Vade Secure, a Predictive Email Defense company have released their Email Security Predictions for 2020. They have listed 6 ways they believe hacker swill target businesses over the next 12 months. Business email compromise (Spear Phishing) will be the main threat to businesses. Most of these are starting with very short emails saying something like, "Hello, are you available?". Click the link below to read more including their other predictions about sextortion emails, phishing links and data leaks. Predictions

Ransomware is something may have heard about on the news but don't fully understand. The most high profile cases this year include Baltimore City government who were hit with a loss of over $18 million and multiple healthcare provides. One of these healthcare providers paid $75,000 to recover it's encrypted files.

Companies are test phishing their employees to ensure their staff are security educated to reduce security attacks.

Multifactor Authentication security measures are essential to reduce the risk of automated attacks.

CertNZ recently published the top 11 cyber security tips for your business as cyber security attacks on businesses are becoming more and more common. You have to make sure you do everything to keep your business safe, no matter of the size of your business. This includes protecting your data, network, customer information as well as your reputation. A printable version of this guide is available at Cert NZ . 1. Install Software Updates All devices and software should be up-to-date. Installing software updates is the most effective and basic way to prevent attacks and keep the system safe. Devices should be supported by the manufacturer at any time, and software updates (patches) for the operating systems are installed as soon as they’re available. Patches are much more than adding new features to software, they most importantly fix security vulnerabilities. Installing patches prevents incidents caused by attackers who use these vulnerabilities to gain access to your system. It is to advise to put a decent security policy in place. To do list: Set your system preferences to install any new patches automatically. In case your system may need to have the patches tested before rolled out, make sure your IT support provider has a plan in place to apply them within a few weeks of release. Make sure any servers or computers that you manage for your business run on operating systems that are still supported and patched. Enforce staff to use supported operating systems and to install any patches as soon as they're available also in mobile devices. With staff using BYOD - bring your own devices, make sure they are running supported operating systems and software before they access your business network and keep devices up-to-date. 2. Implement two-factor authentication (2FA) Implement two-factor authentication (2FA) to secure your business protects both your systems and your customers’ accounts. Anyone logging in to your system will need to provide something else on top of their username and password, to verify their identity. It can be implemented on both internal systems and customer-facing systems. Credential reuse, sophisticated phishing attacks, and many other cyber security risks can be mitigated by using 2FA. To do list: Enable 2FA on your key systems, like your: email services cloud aggregator services, for example Office 365, GSuite, or Okta Cloud Connector document storage banking services social media accounts accounting services, and any systems that you use to store customer, personal or financial data. Enforce the use of 2FA for each user in the system. Focus on using systems that support the use of 2FA. They should be a requirement for any new system that your business uses. Make it mandatory, not optional. 3. Back up your data It is essential to regularly back up business data provided from customers or staff, such as employee or customer personal details, customer account credentials, generated by the organisation, such as financials, operational data, documentation and manuals, system-based, such as system configurations and log files. If data is lost, leaked or stolen, it will need to be restored. To do list: Set your backups to happen automatically Store your backups in a safe location that’s easy to get to — and isn’t on your own server and/or offsite. Consider cloud backup services and talk to your IT provider Test backups regularly 4. Set up Logs Logs record all actions been taken on your systems. Logging helps to find out when an incident may be about to occur, e.g. multiple failed logons to your network, or when an incident has occurred, e.g. a logon from an unknown IP address. Logs can be set up to alert you to any unusual or unexpected events. To do list: Set up logs for: multiple failed login attempts, especially for critical accounts. This includes services like Office 365 or GSuite successful logins to your CMS and changes to any of the files in it (if you don’t change them often) changes to your log configurations password changes 2FA requests that were denied anti-malware notifications network connections going in and out of your network. Setting the logs up to notify you about any unusual events by email. Set email notifications up for events that shouldn’t happen often, like multiple failed logons or denied 2FA requests. Store logs in a safe location and make sure they’re encrypted. Access to the logs should be limited to only those that need it. Consider archiving them to offline storage and keeping them for a while in case you ever need them. Talk to your IT service provider, we are happy to help. 5. Incident Response Plan - Create a plan for when things go wrong If your business has a cyber security incident, you’ll need to know what steps to take to keep your business running. An incident response plan helps to get the business back up and running quickly. The plan should be put in place ahead of time. To do list (after identifying a security incident) : Call in reinforcements with prepared contact list Tell your staff Communicate to clients/customers Operate business as usual under unusual circumstances Reflect what happened 6. Update Default Credentials Default credentials are login details allowing full administrative access. They are used for the initial setup, and then changed afterwards. Unfortunately, these default credentials are often forgotten to be changed and easy to find or guess or find online at the same time. To do list: Check for default account credentials on any new hardware or software you buy, or any devices that have been factory reset. Change them. Make the new passwords long, strong, and unique. Use a password manager to store your usernames and passwords. They’ll be encrypted and you don’t need to remember. 7. Choose the right Cloud Service Select a cloud service provider who will provide the right services for your business. Cloud services are generally used for access to software without needing to buy it yourself, access to your data from any device, at any time, and for storage space and backups for your data. When using cloud services check the provider if they take your security needs and your data seriously. To do list: Check your cloud services: if they’ll back up your data for you, or if you have to do it yourself if they offer the option to use 2FA (if not, see if there’s another provider who does) if they’ll notify you of a security breach if it happens what happens to your data if they’re bought out by another company, or if they go under if they have a public security policy, and a way for you to report security problems to them. Check where the servers that they use to hold your data are located (jurisdiction). 8. Only collect Data you need Only collecting the data which is really needed from customers should be collected. The level of risk is based on the amount of data stored — the more data collected, the more valuable and attractive it is to an attacker. Reduce the risk by only collecting what is needed. To do list: Only saving and storing the information which is needed from a new customer or client. Be clear about why you need it. Make sure you’re encrypting any data you collect at any time including transition as well as storage in a database. CertNZ refers to the Privacy Commissioner who has built a tool, Priv-o-matic, to help creating a privacy statement that you can share with your customers. It can be used to tell how you’ll collect, use and disclose their information. 9. Secure your Devices Install security/ anti-malware software such as Antivirus on any device that accesses your business data or systems. It prevents malicious software e.g. viruses or ransomware from being downloaded. This includes both company owned devices and any BYOD devices that belong to your staff. This is one of the basics to minimise your risk To do list: Use the security features that come as a default with your computer’s operating system. This includes Windows Defender for Windows 10 devices, or Gatekeeper for OSX. Otherwise, use security software that can prevent and detect malware and that gets updated regularly. Don’t let your staff access your network with devices that are jailbroken or rooted. 10. Secure your Network Configure network devices like firewalls and web proxies to secure and control connections in and out of business network. Also using a VPN that in best case relies on 2FA when remotely access systems secures the network. To do list: Limit access to the internet-facing parts of your network to only those who need it. Use a VPN if you need to remotely access systems on your business network. Make sure the VPN software you use requires 2FA. Use separate VLANs for your business network to control what parts of the network can talk to other parts. Put servers with sensitive data on a separate VLAN from the one that your employees’ computers are on and use firewalls to control how those two VLANs talk to each other. Talk to an IT or network engineer to explain what your business does, and what you use your business network for. They can help you configure any separate networks or network devices that you may need to protect yourself. 11. Check financial details manually Manually checking unusual or unexpected online business requests prevents incidents such as for example invoice scams. It can be hard to tell when an email recipient’s behaviour is ‘phishy’. Therefore, using another channel to check the person or company is recommended. This can be a phone call or a text message before approving any payments. To do list: Set up a clear process for how to make sensitive business transactions or changes. Determine what’s sensitive for your business and make sure these thresholds are clear so your staff know when to raise a red flag. Use a separate channel of communication to verify a transaction or change before it happens. Have a clear point of escalation for your staff. Put a process into your incident response plan.

Cybercriminals operate like a growing business, running a variety of different scams at once to bring in money from many sources.

Dharma, the file-locking malware family, has developed a new approach tempting victims to install file-locking malware pretending to be anti-virus software

45% of Kiwi businesses ‘unprepared’ for data breaches Half of Kiwi companies lacking in cyber security confidence “The consequences of a data breach are severe; from financial to brand and reputation damage,” says HP New Zealand managing director Grant Hopkins. “Organisations need to be vigilant about implementing processes that regularly monitor, detect and report data breaches. Running regular risk assessments and managing your endpoint security is critical in keeping businesses data safe. Many IT departments tend to focus their efforts around PCs, tablets and other connected devices, but they neglect one of the largest areas of vulnerability: the printer. The study found that New Zealand businesses have printers that are relatively insecure with 30% not offering any security features and only 35% of businesses including printers in their IT security assessment. Without embedded security measures like real-time threat detection, automated monitoring, and data encryption, printers are left open and vulnerable to attack. Not only does this make the confidential and sensitive documents that are printed, scanned and copied by the printer easily accessible for hackers, but risks the entire network being hacked, while bypassing the firewall altogether. 

Until August this year, no UEFI rootkit has ever been detected in a real cyber attack. They have been presented at security conferences as proofs of concept and are known to be at the disposal of governmental agencies. Late September 2018, Security researchers from ESET came across a Unified Extensible Firmware Interface (UEFI) rootkit (named LoJax by ESET, detected by Trend Micro as BKDR_FALOJAK.USOMON and Backdoor.Win32.FALOJAK.AA) in the wild being used for cyberespionage based on a campaign by the Sednit APT group. The UEFI rootkit was found bundled together with a toolset able to patch a victim's system firmware in order to install malware at this deep level. The rootkit is reportedly packaged with other tools that modify the system’s firmware to infect it with malware. Malware is dropped off onto the system and ensures it is executed when the computer boots. LoJax affects UEFI, which provides an interface for the system’s operating system (OS) to connect with the firmware. As such, LoJax can persist in the UEFI even if the system’s OS is reinstalled or its hard drives replaced. If infection is successful, attackers can use LoJax to remotely access the system constantly and install and execute additional malware on it. The security researchers said that it can also be used to track the system’s location and possibly that of the system's owner. What is UEFI (Unified Extensible Firmware Interface)? The computer code that starts right after the computer is turned on and has the ultimate power over the computer’s operating system (and thus the whole machine) is called firmware. The standard – think of it as a set of rules – for how the firmware behaves is called UEFI (its predecessor was called BIOS). Firmware and UEFI (Unified Extensible Firmware Interface) are often linked together and called UEFI firmware. A rootkit is a dangerous malware designed to gain “illegal” and persistent access to what is otherwise not allowed. Typically, a rootkit also masks its existence or the existence of other malware.