an area you should be very diligent about when you open or download an attachment as scams are very sophisticated.
Email is delivered two ways into most businesses corporate mail and staff emails like Hotmail where Trojans can be downloaded onto the companies servers.
In the old days there were the Nigerian scams, but they have become more clever using brands we are familiar with.
Things like banking, Paypal and ebay notifications however, we may not take the usual precautions of checking where their origin are and click out of habit.
Which can then lead to our busness server network or our computer being phished.
Email security is not always black and white, but the statistics state that there is a 1/4 success rate with these type of phishing emails.
If in doubt, contact the bank, Paypal or ebay first to verify.
It’s a little hard sometimes when you get Australia Post or ATO email, but just be aware and cautious.
TOP TIPS FOR PHISHING
1. Never click through to a url you do not recognize
2. Never provide details online until you verify the source through a traditional method
Is a three part email process that is carefully targeted through research.
1. Are you at your desk from say a CEO of your company
2. Please do not tell anyone what I am about to request you to do
3. Requests you to pay money to a certain account.
This diagram taken from Astrid ID is excellent ( source http://www.astraid.com/spear-phishing/)
Crytolocker is known as “ransom ware” which locks all your files unless you comply and pay money to have your files unlocked.
To have this occur to your computer, you need to have clicked or accepted something for it to occur.
This can occur through corporate or a staff email which can range from $100’s or $100’000’s to unlock the system.
It is not uncommon for businesses to be hit two or three times if they have not updated their system security.
It can even appear like a Microsoft update, so it is quite sophisticated and you need to be very careful what you accept and download.
IS ANTIVIRUS ENOUGH?
No, this is software that needs to be updated. Criminals are all about financial gain, so they know what virus software is, when it’s updated and what the lag time is.
Using multiple techniques like Mailguard and other cloud type real time software.
Staff education is also very important, particularly when it’s a email from a corporation’s CEO.
ANTIVIRUS AND MALWARE – WHAT IS THE DIFFERENCE?
Antivirus is a software that is looking for data that might place a potential threat where Malware deposits or damages your computer immediately.
WHAT ARE THREE THINGS YOU CAN DO TO KEEP YOUR DESKTOP MORE PROTECTED?
1. Have a business recovery plan in case your system is corrupted
2. Keep your antivirus software up to date, windows firewall and investigate using a third party real-time security software as well.
3. Educate your staff about phishing, spear phishing, malware and other online threats
BAS Agent and Bookkeeping