Certified Professional

Congratulations to our founder, Jerome, who was recently awarded professional recognition as a Certified Professional in Cyber Security by the Australian Computer Society (ACS).  This status provides business, government and customers with assurance that his expertise has been independently assessed and validated by the ACS, Australia's professional association for the Information and Communication Technology sector.

As member, he is also accredited under the International Professional Practice Partnership (IP3) and has limited liability by a scheme approved under the Australian government's Professional Standards Legislation.

Data Breach Legislation

The Notifiable Data Breaches Scheme (NDB) provides additional legislation to the privacy management framework, setting out the process that requires organisations covered by the Australian Privacy Act 1988 to notify individuals at risk of serious harm by a data breach.  Penalties, rectification and restitution can be levied against an organisation over a data breach event occurrence. Not all data breaches are notifiable, the legislation only requires organisations to report breaches when it is determined that a data breach would most likely results in serious harm to individual(s) whom the information relates.  The Office of the Australian
Information Commissioner (OAIC) opened comments, which ended August 2017, to engage the public in providing feedback for the draft legislation.

It is highly recommended that all organisations, who come under the Privacy Act, prepare for the NDB Scheme which is set to commence 22 February 2018.  The OAIC website has drafts of the scheme, highlighting who must comply, how to identify data breaches and other resources to help prepare for the commencement of the scheme. Review the scheme, assess and shore up any weak points in your organisation in relation to handling and storage of information, train staff to take appropriate steps to handle information in a secure manner, monitor and audit all information transactions and have a policy in place to deal with data breaches.

https://www.oaic.gov.au/engage-with-us/consultations/notifiable-data-breaches/

Windows 10 Offer Expiry & new major update

Microsoft haven't exactly been trumpeting the imminent expiry of the 1 year free upgrade offer over the airwaves, but come 29 July 2016, the offer will expire and you will have to purchase a copy of Windows 10 if you wish to upgrade. Pricing for Windows 10 Professional is around $220 inc GST.

Having said that, it is in your best interest to test Windows 10 with your apps, before committing to an upgrade of all PCs in the office. There could be issues with compatibility, necessitating fixes or upgrades to your software, as part of upgrading Windows 10.

Microsoft have also announced that the next major update to Windows 10 will be released on 2 August 2016, this is only a few days after the expiry of the free upgrade offer. Because of the policy of mandatory installation of updates with Windows 10, you need to ensure that this major update is tested on a couple of PCs before rolling it out. Configure the update policies accordingly to defer the upgrade for a month, in order to give you adequate time to test and prepare.

Brute force and vulnerable modems

Akamai, a content delivery network company that works behind the scenes of many companies like AirBnB and Audi as examples, help to increase web performance and connectivity by using intelligent algorithms and heuristics to re-distribute the load across their own cloud of servers. During their time of sorting and re-directing the many connections, they've analysed the data streams and discovered some rather alarming activities. Hackers were using over 1 million compromised Internet connections to target a financial institution and make numerous login attempts with 65 million email addresses. Akamai also found that a lot of these connections were using modems that had known backdoors or vulnerabilities. What this means is the hackers have hijacked the modem using a method of bypassing the modem's security to gain full control of the device and use it for their own nefarious purposes. What can you do to mitigate this? Ensure your modem's firmware is up-to-date by checking the manufacturer's website to see if updates are available. Invest in a reputable Unified Threat Management (UTM) device like the Sonicwall TZ series of devices. This will help prevent your connection from being compromised and you being the scapegoat for malicious acts. http://news.softpedia.com/news/attackers-used-nearly-one-million-ips-to-brute-force-a-financial-institution-505413.shtml

Passwords. Passwords, Passwords

There has been a recent spate of attacks on popular websites like Twitter, LinkedIn, Myspace and now car forums, http://www.zdnet.com/article/hacker-steals-45-million-accounts-from-hundreds-of-verticalscope-car-tech-sports-forums/ where hackers have stolen millions of accounts which include usernames and passwords. This is becoming extremely concerning for people who use the same credentials for various websites, especially sensitive websites like myGov, Internet Banking and work.

Typically, passwords are hashed and salted, meaning that the actual password itself is not saved, but run through special algorithms to generate a different unique set of characters. But given enough information, hackers can reverse engineer and guess the user's actual password, especially if the same one is used multiple websites that have been compromised. Once they have worked out your password, it's a simple matter of trying it on more sensitive websites to steal your personal information, drain your bank accounts and wreak havoc on your life.

The best way to mitigate this is to have a different password for each website you frequent. But let's face it, everyone uses several different websites daily and the sheer number of passwords you'd have to remember would simply make it too cumbersome. Therefore, the next best thing to do is to have a different set of passwords for the more sensitive websites, like Internet Banking, Facebook and work, while using the same password for websites that are deemed "expendable". That way, it won't be the end of the world if a car forum you post to regularly gets hacked.  You can simply reset your password and do the same for the other "expendable" websites the next time you login.


T: 08 9457 7247
E: help@critical-it.com.au

Liability limited by a scheme approved under Professional Standards Legislation