Exploring best practices for the management of AUSkey data and access

It was just last year that the Australian Taxation Office (ATO), reported that the online ATO portals of countless Australian businesses had been targeted by malicious cybercriminals. The ATO quickly notified all businesses to review AUSkey access control after identity thieves gained unauthorised access in hopes of forging or changing business banking information.

For a little bit of business-tax background, an AUSkey allows businesses to securely access a central hub of government and tax services. In addition to ATO access, AUSkey data allows businesses to access Australian Securities and Investments Commission (ASIC) and Australian Business Register (ABR) portals.

ATO Warning: Maintain High Standards for AUSkey Access Control

It was on Monday 30 January 2017 that the ATO issued a warning to AUSkey holders that fraudulent activity has been detected. The ATO issued a formal statement and gave key recommendations for internal risk management and mitigation. The ATO also emphasised the immense risk to businesses impacted by fraudulent AUSkey activity.

“Once an AUSkey has been allocated,” the ATO statement reads, “access is gained to the Business Portal so that fraudulent Business Activity Statements can be lodged and bank details updated to accounts that are not controlled by the entity.”

The ATO offered one leading strategy for internal mitigation: AUSkey protocols must be stringent and well understood among the staff with access. The ATO went on to advise that businesses regularly document the team members who have access and ensure old employees no longer have functional login credentials. The overall extent of the 2017 ATO hack is impossible to know. However, the incident continues to serve as a reminder for businesses to better mitigate risk in today’s cybercrime climate.

A History of Attacks: ATO Frequent Target for Cybercrime Hits

In fact, this wasn’t the first time ATO portals had been subject to fraudulent AUSkey activity. The ATO reported similar attacks in both 2013 and 2015. Andrew Gardiner, a representative from the National Tax and Accountants Association told SmartCompany that the 2017 attack solidifies the true risk involved in an increasingly digital tax environment. Simply put, the financial risks to businesses are high, and professionals must be vigilant.

“Now that we deal with the ATO online on such a regular basis, people do become complacent,” Gardiner said. “People just need to be diligent – and businesses that are diligent treat their AUSkey like their credit card.”

Best Intentions Aren’t Enough: Creating A Well-Rounded Cybersecurity Approach

However, creating rigid internal standards and procedures isn’t the be-all-end-all solution to AUSkey cyber risks. Cyber-attacks happen and very often under conditions outside the control of impacted professionals. So, it’s critical to fully understand the scope of threats facing professionals in an increasingly digital finance environment. After all, these risks have the potential to impact every company’s most critical asset – their clients.

This means doing more than managing internal access and keeping track of AUSkey holders. Businesses must remain one step ahead of the increasingly sophisticated network of cybercriminals in the digital marketplace. The good news is, implementing thorough cybersecurity strategies and best practices aren’t as hard as it seems.

So, in addition to treating AUSkey data the same way as credit card data, here’s a list of strategies for keeping your team prepared and vigilant in the face of cybercrime:

• Stay in the loop – Knowing what threats you are up against really is half the battle. Staying in touch with news of the latest and most dangerous cyber-attacks allows you to remain proactive and stay informed. Knowledge is power.
• Communicate with your team – Make sure you’re talking to your team – especially those with AUSkey access – about the potential risks and cyber threats that exist. Create an environment where your staff feels comfortable to ask questions or report suspicious activity of any kind.
• Make a plan – No matter what, be sure to put down your cyber security efforts on paper in some way. Maybe you’ll schedule regular meetings to check-in on cybersecurity missions and update staff. Perhaps you’ll create a list of cybersecurity standards that all staff members must be aware of. No matter which approach you take, planning ahead is critical.
• Partner with an expert – If you’re struggling to get a concrete plan in place, reach out to experts. The initial step of asking for help can be tricky, but once you partner with a tech expert, cyber security challenges become much less daunting.

Many Australian IT service providers have extensive experience in providing cybersecurity services across Australia. They work alongside clients from Melbourne to Brisbane to ensure their networks stay secure and well-monitored.

Instead of just wondering if your business’ ATO protocol is powerful enough to stop cybercrooks, find out. Work with a professional managed IT provider and you can expect regular system check-ups. They will identify your company’s weakness and recommend security solutions designed to provide optimal protection for your network, servers, computers, and mobile devices.

Most companies today are not doing everything possible to stop cyber-intruders but if you’re ready to step up your game, then work with the best Outsourced IT services provider in your area.

Remember! Australian businesses are at risk! Don’t wait for disaster to strike. Most IT professionals offer free assessments of your current network in terms of the types and severity of cyber-attacks that might occur. Once you partner with an excellent IT services provider, they will work hard to make sure your systems are fully protected. They will also perform regular backups to all data so that if something does happen, you can quickly reinstall your programs and files and keep working.

Hackers Discover New Way to Bypass Microsoft’s Office 365 Security Protocols

Hackers have discovered an innovative method of getting those malicious URLs in their emails past Office 365’s security protocols. This was first revealed by Avanan, a company that deals in internet security. Avanan says that cybercriminals are now using a <base> tag in the HTML header employed with a URL to by-pass security and infect a computer with malware.

Officials at Avanan explained further. “At one time, email clients did not support the <base> tag, so every link needed to be an absolute URL. Support for relative URLs in email is a recent development and the behavior is client dependent. Older email clients will ignore the <base> tag, but web-based email clients, recent desktop clients and most mobile apps will now handle the <base> tag and recombine the URL into a clickable link.”

How Microsoft Safe Links work

Office 365’s Advanced Threat Protection provides a feature called “Safe Links” that compares a link found in an email against those on a blacklist. This feature was designed to catch and stop a malicious link. It was working well for all MS products until hackers discovered this workaround.

The new technique has been dubbed “baseStriker” and it’s aimed at those using Microsoft Outlook. Malicious messages can now bypass the filters included in Microsoft products using the <base> tag.

The new baseStriker program splits the malicious URL so that Microsoft’s product, Safe Links, cannot detect that it points to a malicious URL. Safe Links checks the base domain, ignoring the rest, thereby allowing the user to move on to the phishing site. A few security solutions do protect users against these new cyber-threats, including Mimecast and Proofpoint.

As part of Microsoft’s Office 365 Advanced Threat Protection (ATP), Safe Links was designed to provide a strong layer of protection against malicious links embedded in documents and emails. Microsoft diligently updates the software so that it consistently protects against the latest cyber threats. The software works by determining if a link is malicious, then replacing the bad link and alerting the user. Up to now, ATP has been considered state-of-the-art protection against phishing scams.

Microsoft investigation underway

Officials at Microsoft were contacted by Security Week and they issued a brief statement that said, “We encourage customers to practice safe computing habits by avoiding opening links in emails from senders they don’t recognize.” They also said they were investigating the claims about the new hack.

In the meantime, all security experts discourage users from clicking links found in emails—even if they seem to be from a reliable source. Best Practice for internet security is to always navigate to a web page the old-fashioned way. Open a new browser page and type in the web address. Get in the habit of glancing up to the browser line and making sure it says what it should. Periodic security awareness training is also recommended. This is a good way to remind users about the many phishing scams and malware that constantly threaten users.

Other email clients may be vulnerable

The baseStriker hack may be used in other email programs as well. This has caused all email service providers to begin checking to make sure their security protocols are still intact and working as expected. This is a timely reminder to everyone that crooks are constantly searching for any vulnerability they can take advantage of. New types of malware, worms, viruses, and ransomware are developed each year. Experts believe that Gmail, along with a few other email clients already have built-in protection for splitting the URL and will not be at risk.

Better security training for employees

Though all software developers are now working toward shutting down cybercriminals, every type of cyber defense utilizing technology has its weaknesses. The best methods of cybersecurity usually involve training employees about what to look for and remind them often that hackers never take a break from their work.

Second Chance

A new product called Second Chance offers users a way to “roll back” a decision to click a suspicious link. If the user thinks they may have clicked a bad link in a phishing email, now they can stop the process from moving forward. The software checks out any potentially unsafe link the moment you click on it. Then it informs you that you may be navigating to an unsafe website. You can then abort your actions and return to safety. While products like this do help, there are a flood of new worms, ransomware, malware, and phishing scams developed each year by cybercriminals.

Why hackers always seem to be ahead of the game

Many hackers are now backed by governments the size of China or North Korea, so they have unlimited resources to work with. A Newsweek article[1] reports that Chinese hackers have stolen billions of dollars’ worth of secrets and data from businesses and individuals all over the world. Russia and North Korea are in second and third place when it comes to cyber-theft.

The Newsweek article states that Chinese cyber-aggression toward the United States has evolved rapidly over the last few years. Chinese hackers represent a growing threat to world economies due to their disruptive nature. Today’s battlefield is no longer on actual ground using weapons and artillery. The war is being fought online—on the internet where everyone’s data is sometimes exposed to vast criminal enterprises.

[1] http://www.newsweek.com/chinese-hackers-cyberwar-us-cybersecurity-threat-678378

Many people usually turn to Microsoft’s online productivity suite, Office 365 because of the apparent breadth and depth of its features, which allow them to accomplish what they are unable to do with other similar products on the market.

With this understanding, Microsoft is rolling out updates to its Office 365 and the Office.com environment to simplify tasks and take the user experience to a higher level. Once this rollout is complete, users will be able to enjoy a much better experience across Word, Excel, PowerPoint, OneNote, as well as Outlook.

While these user experience updates are set to roll out slowly over the next couple of months, many of them are already available for Office.com users to experiment with. Microsoft has deployed new designs to a select customer group. These will be released in phases and carefully tested, so the tech giant can learn as they go.

A user centric approach

According to Microsoft, every change they are making on the user experience is focused on three key things: incorporating customer input, considering the context under which the feature will be best and most easily applied, and giving people control over their experience.

It is actually because of this user-centered approach that Microsoft is rolling out these updates gradually to allow room for incorporating the new feedback they obtain from customers during the process.

Shadow and depth on Office

As you scroll over the items on Office.com, you will notice that they pull forward with shadow and depth. This is because Microsoft is bringing its Fluent Design system to the web and to Office 365.

More importantly, Microsoft has rebuilt Office on a modern platform to be much faster and far more efficient than ever. So you’ll notice that every item you tap, such as a Word document, opens much faster than ever.

Simplified ribbon

Once you open your document, you’ll notice an updated, simplified, and better version of the ribbon. The new ribbon design will help users focus on their work and collaborate with others in a more natural and informal way.

For those who prefer to dedicate more screen space to showing commands, there is the option to expand the ribbon into the classic three-line view. This option will continue to be available to users so that everyone can choose the experience they prefer.

The simplified ribbon is first rolling out on the web version of Word. It will then become available to select consumers on Office.com and to Select Insiders in Outlook for Windows later on in July.

The simplified ribbon will not be available on Word, Excel, and PowerPoint for Windows yet. Microsoft intends to gather enough feedback from a broader set of users before implementing any changes that could disrupt people’s work. Upon rolling out the ribbon on these products however, users will still be able to revert back to the classic version of the ribbon with just a single click.

New animations

As part of the Fluent Design system, the ribbon has been improved with new animations. The user experience is improved with better speed and velocity to improve the overall look and feel. All these have been designed to be inclusive and accessible so that the user experience is streamlined.

New icons and color in the right places

Along with the new animations, users will enjoy a fresh array of new colors and icons. These will help people find the commands they’re looking for more easily. These new features were developed as scalable graphics. They render with precision on any screen size or type.

Users will be able to see the new icons and colors first in the web version of Word for Office.com. Select Insiders will see these new features in Word, Excel, and PowerPoint for Windows in late June. The new icons and colors will then roll out to Outlook for Windows in July, and ultimately to Outlook for Mac in August.

Personalized intelligent Search

Microsoft is also rolling out a new personalized, intelligent Search feature across its products. This will provide access to commands, content, and people in a more enhanced manner. This feature makes suggestions on actions you can take, the content you may be looking for, and people that you may want to connect with – all based on your past work patterns. For those who love Office 365 and even for those who may not yet be fans, these new updates promise a world-full of new possibilities.

All you have to do is place your cursor in the search box and all these recommendations powered by machine learning and the Microsoft Graph will show up.

This experience is already available to commercial users in SharePoint Online, Office.com, and the Outlook mobile app. Commercial users of Outlook on the web will also start seeing this experience in action in August.

Wrap up

These updates are a sign of Microsoft’s commitment to making its products more useful to its customers. Against this backdrop, we can expect nothing but the best user experience from these products as the tech giant continues to roll out innovative modifications.

One of the biggest problems facing American businesses today is Ransomware. In fact, it is becoming a global threat. In 2017, a ransomware attack was launched every 40 seconds and that number has grown exponentially in 2018. What are the main reasons for this type of escalation? Why can’t law enforcement or IT experts stop the growing number of cyber-attacks?

Ransomware Trends

One of the reasons involves the latest trends. The art of ransomware is evolving. Hackers are finding new ways to initiate and pull off the cyber-attack successfully. Thieves rarely get caught. So, you have a crime that pays off big financially speaking and no punishment for the crime. The methods of attack expand almost daily. Attack vectors increase with each new breach. If cyber thieves can just get one employee to click on a malicious link, they can take over and control all the files and data for an entire company.

If you go to work in the morning and find that hackers have locked up all your data and are demanding a $2,000 payment in bitcoin, do you pay it or not? Most business owners pay the ransom. It’s easier and cheaper and it gets everyone back to work much faster. One of the major keys to this cyber-attacks success is the fact that criminals keep the ransom amounts fairly low. If you can simply pay $2,000, get all your files back and move on, then why not do so?

Contributing Factors

One of the most crucial contributing factors to this crime is the cryptocurrency revolution. If criminals had to rely on bank accounts and credit cards for payment, their crimes would soon be solved and they would be caught and placed in jail. But cryptocurrency is perfect for Internet-based crimes. It’s untraceable and that makes ransomware a practically unsolvable crime.

The five major cryptocurrencies worldwide in order of their popularity are:

1. Bitcoin
2. Monero
3. Zcash
4. Ether
5. Litecoin

A recent article in The Motley Fool[1] reports that there are currently 1,658 cryptocurrencies available worldwide. That number grows each day. People love the anonymous nature of cryptocurrency. There are a growing number of questionable businesses on the Dark Web and most only accept cryptocurrency as payment. That’s because much of the sale of goods and services on the Dark Web is illegal. The only safe way to pay for illegal materials is to use a completely untraceable form of payment. The answer is cryptocurrency.

But there are other contributing factors as well:

• Social engineering
• Both known and unknown software vulnerabilities
• Poorly configured servers and workstations

Most of these vulnerabilities do have a workable solution. It’s just a matter of finding out where you are most at risk and taking steps to close up those weaknesses. A good IT managed services outfit can assess your current IT infrastructure and make recommendations for improving it. Consider it an investment in your company’s future.

It would be nice to speculate that the whole world will suddenly wake up and decide to be honest and upright in all their dealings; but that is not a realistic viewpoint. Instead, we must move forward with the resolve to create and support global internet police agencies who have the power to track down and arrest cyber-criminals. When there’s no punishment for a crime, it’s a proven fact that it will increase and even flourish.

What Can You Do As a Business Owner?

Knowing that all these things are true and things are not going to just suddenly get better, you have to ask yourself how you can protect your company from cyber thieves. The number one way that all security experts agree on is better employee training. Thieves most often trick an employee into clicking on a bad link. The human factor is the weakest link in the cyber-security chain.

But the good news is that training your employees doesn’t have to be expensive or time consuming. Ask a local security expert to come out once a month and address all your employees. The experts can educate everyone about the latest cyber threats. They can share helpful information about what phishing scams are and how to spot a suspicious email. If you don’t have the budget for it, you could even ask the security expert to do his talks on YouTube and then send links to everyone in your organization. Make watching these security briefs mandatory for all employees.

There are plenty of good resources online now about cyber theft and best practices for cyber security. If you can afford to have a local IT guru come out quarterly and speak to employees about Internet security, this will reinforce what employees have already learned.

Head in the Sand?

The problem with many organizations today is that their leaders are living in a bubble. They think ransomware attacks only happen to other people. They don’t really think they will ever be a victim of a cyber-crime. This isn’t true. Statistically speaking, your company will eventually get caught in the web that cyber thieves weave. The question is not “whether” your company will be a target, but “when” this will occur. The best course of action is simply to prepare for it.

• Educate your employees.
• Hire the best IT experts you can afford to test your network.
• Spend the money on whatever new improvements are needed to fortify your IT infrastructure.
• Make sure all software and hardware is patched and up-to-date.

Sadly, the Crypto Crime Wave is backed by huge communist governments. These countries are earning billions of dollars each year by stealing data from businesses, hospitals, charitable organizations, individuals or whoever falls prey to their scams. They sell the information online and there are always plenty of buyers for this type of data.

However, knowledge is power. Now that you know a few things about ransomware attacks and what you can do to stop them, take action! Don’t wait around until you get that awful message on your computer screen that says:

“You’ve been Hacked! Your files are frozen. Here’s what you need to do to get your computer access restored!”

Don’t wait for that day to come. Take action now to protect your company from the threat of ransomware, malware, and all the other forms of internet piracy. When business owners become more proactive about their internet security, the threat of these attacks should start to diminish. Today, American businesses are making it all too easy for cyber criminals to succeed. But as company owners become more savvy, these criminals will find it harder to earn a living stealing.

[1] https://www.fool.com/investing/2018/03/16/how-many-cryptocurrencies-are-there.aspx

Yam Jam – The Virtual Town Hall Experience That Brings Your Organization Together

If you are an avid user of Office 365 or have in some way expressed interest in Microsoft’s online environment, then you’re probably familiar with Yammer – the freemium enterprise social networking service that is used for private communication within organizations.

Also, chances are that you have come across terms such as “Yammer Town Hall,” “Yammer Power Hour,” or “Yammer Time.”  They all refer to the same thing: Yam Jam.

What is Yam Jam?

This is simply a digital meetup on the Yammer network. It provides a unique space for real-time Yammer discussions where people can exchange ideas and learn from one another. One of its strong points is that an organization’s employees have the opportunity to break the typical organizational chain of command and interact directly with senior leaders alongside fellow staff.

As such, you can look at Yam Jam as a curated virtual town hall event that is held within a designated group in the Yammer network.

Attendees within Yam Jam get the rare opportunity to interact directly with subject matter experts, company leaders, or executives as well as with one another (fellow employees). Anyone can participate in Yam Jam because it is actually an open environment on the network. They can ask questions related to the topic of discussion, learn from the experts, and share ideas with one another.

Every Yam Jam event typically lasts about an hour but they continue on after the live event is finished, which is the best part. This makes global engagement much easier and more inclusive, which can be extremely helpful for organizations with remote staff. It brings them together regardless of where they are on the planet. Yam Jam events are also scalable and measurable, in addition to being low cost and focused.

The fun thing about Yam Jam

Yam Jam is not restricted to a single shape and size. The type of event you hold on this network is determined by your specific need. There is also the option to @mention someone on the Yam Jam environment so that they get notified about an ongoing event that they can benefit from.

Thinking about hosting a Yam Jam? Here’s why you should

There’s so much your organization stands to gain from hosting Yam Jam. For starters, the events enable your employees to engage with multiple participants on Yammer, which can promote the culture of cooperation.

Participants on Yam Jam share ideas and insights with one another and receive valuable information that they can use to better their performance and productivity of the organization overall.

More importantly, Yam Jam is a means for the employees to break hierarchy and interact directly with company leadership. Participants can not only gain richer insights from subject matter experts but also get a chance to address pressing matters with the company leadership and reach solutions that may benefit them and the organization as well.

Employees can build a great deal of confidence in their senior leadership from interacting in the Yammer Town Hall. Leaders also get a good opportunity to interact directly with practitioners in a way that helps them remain connected to the massive pool of talent within the organization.

Yam Jam best practices to ensure you make the most of your events

One interesting thing about Yam Jam is that they are rather easy to organize or set up; anyone can do it. To host a successful Yam Jam, here are some tips to ensure you have your best foot forward.

Ensure your participants are Yammer savvy

Yam Jam participants need to have sufficient Yammer knowledge to effectively participate in any event on the platform. As such, it will help to do some due diligence beforehand to be certain that your team or the audience you’re targeting is well-versed on the network. Otherwise, consider offering a Yammer training session before taking the plunge.

Choose an appropriate time and topic

Participants are bound to contribute properly if the time is right and the discussion involves pertinent topics or ones with varying viewpoints. The time is right when the participants are in a position to take part. As such, it is best to consider time zones and days of the week when jobs and other similar engagements are not likely to stand in the way.

Advertise the event properly

People easily forget schedules, so it is important that you keep them properly informed about the event and the exact time, date, and topic of discussion so everyone can prepare appropriately. Remember, the more engaged the participants are, the more interaction the event is likely to achieve. The more interactive the event, the more likely it is to be productive.

Wrap up

Yam Jam can be hugely beneficial to any organization that seeks to improve and become more productive, especially if they provide participants with a proper feedback loop, or means to give feedback at the end of the live event. If you haven’t tried it yet, then no time is better than the present.