You may have been using Windows 10 for some time now, but it’s likely that you haven’t mastered all of its features just yet.
Did you know that you can create your own fonts?
In the Windows store, you can get the “Make Your Own Font” app, a great way to add a personal touch to anything you may need to write. For example, you could even send an email in your own handwriting!
All you need to do is fill out the alphabet letter by letter (lower and upper case) as well as numbers and symbols. Then you name it, save it, and upload it via Control Panel > Fonts.
The next time you’re drafting something and find that Times New Roman is too formal, you’ll be able to switch to your personalized font instead.
Let us know what you think about this Windows 10 tech tip. Just reply to this email. Over the next few weeks, we’ll have more Windows 10 tips for you.
The top concern for CEOs today isn’t competitors or a recession — it’s cybersecurity. See why this is becoming the biggest challenge for an organization’s top executive.
Why Today’s CEOs are Worried About Cybersecurity
A business’s top executive has plenty on their minds: the potential of a major recession, competitors nipping at their heels and a shortage of talent. However, none of these hot topics are the top concern for US CEOs in 2019 — that banner falls to cybersecurity. When there are so many other issues facing organizations, why is cybersecurity the highest business concern for CEOs? Perhaps part of the issue is the continual cycle of mainstream media coverage of the massive breaches such as Equifax in 2017 that affected millions of individuals and can cost billions of dollars to resolve. It could also be the high-profile challenges that Facebook, Yahoo, Under Armour and Marriott have been facing over the past few years. A recent poll of over 1,400 CEOs and senior executives by The Conference Boardpoints to some of the reasons cybersecurity is a top strategic consideration for CEOs in 2019.
CEOs Struggling to Find the Right Cybersecurity Leaders
One of the key threats facing today’s CEOs is the ability to adequately resource their cybersecurity teams. This relatively new need is one that is causing a significant shortage in the hiring market, with organizations wrestling with budget requirements for an increasingly-expensive skill set. Unfortunately, the dearth of talent is not just at the executive leadership level, it is also causing IT departments around the country and the world to flounder as they attempt to staff up to meet the growing needs of cybersecurity as well as data compliance requirements. These individuals will be in high demand for the foreseeable future as gaining knowledge about cybersecurity requires time and investment in education. Savvy CEOs and other technology leaders have been growing these skills internally for the last several years, but having a split focus between cybersecurity requirements and their “day job” can quickly cause individuals to fall behind in the ever-changing security landscape.
Keeping Cybersecurity Initiatives in the Limelight
It’s relatively easy for CEOs to keep shorter-term strategies top-of-mind for their executive teams, but there are no quick solutions to enhancing your organization’s cybersecurity. This requires a long-term, focused effort — and resisting the siren songs of short-term gains to ensure that your strategic focus on IT security stays in place. Changes in the economy or in the competitive marketplace may tease CEOs to redirect some of the funds or teams to other parts of the organization, but it’s crucial that top executives stay in tune with the benefits that cybersecurity provides to the organization. In many cases, the changes that need to be made to make your organization more secure will also have payoffs in the efficiency of your operations, too.
Marketplace Perception of a Data Breach
The extremely negative perception and sheer quantity of negative publicity that can come with a data breach are reason enough for CEOs to be overly concerned about the cybersecurity within their organization. It doesn’t take long for smaller, leaner competitors to enter many marketplaces, and these organizations can receive positive publicity if larger organizations are caught up in a breach situation. How the business handles their communication around a massive breach, ransomware or other cybersecurity incidents can be as damaging as the incident itself if the CEO isn’t careful. These situations require a great deal of proactive communication and notification to customers along with the major effort required to evaluate the incident and begin remediation. Without a comprehensive incident response plan in place, the situation becomes that much more difficult for leaders throughout the organization.
Creating a proactive field for cybersecurity does start at the top, which makes it encouraging that CEOs are considering cybersecurity their very top initiative for 2019. As long as this focus on IT security and the value for the business continues strong over the next few years, businesses should be able to prepare adequately to weather this type of storm.
Businesses that offer WiFi to their customers or have sensitive data needs should consider network segmentation as a necessary component of their IT solution.
With network segmentation, your wireless services are separated into different parts, allowing you to better control access and data flow.
Network segmentation splits your wireless services into different segments or subnetworks. By establishing separate networks, you significantly reduce your company’s security risks.
Instead of putting all your corporate and guest traffic on the same WiFi network, segment the activity to keep sensitive data apart from visitors, reduce risk.
Why?
When devices are connected to the same network, by default they can “talk” to other devices on the same network. That increases the potential for devices to listen to network traffic without any rules or monitoring in place.
The risk is lower if all the devices on your network are trusted and managed by your company. However, you could have a problem when less trustworthy devices are connected, such as guest and visitor smartphones, legacy computers and servers, or employee personal devices.
How Does Network Segmentation Work?
Network segments are designed with their own hardware and only allow credentialed users to access the services. Rules are built into network configurations to determine how devices on subnetworks can connect with each other.
Network segmentation limits the impact if there is a system intrusion by containing the threat within a subnetwork.
What Does a Typical Segmented Network Look Like?
For many small- and medium-sized businesses, there is only a need for a simple, two-subnetwork structure. A corporate subnetwork would be used for company-owned and -managed devices, providing access to the internal company subnetwork and, through a firewall, to the internet.
A guest subnetwork would be built to provide access to the internet only, also through a firewall. It keeps those guest devices disconnected from the corporate subnetwork from the start. Employee-owned devices can also be connected to a guest subnetwork.
Your business, whether it’s a medical practice, retail operation, auto dealership or professional services firm, may want visitors and guests to have WiFi access. It’s an appreciated service for those who need connectivity and do not want to use up their allotted data. If that service is the expectation or norm, you want to make sure it’s done carefully.
What Are the Security Benefits of Network Segmentation?
Security is the primary reason to choose network segmentation. The benefits are considerable
Stronger Security Standards. Segmentation allows you to better protect your most sensitive data. With layers of separation among your segmented networks, you’re putting up additional barriers to all users — whether well-intended or not.
Slowed Access for Attackers. If there is a breach to one segment of your network, it will be more difficult and take more time for the attacker to reach other parts of your system.
Minimized Threat from Outside Devices. Outside devices may have been hacked for the sole purpose of accessing corporate networks when connected. Often hackers install programs that lie dormant until connected to a wireless network. If compromised guest devices are contained within a subnetwork, the impact is minimal.
Better Policy Development. Strong network segmentation means your company can better restrict user access. Using a policy of least privilege lets you limit user access to files and systems to only what’s necessary.
Limited Damage. Network segmentation lets you reduce any damage inflicted by successful attacks. A breach to a single device within a subnetwork will mean less time and money to repair the damage of a widespread, system-wide assault.
Improved Performance. An added benefit of having segmented networks are the performance gains. With fewer devices on each subnetwork, local traffic is minimized and broadcast traffic can be isolated and prioritized.
What’s Needed to Start Network Segmentation?
If your internal IT staff does not have experience with network configuration, it’s a smart move to work with a local managed services provider to complete the project. Your business should do the following in preparation for a segmentation project:
Identify your network and data security needs, including the sensitivity of data you use and the business impact of compromised data and system downtime
Know where the data you want to keep safe is stored and how they could be separated
Determine who needs access to information on your network and limit access to only what is necessary by department or role
Identify those who will be responsible for monitoring and maintaining your network. A managed IT services company can do both remotely with net-generation firewall solutions
Network segmentation is a strategic move to keep data protected and accessible only by those who need it.
Out of all of Microsoft’s Office programs, Excel is one of the most universally used. What started out as a fairly basic spreadsheet program has evolved into a must-have business tool. However, the more you use Excel, the more data your workbooks will accumulate.
Keeping these workbooks organized and easy to navigate can be a challenge. We can help with that. Check out our short Excel: Tips and Techniques for Managing Workbooks training video, available to you free and on-demand.
myGov Outage Upsets Tax Return System Causing Mayhem
If you’ve experienced difficulties with the Australian Government’s myGov website, you aren’t alone. The myGov portal — the online system that Australians use to access their employer payment summaries for tax purposes and to access Medicare and Centrelink services — was down on Friday morning, July 12th. Later, a tweet went out announcing services had been restored, but there might be further issues logging in as the system booted back up.
However, while Tax Office service through myGov were affected, the ATO stated that tax returns were still being processed and paid as usual. ABC News reported that the issue with myGov was “a technical issue with a communications switch,” unrelated to the Telstra outage. A spokeswoman for the ATO said that they were working to restore services as rapidly as possible and the shutdown would not have any impact on people who had already lodged their tax returns. In fact, the ATO had already processed more than one million tax returns with a value of $882 million paid into accounts that morning. In addition, 110,000 tax refunds worth $292 million would be paid to recipients that same afternoon amounting to a total of 500,000 refunds worth $1.2 billion into people’s bank accounts.
Another spokesman for the Minister for Government Services, Stuart Robert, also issued a statement that the system was down, causing problems with access and speed with myGov. Apologies were also issued.
Extended Reporting Deadline for Welfare Payments
The shutdown also caused problems for people who needed to report for welfare payments. One recipient stated the fear that all recipients might have. He was worried that he would be penalised for not reporting his job search efforts on time due to the myGov outage, causing a docked payment. This man, a 55-year-old living on the central coast of NSW, had been searching for a new job since January, but currently was relying on Newstart. When he called his employment services provider, they told him they didn’t control myGov, so he was out of luck. After that, he was worried that Centrelink would impose a penalty because he couldn’t log in. That assumption turned out to be false according to a statement from a Department of Human Services spokeswoman. She further related that “all services are now available, however a small amount of people may still experience intermittent issues logging in as we return to full capacity.”
An investigation is already underway to determine the cause of the shutdown, but it wasn’t due to a cyber attack. She also confirmed that all regular payments were dispersed overnight, and apologised for any inconvenience the outage caused for users. The deadline for reporting employment income was extended until 7:30 pm AEST, and it was suggested that only people with urgent business use the site until it was fully restored.
One user, Jeffrey, who lives on the south coast of NSW, complained that his pension payment didn’t appear in his bank account as stated. It normally appears every second Friday morning according to ABC News. He tried to call Centrelink, but wasn’t able to connect. He was worried about being late on his rent payment.
Telstra Apologises for Expensive Retail Outage
Telstra offered an apology to customers after a national outage Thursday, July 11, in the afternoon which was caused by an unusually large volume of traffic across the network in New South Wales.
Telstra has apologised to its customers following a national outage on Thursday afternoon, saying it was caused by “an unusually large volume of traffic across the network” in NSW. The outage took place from about 2:30 pm through late evening, and shut down electronic payments at several retailers including Caltex and Woolworths, and some banking services. In an interview with ABC News, Dominique Lamb from the National Retail Association said,
“Given both the time of day and the businesses affected, the Telstra outage certainly caused a large degree of inconvenience for both shoppers and retailers yesterday. As some shoppers would have paid with cash instead or simply delayed the purchase of essential items, such as groceries, it is still a little difficult to ascertain the exact cost to retail sales at this early stage. The amount in lost sales could be as high as $100 million for the day, however, hopefully much of it will be recouped by customers simply doing shopping today and tomorrow rather than yesterday.”
Telstra said it would consider compensating businesses, and that their account executives are discussing the impact on revenues with their customers. The Telecommunications Industry Ombudsman (TIO) urged customers to contact Telstra first, but contact the TIO if their issues were unresolved.
Cyber Attacks Ruled Out by Telstra
The ATO and Telstra have faced several outages and technical issues disrupting service to customers in recent years. Twitter also had a worldwide shutdown on Thursday, July 11, which affected their stock price. It’s unknown whether the Twitter outage was caused by Telstra. Telstra did rule out a cyber attack as a cause of their outage. It did affect Telstra’s IP services including EFTPOS, ATM and other payment platforms.
One Problem with Going Cashless
Telstra’s outage did bring to light potential issues for Australians relying on a cashless society. During the shutdown, consumers couldn’t make electronic purchases, and also couldn’t withdraw cash from ATMs.
Telstra’s outage on Thursday highlighted potential problems of Australians increasingly relying on a cashless world. In November 2018, Reserve Bank of Australia Governor Philip Lowe stated that cash will become a niche payment sooner than people may think. The RBA reported that Australians make an average of 500 electronic payments per year. There has been a decline in cash use, however, the value of banknotes on issue has increased relative to the size of the economy. In November 2016, a survey of consumer payments based on a number of 1500 people found that although the share of payments made in cash continued to fall, case was still used for more than 1/3 of consumer payments. Cash was primarily used in transactions less than $10, and older people were more likely to hold more cash.
Out of all of Microsoft’s Office programs, Excel is one of the most universally used. What started out as a fairly basic spreadsheet program has evolved into a must-have business tool. However, the more you use Excel, the more data your workbooks will accumulate.
Keeping these workbooks organized and easy to navigate can be a challenge. We can help with that. Check out our short Excel: Tips and Techniques for Managing Workbooks training video, available to you free and on-demand.
Do you know about the “Dark Web”? It’s the part of the Internet where your private data – passwords, social security, credit card numbers, etc. – could be for sale right now. Do you know how to check if they are?
The Internet isn’t all funny videos and social media.
Between phishing, malware, and a seemingly never-ending list of scams, there are a number of serious dangers that are important to be aware of.
But there’s an even a darker corner of the web where few people dare to venture that can have a wide-reaching and severely damaging effect on your business: the Dark Web.
Recently, cyber thieves released a huge list of compromised emails and passwords known as Collection #1. It contains 773 million records, making it one of the largest data breaches to date. If your information has ever been breached, it’s most likely on this new list – and that list is on the Dark Web.
Even the federal government has had a hard time locating those responsible and stopping them. The Department of Homeland Security made their first bust involving criminals selling illegal goods on the Dark Web just last year. The arrests were made after a year-long investigation. Though this is good news, it doesn’t even scratch the surface of all the criminal activities taking place on the Dark Web.
The bottom line is that you can’t wait around for the government or anyone else to protect your business from cyber thieves. You have to be proactive about securing your database. Your personal and business information should not be for sale on the Dark Web, but how can you stop this?
What Is The Dark Web?
The Dark Web is a small part of the much larger “deep web” – the common name for an extensive collection of websites that aren’t accessible through normal Internet browsers. These websites are hidden from the everyday Internet — or Clearnet — users through the use of overlay networks.
They’re built on the framework of networks that already exist, and there are a lot of them. In fact, the Deep Web makes up the majority of the information online. Which, when you consider how vast the corner of the Internet you frequent is, is nothing short of terrifying.
This unseen part of the Internet is a perfect place for less than scrupulous individuals to connect, network, and share tools, tips, and information. And it should go without saying that whatever their up to on these sites is nothing good.
Personal information such as school and medical records, bank statements, and private emails are all part of the immense Deep Web. To gain access to this information, you must be able to access an overlay network using specialized software and passwords. This is a good thing, because it keeps sensitive information safe, and prevents search engines from accessing and indexing it.
Why Is The Dark Web Used To Sell Private Information?
The added security of the Deep Web makes it attractive for those who want their online activities to remain anonymous. Unlike the Deep Web, which prevents outsiders from accessing information, the owners of Dark Websites allow anyone with the right browser to access their sites. One of the most popular of these is The Onion Browser, more commonly known as Tor.
The Dark Web is like “The Wild West” of the Internet. It’s an area beyond the reach of law enforcement, hence the complete lack of regulations or protection. Although not everyone who uses the Dark Web engages in illicit activities — it has a history of being a platform for political dissidents and corporate whistleblowers — many visitors are there for less than upstanding reasons.
Cybercrime costs US businesses billions of dollars each year. The majority of information hackers steal from businesses ends up on the Dark Web for sale to identity thieves and corporate spies.
But, the real danger is that it provides communication and educational training ground for hackers and would-be hackers. Although the competition among different hacking groups is fierce, there’s still a willingness among cyber criminals to share techniques and assist one another.
It’s this access to the “tools of the trade” and the guidance required to pull off successful hacks, attacks, and scams that makes the Dark Web so dangerous to your business. Anyone with the time and inclination to learn how to steal valuable data from your business can check out an online tutorial or two, pay for some basic hacking software from one of these marketplaces, and set their sights on you.
While they might not be the stories that make national headlines, small and mid-sized businesses are targeted every day by cybercriminals looking to make a fast buck.
How can you protect yourself?
When a news story comes out about a large corporate hack, businesses often scramble to learn how they can better protect their businesses – but that’s the wrong time to start thinking about it.
Don’t wait until a breach occurs – start protecting yourself now. The advice you should follow centers around educating your employees about the dangers of online crime and developing company procedures to prevent it from happening.
The first step is to make sure you (and your staff) use stronger passwords…
Top 4 Password Mistakes To Avoid
Length and Complexity
Keep in mind that the easier it is for you to remember a password, the easier it’ll be for a hacker to figure it out. That’s why short and simple passwords are so common – users worry about forgetting them, so they make them too easy to remember, which presents an easy target for hackers.
Numbers, Case, and Symbols
Another factor in the password’s complexity is whether or not it incorporates numbers, cases, and symbols. While it may be easier to remember a password that’s all lower-case letters, it’s important to mix in numbers, capitals, and symbols in order to increase the complexity.
Personal Information
Many users assume that information specific to them will be more secure – the thinking, for example, is that your birthday is one of a 365 possible options in a calendar year, not to mention your birth year itself. The same methodology applies to your pet’s name, your mother’s maiden name, etc.
However, given the ubiquity of social media, it’s not difficult for hackers to research a target through Facebook, LinkedIn, and other sites to determine when they were born, information about their family, personal interests, etc.
Pattern and Sequences
Like the other common mistakes, many people use patterns as passwords in order to better remember them, but again, that makes the password really easy to guess. “abc123”, or the first row of letters on the keyboard, “qwerty”, etc., are extremely easy for hackers to guess.
Maybe you think your passwords are fine.
It’s certainly possible – but it’s one thing to skim over a list of common password mistakes and assume you’re probably still OK.
Sure, maybe that one password is based on your pet’s name, or maybe that other password doesn’t have any capitals or numbers – what’s the big deal, really?
If you’re so confident, then why not put it to the test?
Probably not as well as you’d hoped, right? The reality is that truly complex passwords can be difficult to come up with, and even more difficult to remember.
Top 3 Tips To Keep Your Data Off The Dark Web
Train staff members on the proper handling of corporate data and procedures to limit data loss, including ways to handle phishing scams.
Besides an initial onboarding training session, all employees should attend refresher courses throughout the year. The vast majority of cybercriminals gain access to a company’s network through mistakes made by employees.
Require the use of strong passwords and two-factor authorization.
It’s advisable that you assign strong passwords to each individual employee to prevent them from using passwords that are easy to guess, as well as implementing two-factor authorization.
Consider investing in hacking insurance and conduct penetration testing.
Unfortunately, all these tips are meant to be preventative – they’ll increase your security and protect against cybercriminals taking your data in the first place. But what if you’ve already experienced a breach?
How can you find out if your data is already up for sale?
What About Dark Web Scanning?
There’s only so much you can do on your own – but there are now more direct ways of checking whether your data has been compromised on the Dark Web. Many security vendors now offer cyber-surveillance monitoring solutions that can scan the dark web for your credentials.
One of the most popular of these solutions is Dark Web ID, which is designed to detect compromised credentials that surface on the Dark Web in real-time, offering you a comprehensive level of data theft protection – it’s an enterprise-level service tailored to businesses like yours.
This Dark Web monitoring solution keeps tabs on the shadiest corners of the online world 24 hours a day, 7 days a week – no exceptions.
Features include:
Security Awareness to keep your staff prepared to spot and stop hackers from harming your business
Password Manager to help you and your staff maintain complex, hard to crack passwords
Multifactor Authentication to prevent external parties from accessing your systems with stolen passwords
Data Leak Prevention to make sure the integrity of your business data
Vulnerability and Patch Management to make sure no weakness in your cybersecurity is overlooked.
This isn’t a matter of “what you don’t know won’t hurt you”. In fact, it’s the opposite. You can’t afford to ignore the dark web.
Out of all of Microsoft’s Office programs, Excel is one of the most universally used. What started out as a fairly basic spreadsheet program has evolved into a must-have business tool. However, the more you use Excel, the more data your workbooks will accumulate.
Keeping these workbooks organized and easy to navigate can be a challenge. We can help with that. Check out our short Excel: Tips and Techniques for Managing Workbooks training video, available to you free and on-demand.
Cloud Storage vs. On-Site Data Housing: Factors for Healthcare Organizations to Consider
Internet technology has opened the way for data storage to be far less cumbersome for modern healthcare organizations. After all, handling all the incoming data in a modern practice is not all that easy. Many organizations have jumped on board and went after a cloud-hosting solution, but is it really necessary if you have room for on-site data storage in your facility? Here are a few factors to consider before making the final decision on cloud storage versus on-site data housing for your healthcare organization.
Compliance is a core concern for many healthcare organizations with cloud-hosted data storage.
Cloud-hosted data is great; it is convenient and does not require investments in expensive hardware. However, in a field where strict adherence to privacy regulations is a top concern, off-site data storage can be something that’s a bit off-putting for some healthcare companies. You lose a certain level of control over the data when it is stored off-site with a cloud-hosting provider. The digital records are not on-site at the facility, so you have to have full trust in the host for the sensitive data, and sometimes that sense of trust is hard to foster to provide you with full confidence.
Of course, on-site data housing comes with its own compliance concerns as well. Proper security measures have to be in place for the data itself, the systems you used to house that data, and the physical location of the data center. The primary difference here is that if you choose to go with an on-site data storage solution, you will know what levels of protection you have specifically because you had a hand in implementing those safeguards. With cloud-hosted data storage for healthcare, you are at the mercy of the provider.
Setting up your own data center can be a lot of work and money.
One of the pitfalls of keeping data on-site is the fact that it can involve a lot of effort and quite an investment. There are several factors to consider before this kind of implement takes place. You will have to look at:
What type of computing hardware your organization is going to need.
If your organization has the electrical infrastructure to offer full reliability and avoid problems with outages.
How you will implement a cooling system to keep the data center cool due to high levels of heat generation in the space.
What type of security you will also implement to keep the physical location secure from outsiders.
If you are capable of utilizing the right operating systems and software to coincide with the on-site data servers.
The bottom line is, you have to consider if building your own on-site data storage in healthcare is worth it or if it would be best to go with the more modern solution. There can be numerous costs involved and a great deal of planning. Some organizations are more equipped to handle these changes than others. For the most part, small and midsize operations simply won’t have the time or funding in most situations.
Don’t forget that hybrid data hosting is also an option.
If you’re not equipped financially to handle a full investment in an on-site data storage system but prefer to keep some legacy applications private in your own data storage systems, you do have the option to go hybrid. According to Forbes, this setup is quickly becoming one of the most popular in healthcare. In general terms, a hybrid model allows you some on-site data storage and some off-site cloud-hosted storage as well. These models are being used quite frequently in smaller operations because they make good sense, allow the operator that sense of control they want, and are financially appealing.
There’s really no one-size-fits-all data storage solution for all healthcare organizations. The important thing to do is to consider all of the pros and cons of each setup and take into consideration the resources and space you have available before settling on a particular data storage solution.
Phishing is one of the most commonly-used cyberattacks in Australia. Statistics from the Office of the Australian Information Commissioner show that phishing accounts for 39 percent of all breaches reported. Therefore, it’s important to be aware of how to protect yourself at home and at work from phishing.
How does phishing work?
The victim receives an email that is simple in format and generally personalised and potentially from a known sender. It may look like an official email from a known organisation or company, and it invites the victim to click on an embedded link. Wording varies, but it may say, “click to learn more” or “click to see the image.” After clicking, the victim is redirected to a webpage and asked to enter their user name and password or for other personal information. Once the personal information is filled in the attacker then sends emails to everyone in the victim’s address book and the cycle repeats.
It’s a spam email issue?
It is and it isn’t. While having spam email issued from your own email account is annoying and a problem, the larger issue is that the victim has given the attacker their user name and password. With an email and password, the attacker can easily hack into anything the victim uses that email and password for. Most people repeat email and password data for multiple accounts. In the world of cloud storage, this can be several accounts including email, CRM, file storage, banking, and proprietary applications.
Will changing the password mitigate further damage?
Changing your password is a start. Depending on what each account holds, it may be appropriate to cancel or disable the account and set up a new one. However, an aggressive attacker can get into a lot of personal and/or sensitive information from the original login information. Changing just one email password may not be enough. You may need to change all of your work and personal passwords.
How can I know if changing the password has solved the problem?
Look for history of logging in and out of accounts. Once you change the password, there should be incidents of logging failure (from the attacker). However, there is some lag time, because your login information may access more than one sub-account or cloud account synchronised to the main account.
Once the password is changed, am I clear?
No. Depending on what has been accessed, the breach may fall under the Privacy Act and Data Breach Notification. If you’re at work, discuss your breach with the IT department immediately, so they can take the appropriate action. Within an organisation, it’s possible that you aren’t the only person affected, and other people may have fallen for the same trap. Everyone who received the same email should delete it completely without clicking on it. Communicate with anyone who is involved and determine whether this needs to be reported to the Commissioner.
All accounts are secure and communications sent. What next?
Once the fire has been put out, there still may be lingering security issues to strengthen or counter. These can be talking to IT to double-check everything, blocking email addresses, or improving the filters. Then you’ll have to investigate the compromise to see if it is an “eligible data breach” according to the NDB scheme.
You will have to ask some hard questions such as what information has been sent and received via email, stored in the cloud, or accessible via their login. Ask if that data were to be made public knowledge, what would the consequences be? Is there any kind of financial or personally identifiable information (PII) available? Will anyone come to harm (physical, financial, reputational, or emotional) as a result? In Australia, you have 30 days to conduct an investigation to determine whether it is an eligible data breach. If you’re certified for the European Union (EU) General Data Protection Regulation (GDPR), you have 72 hours to decide. Check with your legal department for further instructions.
Anything else?
For better results in the future, it’s helpful to repeat training with all employees yearly on how to identify phishing and what to do in the case of a cyberattack.
