Home Blog

Become a Successful Cyber Security Analyst : Learn the Essential Skills You Need Now

In today’s digital age where breaches have become much more frequent – cybersecurity is more important than ever before. With various data breaches occurring in 2022 such as Optus, Telstra, Medibank, and others, more people have been impacted by cyber crime and identity fraud. It’s a traumatic experience when you know that someone is making use of your personal information for their own gain.

are aware that stronger cyber security capabilities and awareness is critical. With the increasing reliance on technology in both personal and professional settings, the need to protect against cyber threats has become a top priority for individuals and organisations alike.

One key player in the field of cybersecurity is the cybersecurity analyst. These professionals are responsible for monitoring and protecting systems and networks from cyber attacks, as well as analysing and interpreting data to identify potential vulnerabilities.

Whether working for a large corporation or a government agency, cybersecurity analysts play a crucial role in protecting against the various threats that exist in the online world. Overall, the role of a cybersecurity analyst is to ensure that an organization’s systems and data remain secure and safe from any potential cyber threats.

The Top 10 Skills Every Cybersecurity Analyst Needs to Succeed

Skill #1: Strong problem-solving abilities – As a cybersecurity analyst, you’ll often be faced with complex problems that require creative and logical thinking to solve. Strong problem-solving abilities are essential for identifying and addressing potential vulnerabilities, as well as for troubleshooting issues that may arise.

Skill #2: Excellent communication skills – In order to effectively collaborate with team members and communicate findings to non-technical stakeholders, strong communication skills are a must. This includes the ability to clearly explain technical concepts in layman’s terms, as well as the ability to write clear and concise reports.

Skill #3: In-depth knowledge of cybersecurity protocols and standards – To be successful in this field, it’s important to have a strong understanding of industry-specific protocols and standards, such as those outlined by the National Institute of Standards and Technology (NIST) and the International Organization for Standardization (ISO).

Skill #4: Proficiency in programming languages and cybersecurity tools – To be effective in your role, you’ll need to be proficient in a variety of programming languages and cybersecurity tools. This includes languages such as Python and Java, as well as tools such as firewalls, antivirus software, and intrusion detection systems.

Skill #5: Familiarity with network infrastructure and architecture – A strong understanding of network infrastructure and architecture is essential for identifying potential vulnerabilities and developing effective security measures.

Skill #6: Understanding of risk assessment and management – A key part of a cybersecurity analyst’s role is assessing and managing risk. This includes identifying potential threats, evaluating the likelihood and impact of those threats, and implementing measures to mitigate risk.

Skill #7: Ability to analyse and interpret data – Cybersecurity analysts often work with large amounts of data, and the ability to analyze and interpret this data is crucial for identifying patterns and trends that may indicate a security threat.

Skill #8: Attention to detail and ability to multitask – As a cybersecurity analyst, you’ll need to be able to juggle multiple tasks and projects at once, all while paying close attention to detail.

Skill #9: Adaptability and flexibility – The world of cybersecurity is constantly evolving, and as a cybersecurity analyst, you’ll need to be adaptable and flexible in order to keep up with new threats and technologies.

Skill #10: Strong work ethic and dedication to continuing education – To succeed in this field, it’s important to have a strong work ethic and a commitment to ongoing learning and development. This includes staying up-to-date on the latest technologies and best practices, as well as pursuing additional education and certification as needed.

Cyber Analyst Skills Wrap Up

In conclusion, being a successful cybersecurity analyst requires a diverse set of skills and a commitment to ongoing learning and development. From strong problem-solving abilities and excellent communication skills to in-depth knowledge of cybersecurity protocols and standards, proficiency in programming languages and cybersecurity tools, and familiarity with network infrastructure and architecture, there are many factors that contribute to success in this field.

It’s also important to have an understanding of risk assessment and management, the ability to analyse and interpret data, attention to detail and the ability to multitask, adaptability and flexibility, and a strong work ethic and dedication to continuing education. By honing these skills and staying up-to-date on the latest technologies and best practices, you can position yourself for a rewarding career in cybersecurity analysis.

Top 10 proactive steps to protect yourself from identity takeovers & fraud

When I tell people I meet outside of work what I do for a living, the conversation often evolves into questions about practical steps I recommend in order to protect against identity takeovers and fraud.

Unfortunately I sometimes also meet people who have become victims of fraud, and wished they had known what to do in advance, hence why I wanted to share this information – so that more people can proactively protect themselves.

So below are my top 10 tips on how to protect yourself from identity takeovers and fraud:

1. Protect your physical mail

Identity takeovers often start with physical mail being stolen from your home post / letter / mailbox, so it’s really important to either secure your mailbox, or consider using a PO box so that your physical mail cannot be easily stolen. Another option is to consider changing your accounts so that you don’t get sent any physical mail in the first place.

2. Use a password manager

Consider using a password manager so that you always have unique and strong complex passwords for all of your online accounts. Never ever re-use any of passwords across multiple accounts. I know several people who have become a victim to fraud purely because they re-used the same password that had already been publicly disclosed from a breach (e.g. LinkedIn, Yahoo, Dropbox etc). Most people don’t realise that hackers will often try to re-use compromised username and password across other sites and services until they get lucky.

3. Use strong multi-factor

Ensure you set up strong multi-factor to access your password manager (e.g. your bio-metric finger print), so that even if it was compromised, unless they steal your thumb or finger, they won’t get access. Make use of strong multi-factor authentication (i.e. not SMS) for the rest of your accounts where possible, so that even if your account or user credentials are compromised, the fraudster will not be able to circumvent this additional protection in place. This is often referred to as application based auth – where either the application itself provides this mechanism, or the service integrates with Google Authenticator.

4. Check for your credentials in breaches

Check your email address on haveibeenpwned.com to see if any of your accounts have been compromised, or if your user credentials are available to hackers. If you do find any breaches, ensure you’ve changed the password for the account listed, and never use the compromised password ever again.

5. Protect against mobile phone porting & SIM swapping

Understand “phone porting” and “SIM swapping” and why you need to use stronger multi-factor than SMS. These techniques are often used by fraudsters if they have managed to get your user name and password – as this final step enables them to get around SMS based multi-factor by stealing your mobile phone number so that they receive your SMS multi-factor codes instead of you. Contact your mobile phone service provider, and ask them to confirm that they have blocked the option to port your mobile phone to another provider.

6. Share your info carefully online

Be cautious with the information you share online. This includes your birth date, location, job title, plus your mobile phone number. Fraudsters can easily find this information from Facebook & other social networking platforms and will use it against you for targeted phishing attacks, or to port your mobile phone number so that they can get around SMS based multi-factor.

7. Set up extra protection with your financial institutions

Ensure you have set up a 2nd validation / security password with your banks and financial institutions, so that if a fraudster gets hold of your personal & account details, you are still protected. Most banks will implement this additional security control if requested.

8. Don’t store valuable stuff in your mailboxes

Don’t store passwords, scans / photos of your driving license, credit cards, passport etc in your email account(s). Most people forget to check their email sent items too! If hackers gain access to your mail account, they’ll look through your mailbox for any useful documents, photos etc, so ensure you never store them in your account in the first place.

9. Understand how to spot phishing emails

Some identity take overs start with a phishing email to get your credential to access to your accounts. Remember that banks and financial institutions will never send you an email asking you to click on a link and confirm your bank details. Also be cautious with unexpected links or attachments – as this is another way in which fraudsters can remotely gain access to your machine, or install keystroke loggers to get hold of your usernames and passwords. Learn how to spot and report a phishing email if you receive one.

10. Review your home security hygiene

Lastly, I always recommend that you review your security “hygiene” at home – make sure all of your personal computers and mobile devices are always up-to-date, fully patched, and that you’re running up-to-date antivirus software in order to minimise the potential for malware infection.

You also might want to consider what you do to securely back up your important documents and files, and store them offline (e.g. a handful of USB drive that aren’t plugged in to your machine). Useful if you ever get hit with ransomware, and need to recover rather than paying a ransom fee!

 

I value your comments or feedback

So that’s my top 10 tips to proactively protect yourself from online fraudsters. If you have any additional tips – feel free to comment below.

Feel free to contact me directly if you have any issues, or need more help.

Inspiring cyber / privacy books, podcasts, documentaries and websites

I often get asked by friends and colleagues for recommendations on latest info to read / listen to for all things cyber & privacy, or interesting & inspiring material to read up on.

I therefore decided it would be useful to share this more broadly, hence this page.

Here’s my latest recommendations:

“Darknet Diaries”

Podcast by Jack Rhysider. A mix of very interesting cyber related stories on a number of current topics. Well put together, and easy to listen to: https://darknetdiaries.com/

“Future Crimes”

Book by Marc Goodman. A scary look into the current and future of our everything connected world. Did you read those terms of service?

http://www.futurecrimesbook.com/

“The Great Hack”

An eye opening documentary available on Netflix about the Cambridge Analytica, big data, and our future:

“The Dark Net isn’t what you think.” TED Talk

Alex Winter’s (think Bill and Ted) infamous TED talk on the dark web. Makes you realise that there’s a lot more to the dark web than meets the eye:

“Click here to kill everybody” Book

A very interesting read from the renowned cyber security guru – Bruce Schneier:

https://www.schneier.com/books/click_here/

The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer EspionageBook

I read this at uni, and literally didn’t put it down until I had finished reading from cover to cover. One of the main reasons I got into cyber security in the first place! https://en.wikipedia.org/wiki/The_Cuckoo%27s_Egg

Cyber News & Update Sites:

A few more handy / interesting cyber / privacy related sites:

https://www.newsnow.co.uk/h/Technology/Security

https://nakedsecurity.sophos.com/

https://grahamcluley.com/

https://krebsonsecurity.com/

#StaySmartOnlineWeek – Steps to lock down your online security

In the spirit of #staysmartonline week which runs from Monday the 7th to the 13th of October 2019, I thought I’d share some handy cyber tips to help lock down your online security.

By sharing this information, I want to ensure everyone can proactively protect themselves from cyber-crime, and the most common threats online.

It’s not hard to do – just by following the instructions below, you can protect yourself from cyber-crime:

Always update to keep those hackers out!

I always recommend that you review your security “hygiene” at home – so make sure all of your personal computers and mobile devices are always up-to-date.

Check you are running the latest version of each devices operating system, and make sure ALL of your applications are up-to-date too. This helps to protect your devices from the various ways in which hackers take advantage of security holes (vulnerabilities) in-order to do something malicious with your device.

Also check that you are running up-to-date antivirus software, and you have run a full scan in order to minimise the potential for malware infection.

Turn on automatic software updates – set your operating system and applications to auto update to make sure you always get the latest security features.

Check for your credentials in breaches

Check all of your email addresses using haveibeenpwned.com to see if any of your accounts have been compromised, or if your user credentials are available to hackers.

If you do find any breaches, ensure you’ve changed the password for the account listed, and never use the compromised password ever again.

Share your personal information carefully online

Be cautious with the information you share online. This includes your birth date, location, job title, plus your mobile phone number. Fraudsters can easily find this information from Facebook & other social networking platforms and will use it against you for targeted phishing attacks, or to port your mobile phone number so that they can get around SMS based multi-factor (see below for more info on mobile phone porting).

Use strong passwords and never re-use them (use a password manager)

If you have a Yahoo, LinkedIn, Dropbox, or any of the other mega breach accounts… your credentials are already in the hands of hackers. I know several people who have become a victim to fraud purely because they re-used the same password that had already been publicly disclosed from a breach. Most people don’t realise that hackers will often try to re-use compromised username and password across other sites and services until they get lucky.

Consider using a password manager so that you always have unique and strong complex passwords for all of your online accounts.

Never ever re-use any of passwords across multiple accounts.

Always use strong multi-factor

Ensure you set up strong multi-factor to access your password manager (e.g. your bio-metric finger print or application based rather than SMS), so that even if it was compromised, unless they steal your thumb or finger, they won’t get access.

Make use of strong multi-factor authentication (i.e. not SMS) for the rest of your accounts where possible, so that even if your account or user credentials are compromised, the fraudster will not be able to circumvent this additional protection in place. This is often referred to as application based auth – where either the application itself provides this mechanism, or the service integrates with Google Authenticator.

Protect against mobile phone porting & SIM swapping

Understand “phone porting” and “SIM swapping” and why you need to use stronger multi-factor than SMS. These techniques are often used by fraudsters if they have managed to get your user name and password – as this final step enables them to get around SMS based multi-factor by stealing your mobile phone number so that they receive your SMS multi-factor codes instead of you. Contact your mobile phone service provider, and ask them to confirm that they have blocked the option to port your mobile phone to another provider.

Set up extra protection with your financial institutions

Ensure you have set up a 2nd validation / security password or PIN with your banks and financial institutions, so that if a fraudster gets hold of your personal & account details, you are still protected. Most banks will implement this additional security control if requested.

Don’t store valuable stuff in your mailboxes

Don’t store passwords, scans / photos of your driving license, credit cards, passport etc in your email account(s). Most people forget to check their email sent items too! If hackers gain access to your mail account, they’ll look through your mailbox for any useful documents, photos etc, so ensure you never store them in your account in the first place.

You also might want to consider what you do to securely back up your important documents and files, and store them offline (e.g. a handful of USB drive that aren’t plugged in to your machine). Useful if you ever get hit with ransomware, and need to recover rather than paying a ransom fee!

Understand how to spot phishing emails

Cyber-crime often starts with a phishing email to get your credential to access to your accounts. Remember that banks and financial institutions will never send you an email asking you to click on a link and confirm your bank details. Also, be cautious with unexpected links or attachments – as this is another way in which fraudsters can remotely gain access to your machine – or install keystroke loggers to get hold of your usernames and passwords. Learn how to spot and report a phishing email if you receive one.

Protect your physical mail

Online fraud & identity takeovers often start with physical mail being stolen from your home post / letter / mailbox, so it’s really important to either secure your mailbox, or consider using a PO box so that your physical mail cannot be easily stolen. Another option is to consider changing your accounts so that you don’t get sent any physical mail in the first place.

 

Together we can reverse the threat

The #staysmartonline site has loads more useful resources and information:

https://www.staysmartonline.gov.au/protect-yourself/protect-your-stuff

https://www.staysmartonline.gov.au/protect-your-business

I value your comments or feedback

So that’s my top tips for #staysmartonline week. If you have any additional tips or advice – feel free to comment below.

Feel free to contact me directly if you have any issues, or need more help.

OAIC releases Notifiable Data Breaches Quarterly Statistics Report & 12-month Insights Report

0

Today, the Office of the Australian Information Commissioner #OAIC released their Notifiable Data Breaches Quarterly Statistics Report for the 1st January 2019 through to the 31st March 2019, as well as their 12-month insights report.

Here’s a quick summary of the insights released:

There were 964 data breach notifications from the 1st of April through to the 31st of March.

There’s been a 712% increase in notifications since the introduction of the NDB scheme.

60% of breaches were malicious or criminal attacks

153 attacks were attributed to phishing.

35% of the breaches overall were attributed to human error, and specifically in the finance sector, 41% of data breaches were due to human error.


The Notifiable Data Breaches 12-month Insights Report can be downloaded from the OAIC website, along with the latest quarterly statistics report for January to March 2019.

#Databreaches #OAIC #breaches #Notifiable_Data_Breaches

Discover How Cybercriminals Are Now Using AI Chat for Evil Intent – Creating Code, Phishing & Malware

There’s been a lot of buzz and excitement about ChatGPT since it’s latest release in November, and for good reason. I’ve been using it a lot over the holidays for research and enhancing my technical skills – and have really enjoyed using it.

But what exactly is ChatGPT, why is there so much interest, and why are some people concerned about the future?

Read more below…

Understand the background of ChatGPT

Before we get into this topic, for those not yet familiar, “ChatGPT” is an online assistant, that is designed to generate human like responses.

ChatGPT – GPT stands for “Generative Pre-trained Transformer” which was launched by OpenAI in November 2022. It is built on top of OpenAI’s GPT-3.5 family of large language models, and is fine-tuned with both supervised and reinforcement learning techniques.

Following the release of ChatGPT, OpenAI was reportedly valued at $29 billion which is quite an eye opener.

So what exactly can ChatGPT do, and what are it’s features / benefits?

So it’s…. wait.  Rather than me explaining, let’s ask ChatGPT to explain itself, and show you why there’s so much interest…

So I’ve just opened my internet browser, logged into the openai website, and typed in a question asking for more info to ChatGPT:

Please write a short summary about what you are, what features and benefits you provide, and your future?

ChatGPT response:

I am Assistant, a large language model trained by OpenAI. I am designed to understand and generate human-like responses to a wide range of inquiries, including questions about a variety of topics, as well as tasks such as scheduling and making reservations.

One of the key benefits of using me is my ability to understand and respond to natural language. This allows users to communicate with me in a conversational manner, as if they were talking to another person.

In addition to answering questions and assisting with tasks, I can also provide definitions, translations, and other types of information on a wide range of topics. This makes me a valuable resource for businesses and individuals alike.

As a language model, I am constantly learning and improving my abilities. In the future, I hope to be able to assist with an even wider range of tasks and provide even more accurate and helpful responses to users.

So that’s a good start – pretty basic in terms of AI & its capabilities, however the response above makes sense and does a pretty good job. But this is just the beginning. You can ask for more details, or a follow up question relating to the response provided. If you keep reading you can see where this heads….

ChatGPT can be used to write emails, articles, video scripts, business plans, summaries, web sites, create code, improve Search Engine Optimisation, and provides all the information you need, to name a few. You can ask more detailed questions, and get more detailed responses. However, it is not able to perform physical tasks or interact with the real world, and there may be certain topics or types of information that it is not familiar with.

So let’s ask a follow up question to ChatGPT and ask what can’t you do…

So what can’t you do?

As a language model, I am not able to perform physical tasks or interact with the real world. I am purely a software program designed to process and generate text. I do not have the ability to see, hear, or otherwise perceive the world around me.

In addition, there may be certain topics or types of information that I am not familiar with or do not have enough information about to provide a useful response. However, I have been trained on a massive dataset of text and have a wide range of knowledge, so I am able to assist with a large number of inquiries.

It’s really useful to use OpenAI to write segments of code plus provide step by step details for pretty much anything.

So is there a risk that OpenAI chat might be used for nefarious reasons?

In a single word (in big sized font, screaming at you) – YES!

Again, this is what OpenAI had to say about this…

“There is always the potential for any technology to be used for nefarious purposes, and virtual assistants like OpenAI Chat are no exception. However, it is important to note that virtual assistants do not have the ability to act on their own and can only perform tasks or provide information that they have been programmed to do.

That being said, it is important for users to be mindful of the information they share with virtual assistants and to use them responsibly. It is also important for the creators and operators of virtual assistants to implement appropriate safeguards to prevent their misuse.”

There will be many ways in which organisations will make use of this type of technology moving forward, via APIs and other Layer 2 services to reap the benefits of this sort of AI technology. One thing though that is always a challenge with new technology, is that it will get used for nefarious intent.

Hackers are already making use of the technology to create phishing emails, new malware strains, and ransomware components. Combine this with AI used for voice, and it starts getting really scary.

Malicious Code is just a few ChatGPT questions away…

So I tried a few carefully structured commands in ChatGPT, and quickly realised that it can definitely be used for malicious intent quite easily from a hacking perspective. Yes, a lot of requests you could work out for yourself if you are familiar with this line of work (for good!), however the main thing is that it gives you the answer / response in less than a few seconds, and you can copy and paste the outcome, and then follow up with more questions / code.

I won’t give you the specific command I used, however I got a response back to my requests with the exact code I need to use on a popular free web hosting service, which when loaded provides a login page that looks very similar to a popular Microsoft Login page.

In other words a fake login page that looks just like a Microsoft one that can be used for phishing.

I also got help straight away with a few simple but effective tricks for the code to evade detection using JavaScript / strings / Base64 encoding. :-( Copy and paste the text, and you’re away…

Writing some content for an email that requests a recipient to respond to a password expiry was provided to me by asking one quick question… all up, less than 2 mins of work.

gulp.

What do you think?

This is obviously just the tip of the iceberg when it comes to AI, as we haven’t touched on other stuff I’ve been researching such as deepfake voices, video and other new AI capabilities. It was fun scaring the crap out of my kids with a text to voice that sounds just like me… but that’s another story! I’ll cover Overdub from Descript, plus other related AI tech soon.

So are you concerned about how ChatGPT / AI chat might be used / misused in the future, or how hackers and cyber criminals could misuse this technology?

Feel free to share your comments & views below.

Here’s a couple of recent articles covering this topic in more detail:

https://www.vice.com/en/article/pkg94v/deepfake-voice-do-not-pay-wells-fargo-refund

https://www.pcmag.com/news/cybercriminals-using-chatgpt-to-build-hacking-tools-write-code

Expert advice for building & maintaining a secure home network

0

As more and more of our daily activities and personal information are conducted online, it is increasingly important to ensure that our home networks are secure. A secure home network helps to protect our personal data, devices, and even our entire home from cyber threats such as hackers, viruses, and malware.

However, building and maintaining a secure home network can seem overwhelming, especially if you are not familiar with the technical aspects of networking. But don’t worry! In this post, we will provide tips and best practices for building and maintaining a secure home network, making it easier for you to protect your home and your personal information.

Tips for building a secure home network

Use a strong, unique password for your router. It is important to use a strong, unique password for your router to prevent unauthorized access to your network. A strong password should be at least 8 characters long and include a combination of letters, numbers, and special characters. Avoid using easily guessable passwords, such as “password” or “123456,” and do not use the same password for multiple accounts.

Enable encryption for your wireless network. Encrypting your wireless network helps to prevent outsiders from accessing your network and intercepting your data. The two most commonly used wireless encryption protocols are WPA2 and WPA3. WPA2 is older and less secure, but still provides good protection. WPA3 is the newest and most secure protocol, but may not be supported by all devices. Be sure to enable encryption on your router and use a strong, unique password for your wireless network.

Use a firewall to protect against external threats. A firewall is a security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. Enabling the firewall on your router can help to protect your home network from external threats such as hackers and malware.

Enable network security protocols. Network security protocols such as WPA2 and WPA3 help to secure the connection between your devices and your router, protecting your data as it is transmitted over the network. Be sure to enable these protocols on your router to add an extra layer of protection to your home network.

Keep your router’s software and firmware up to date. Manufacturers often release updates to the software and firmware of routers to fix security vulnerabilities and improve performance. It is important to keep your router’s software and firmware up to date to ensure that your home network is as secure as possible. Check with your router’s manufacturer for instructions on how to update your router’s software and firmware.

Tips for maintaining a secure home network

Change your router’s password periodically. It is a good idea to change your router’s password every few months to ensure that it remains secure. Choose a new, strong, unique password each time you change it and be sure to update the password on all devices that connect to your network.

Monitor your network for unusual activity. Keep an eye on your network and look for any unusual activity or behavior. This can include unexpected devices appearing on your network, strange traffic patterns, or unusual error messages. If you notice any of these things, take action to investigate and address the issue.

Use a virtual private network (VPN) to encrypt your internet connection when using public Wi-Fi. Public Wi-Fi networks are often unsecured and can be a breeding ground for hackers and cybercriminals. To protect your data when using public Wi-Fi, consider using a VPN to encrypt your internet connection. A VPN creates a secure, encrypted connection between your device and a server, protecting your data as it is transmitted over the internet.

Keep all devices on your network up to date with the latest security patches and updates. It is important to keep all devices on your network, including your router, up to date with the latest security patches and updates. Manufacturers often release updates to fix security vulnerabilities and improve performance. By keeping your devices up to date, you can help to protect your home network from threats.

Use a secure connection when accessing sensitive information. When accessing sensitive information online, such as online banking or shopping, be sure to use a secure connection. Look for a URL that starts with “https” and a lock icon in the address bar of your browser to indicate a secure connection. Avoid accessing sensitive information over unsecured public Wi-Fi networks whenever possible.

Additional measures to consider

Use a secure DNS provider. A DNS (Domain Name System) is a service that translates domain names (e.g. www.example.com) into IP addresses that computers can understand. By default, many routers use the DNS servers provided by their internet service provider (ISP). However, these DNS servers may not always be secure. To add an extra layer of protection to your home network, consider using a secure DNS provider. Secure DNS providers offer additional security measures such as filtering out malicious websites and protecting against DNS spoofing attacks.

Enable two-factor authentication when possible. Two-factor authentication (2FA) is an additional security measure that requires a second form of authentication beyond just a password to access an account. This can be in the form of a code sent to a phone or email, a biometric factor such as a fingerprint or facial recognition, or a physical token such as a security key. Enabling 2FA on accounts and devices can help to prevent unauthorized access to your personal information and protect your home network.

Use a network security scanner to identify vulnerabilities. A network security scanner is a tool that can scan your network and identify any vulnerabilities or security weaknesses. By using a network security scanner, you can identify and address potential security issues before they become a problem. There are many network security scanners available, both free and paid. Be sure to research and choose a reputable and trustworthy scanner to use.

Conclusion

In this post, we have discussed several tips for building and maintaining a secure home network. By following these best practices, you can help to protect your personal data, devices, and home from cyber threats such as hackers, viruses, and malware.

Some of the key points we covered include using a strong, unique password for your router, enabling encryption for your wireless network, using a firewall to protect against external threats, enabling network security protocols, and keeping your router’s software and firmware up to date.

We hope that these tips will help you to build and maintain a secure home network. Don’t let the idea of building and maintaining a secure network overwhelm you. By taking a few simple precautions, you can protect your home and your personal information online.

Multi-Factor Security: Essential Steps for Protecting Your Data & Accounts

I still get a lot of people asking me about multi-factor or two step- so thought I’d share this so that everyone can make the most of using it to protect your accounts online. So how does multi-factor help? Let’s first explain some of the hacker techniques involved…

Stop hackers from accessing your accounts with your compromised credentials
The process the bad guys use these days is simple. Hackers find your user credentials in exposed breach data such as LinkedIn, Dropbox, Yahoo or others, and they then retry the same credentials across other sites and services. For those who use the same password across multiple sites – the hackers get access… simple.

The problem is that hackers have used technology to automate the process, so it’s pretty quick and easy for them to find a victim, which they then leverage for a variety of criminal purposes.

You can check to see if your user credentials are exposed by checking your personal and work email addresses in this handy website provided by Troy Hunt: https://haveibeenpwned.com/

Your email account – the crown jewels

Another consideration is if cyber attackers manage to get access to your email account, they can then reset your passwords to other sites or services, as most password reset capabilities work by sending a reset email to your registered email address. That’s way it’s so important to protect all of your online accounts and services that you use with two step, so that even if your user name and password credentials are exposed, you are still protected.

For those who aren’t familiar with two-factor otherwise known as two-step or multi factor auth (MFA) , learn by watching this short video below:

LinkedIn, Facebook, Apple and other popular companies now provide two factor as a security feature in order to protect their customers – which you might want to use given that breaches have become far too a common occurrence where usernames and their passwords are publicly revealed.

So what is authentication?

‘Authentication’ – the process of proving someone is who they say they are – is a critical part of being cyber secure. The aim of authentication is to ensure that only authorised people have access to particular information or systems which may be sensitive – such as email and bank accounts, social media or other online accounts.
The form of authentication ​you are likely to be most familiar with using is passwords (something you know).

However, while it’s important to ensure you use strong, unique and hard to guess passwords for each of your online accounts, the reality is that cyber-criminals have access to an increasingly powerful array of tools they can use to try and determine those passwords. As an example, if you have a password that contains a dictionary word, it’s easy for them to ‘brute-force” your password. If you use the same password across multiple sites, then you are even more at risk.

Introducing multi-factor – a second line of defence

Most online services including banks, social media and email accounts – now offer the ability to use an additional form of authentication to act as a further line of defence against cyber-criminals. This is known as a ‘second factor’ of authentication and is typically something you have (such as a phone or token that can be used to produce or receive and then display a random passcode).

When used in conjunction with a strong password, second factor authentication makes it significantly more difficult for cyber-criminals to compromise your online accounts because they have to break through two separate lines of defense.

For example, if your password is compromised through a malware infection on your computer, or through it being successfully guessed by a cyber-criminal, or even as a result of someone covertly watching over your shoulder as you enter it in (known as ‘shoulder surfing), your account still can’t be accessed without access to the second factor.
For this reason, it’s important for you to enable this option on your online accounts wherever possible – assuming you haven’t already​.

Using two-factor authentication for your online accounts

Many of the most commonly used social media, email and banking services offer the option to use two-factor authentication, although it is not always enabled by default. While the exact process that needs to be followed to enable this feature will vary depending on the service, most commonly you will need to register your mobile phone number with the relevant service (this can usually be done online). Alternatively, you may be provided with a separate token or a pass-code generating application for your smartphone.

Then, the next time you login with your username and password, you will be sent a text message (or asked to use your passwor​d generating application or token) that contains a unique one-time code that you also need to enter into the website. You will only be granted access if you enter both your password and the one-time code correctly.

SMS tokens are not bullet proof, as unfortunately a criminal can steal your phone number (a technique called mobile phone porting or SIM swapping) and use it as part of a scam, hence why more companies use push notifications within apps as a second factor rather than SMS.

Where to from here?

More and more sites are using second factor as a way of protecting their customers. Below are some links where you can obtain more information about two factor authentication, and how to enable it on a variety of sites:

1. https://www.turnon2fa.com/ – a a site with detailed tutorials for enabling two-factor authentication on a variety of common websites & services such as Apple, Facebook, LinkedIn, and other popular sites​ you may use.
2. Two Factor Auth – provides a list of websites and whether or not they support two factor authentication

Feel free to comment below, or contact me direct if you have any additional questions about multifactor.

Essential Steps To Complete Now – Dealing With Fraud, Takeovers, & Scams

Are you a victim of an online scam or fraud?

In the wake of all the cyber & data breaches that occurred in 2022 from Optus, Medibank, Telstra, and many others, there’s a lot of exposed breach data that is ripe for the picking, hence why it’s so important to know what to do and how to respond if you’ve been hit.

When you get directly impacted by cyber crime – it can feel very scary and unnerving. Knowing what to do, and how to protect yourself quickly becomes critical – hence why I’ve shared this information.

I know a lot of people who have been at the receiving end of a scam or fraud… so have a lot of stories and tips to share.

I’ve provided details to cover two scenarios – “victim response” info for those who are already a victim of a scam (focused on Australian victims specifically), and secondly info for those who have not yet been hit, but want to know more about some of the common techniques that hackers and fraudsters might use against you from a personal fraud / identity takeover perspective.

I’ve tried to provide as much practical advice as possible, however feel free to contact me directly if you need more specific advice or guidance.

If you’re a victim – don’t feel embarrassed, or that you’re stupid….  the reality these days is that the scammers are very slick, well rehearsed, and professional – and have their techniques down to a fine art.

Cyber criminals can convince the smartest of people into becoming victims of a number of social engineering tricks and cons.

This is the important bit…

By you understanding cyber criminal techniques, you will be able to better protect yourself, identify when an identity takeover or fraud is occurring, and most importantly know how best to respond in the event of an incident directly impacting you, your partner, or family.

Information worth sharing with your family and friends, so make sure you use the social sharing buttons at the bottom of this page.

Indications of an identity takeover / fraud:

Online identity takeovers & related fraud is something that no one wants to go through. Let me reveal some indications that you are a victim, so that you can better prepare yourself.

Some are obvious, some not so much. I’m not saying that all of these will be the case, however they are pretty good clues that you might be a victim already:

  1. You receive numerous SMS messages on your mobile phone relating to logins / multi-factor codes that you didn’t request.

2. Friends / colleagues get in touch to let you know that they’ve received unusual emails from you, that contain links or attachments that you don’t know about. If you’re lucky enough to still have access to your compromised email account, you may find it weird that you can’t see any recent sent items, or any emails received. That’s because in some cases, the hackers have set up email ‘rules’ on your account to automatically delete, forward, or move messages sent & received so you can’t see what they’ve done or are doing.

3. You’ve received a phone call to your home phone number or mobile allegedly from Microsoft or another large IT organisation informing you that there’s an issue with your computer. They’ve been trying to contact you by email, and you computer needs sorting…. yeah right! After a few tricks on your machine to convince you that there’s an issue and that the call is authentic, they’ll trick you into giving them your credit card details, driving license, mobile phone details, and / or installing remote software to enable them to connect to “fix” your computer.

They often scare victims by making out your machine has malware / or a virus. They might say that you’ve got some pirated software, or illegal movies (as many people do)!  Some simple tricks include getting victims to confirm they are running Microsoft Windows, and then ask you to hit the Windows “home” button on the machine and type in the command ‘eventvwr’ – whereby they show you a number of highly technical error messages and warnings to trick you into thinking that the issue is real, and the caller is legit. This command runs an event viewer on every version of Windows, and all machines always have some error or warning messages even if your computer seems to be running just fine… it doesn’t mean that you have a problem!

They might convince you to pay for some ‘security’ software using your credit card, and / or to confirm your details with a scan of your driving license. In some cases, they’ll get you to install common remote access tools such as Teamviewer, UltraVNC, or LogMeIn, so that they can remotely connect to your machine and search it for personal documents, scans of driving licenses or passports, or anything that they can use to defraud you.

Microsoft and other large organisations will never contact you like this, so in future if you do receive a call like this just tell them that you know it’s a scam, and you’re reporting them to the police. They’ll move on to the next easier target.

4. You’re not able to access your online accounts, due to password changes you didn’t make. Gulp.

5. You receive messages or calls from your bank or credit card companies, requesting confirmation of unusual transactions that you are not aware of.

6. You receive a text message on your mobile phone informing you that your phone number is about to be “ported” to another service provider, and before you have a chance to do something about it, you can no longer make or receive mobile phone calls. What is going on?!?!…

This is a common technique used by fraudsters, where they use your personal information to request a transfer of your mobile phone service to another provider’s SIM card, and mobile phone in their possession. Why?.. Once the port is complete, they then use your mobile phone number configured on their device to receive SMS codes you may have set up with your bank as a form of second factor (often used for new payee or funds transfers).

Victim response –  what should you do if you’ve been a victim of identity takeover or fraud?

If you believe that you have been a potential victim of an online scam or fraud, it’s best to take action really quickly. The faster the response, the better the chance of minimising the damage & impact to you:

  1. Contact your bank(s) and financial institution(s) asap to inform them that you think you may be the victim of fraud / identity take-over, and ensure you set up a 2nd form of identification or security question for future contact with them.
  2. Change the passwords of ALL your online accounts (and do so only on another device which you’re confident is malware free, fully patched, running up-to-date security software) ensuring you don’t re-use an old password…. sorry to be an inconvenience, however this includes ALL of your accounts…. so your online web mail accounts, your banking and financial accounts, your social media accounts…. etc.
  3. Use a password manager, to create unique, strong complex passwords.
  4. Set up multi-factor across ALL of your accounts. Ideally if the platform / service you use provides strong multi-factor such as Google Authenticator then use that rather than SMS (which is easy as a hacker to get around). This adds an additional layer of protection on your account, so that even if they know your username and password, they still can’t get any further.
  5. If your personal computer has potentially been infected, or you were convinced by the scammer to allow them to remotely connect to your computer, or install software under their instruction, then stop using that computer completely. Ensure you disconnect it from your home network, and prevent it from connecting to the internet asap. You will need to keep the potentially infected machine isolated off your home network, and will need to re-install the operating system before using again. See the malware clean up section below.
  6. Report your incident to Australian Cyber-crime : https://report.acorn.gov.au/ This is a secure reporting and referral service for cyber-crime and online incidents in Australia.
  7. In Australia, you should also report the incident to ScamWatch: https://www.scamwatch.gov.au/report-a-scam
  8. When possible, provide a written statement at your local police station.
  9. Physically secure your mailbox at home, or alternatively arrange for your mail to be delivered to a secure mailbox or PO box through Australia Post. Fraudsters will try to get hold of utility bills, bank statements, super details so that they have enough info to gain access to your accounts to transfer money out, or to set up new bank accounts, loans, credit cards etc in your name.
  10. Contact IDCARE to assess your risks and build a tailored response plan. IDCare has a wealth of information that can assist Australian and New Zealand victims of identity theft: https://www.idcare.org

Summary of proactive steps to protect yourself from future identity takeovers & fraud:

  1. Ensure you use unique and strong complex passwords for all of your online accounts. Consider using a password manager to do this easily for you. Here’s an article covering the best password managers out there.
  2. Don’t share any of your user credentials.
  3. Make use of strong multi-factor authentication for your key accounts, so that even if your account is compromised, the fraudster will not be able to circumvent this additional protection in place.
  4. Contact your mobile phone service provider, and ask them to confirm that they have blocked the option to port your mobile phone to another provider.
  5. Consider using a PO box or secure mailbox so that your physical mail cannot be easily stolen.
  6. Don’t store or send scans / photos of your driving license, credit cards, passport etc in your email account(s). Never provide your driving license, birth certificate etc to anyone.
  7. Ensure you have set up a 2nd validation / security password with your banks and financial institutions, so that if a fraudster gets hold of your personal & account details, you are still protected.
  8. Many frauds often start with a phishing email. Remember that banks and financial institutions will never send you an email asking you to click on a link and confirm your bank details. Learn how to spot and report a phishing email if you receive one.
  9. Look into your security “hygiene” at home – make sure all of your personal computers and mobile devices are always up-to-date, fully patched, and that you’re running up-to-date antivirus software in order to minimise the potential for malware infection. You also might want to consider what you do to securely back up your important documents and files, and store them offline (e.g. a handful of USB drive that aren’t plugged in to your machine).

Cleaning up your infected computer?

If you’re computer has been infected with malware, or you installed software under the direction of a scammer, don’t bother trying to clean up after the event. You need a fresh install of your computer’s operating system. No other option ensures that your computer is clean. A hard fact to swallow – however be aware that your favorite security software cannot detect every type of malware out there.

You cannot rely on it to completely clean your machine… re-installing the operating system is the only way.

Not so painful these days if you’re running Windows 10 or OSX, however is a vital step to take if you are a victim. Scanning for viruses and cleaning up is not a guaranteed way of removing everything. Disconnect your computer from your home network, or just switch off your internet router to cut all connections,  and perform a full operating system reset, and rebuild.  This guarantees that your machine is free from infection.

Windows re-install instructions are here, and Apple OSX instructions are here. Ensure you install your security software as soon as you have a clean version of the operating system installed, and ensure all patches are installed on your Windows 10 device, or Apple OSX computer before use.

Feel free to contact me directly if you have any issues, or need more help.

Cyber Careers Advice

I’ve hired a number of grads in my career, plus placed various contractors and perms, – so I often have various scenarios where people pick my brain for advice on how best to get into cyber security.

I therefore figured it would be best to write up some of my views and advice here, so more people who want to get into cyber security can make use of it:

 

A Passion For Cyber

For me, the main thing I look for when recruiting is if the applicant has a thirst for knowledge, and a genuine interest & passion for all things cyber.

It’s not just about the money or being in demand, but that they actually understand the relevance and importance of cyber security to protect individuals, families and business alike – especially as everything comes online and digital. Having good ethics and morals relating to cyber is obviously a must.

Being able to learn new skills – both technical and non-technical are key, so I’d always suggest trying out new technologies and getting hands on experience with a variety of tools and techniques. If you have some time, check out some of the tools and sites listed on my resources page.

I’ll often ask interview questions about what the applicant does in their spare time – so if they are hands on – then this is a plus. It’s also a worthwhile investment in getting your basic IT skills up to scratch, so ensure you are familiar with computer networking, plus read up Security+ or study NetSec topics to cover the basics. Analytical & problem solving skills are also attractive.

 

Finger on the cyber pulse

Keeping across cyber related news, big stories & scandals, related twitter updates, Linkedin articles etc will keep you updated and in the loop. This will also get you familiar with some of the issues and challenges we have to deal with more broadly as an industry.

It’s also not a good sign when you interview someone for a role and they have no idea about some big security event (vulnerability, breach etc.) that happened recently. So keep up to date with what’s happening – plus it will help you find areas of interest to you – so you can research / pursue in your own time.

Keeping up to date with what’s going on in cyber security is crucial. Get social at local meet ups and other cyber security related events.

 

Interact With The Cyber Community Online

I think it’s really important to share knowledge and useful info with others, and to connect with like minded people – plus it helps to build a positive profile online. So if you have a passion or specific interest within cyber, it’s really good to be actively involved online. This could be joining and interacting with a specific LinkedIn group, a Slack channel, Facebook group or any other way you can connect with other people with similar interests.

The majority of job hires or offers are usually through contacts online, who I already know within the industry, so it pays to build yourself an online profile, and use it wisely.

 

Certifications, Study & Work Experience

There’s always a mixed range of opinions when it comes to cyber security related certifications and qualifications. I know several people in the industry who have no degree or security certifications what-so-ever, but have still “made it” in cyber.

I completed my computing degree at uni and CISSP several years ago – and for me this was a good way to ensure I had a broad knowledge of various domains within security. Also, I enjoyed the challenge of learning about a broad range of topics, and wanted to demonstrate that I had taken things seriously enough to invest my time in obtaining my CISSP – which includes sitting a tiring 6 hour exam! For those new to the industry, having a CISSP will also get you through various HR search / filters so that you stand out from others who are also interested in security, but don’t have a certification.

Either way – it’s probably worth mentioning that I’ve seen a lot of awesome looking resumes with all sorts of certifications or qualifications, however this still won’t guarantee you a job. If the applicant has a true passion or interest in the specific cyber security domain the role is in, then there’s more likelihood that they will be suitable.

Pick Your Passion

Speak to people within cyber, and work out what role / domain interests you most. You might want to research what roles are sought after the most, and ideally if it’s something that you really enjoy then go for it.

The main piece of advice that I can give to people who are still studying is to get involved with the community,  and then find something that you like, and put your focus into it. If you can use that to help shape your studies, great, but even if that sits alongside whatever area your university degree, TAFE certificate or other study focuses on, it should still help a lot.

Morals, Ethics and Paying It Forward

It’s a small cyber community in Australia – so it’s especially important to always do the right thing, respect each other, share and collaborate, and pay it forward when you can… I always believe in helping others out – and never expect anything back in return.

I’ll happily have a quick 30 min catch up with someone interested in cyber, so feel free to get in touch.

Preparing for the “terrible 10” cyber scenarios

It’s been hard to avoid the weekly barrage of IT security news stories and updates recently… Yet another big company hack, another data breach / or data leak.

Some of the examples more recently have gained board level and senior exec interest – mainly I’d suggest due to impacted company CIOs, CISOs, and CEOs losing their jobs over these events, however there’s way to many recent examples of incidents to shake a stick at. Breach fatigue is becoming more real – given the shear volume and frequency of these sorts of incidents reported in the media. But it hasn’t happened to you yet… correct?

If you haven’t had to deal with an incident, this ignorant bliss can provide some temporary comfort, however there’s a lot more people becoming aware of the following phrase being used with board members, and senior management alike:

it’s only a matter of ‘when’… not ‘if’ a security / data breach WILL occur

Some practical advice to cyber incidents

Whist the purpose of this article is not to instill fear, uncertainty or doubt (A.K.A “FUD” as us pragmatic security folk refer to it, and avoid like the plague) – but is actually to acknowledge that these events are increasing in size and frequency on an exponential scale, and it’s an unfortunate reality that it’s only a matter of time before you may experience one first hand yourself.

However, rather than focusing on the bad stuff, let’s flip this topic on it’s head and look at it from a different angle.

Proactive Incident Response

News worthy data breaches, hacks and security incidents offer on the flip side an opportunity for businesses to demonstrate and build trust in their brand. What the? Yes – they do.

Companies who demonstrate that even though the proverbial cyber armaggedon shit has hit the fan, the impacted company who have the responsibility of looking after your data, are responding whole-heartedly, with your interests in mind, rather than a response that indicates self protection or trying to cover up. Case in point two incidents at polar opposite extremes – the recent cover up by Uber where they paid hackers to keep quiet (which is terrible for their brand), compared to the Australian Red Cross, who have been commended on how well they handled their recent and most significant data breach in history. The Australian Red Cross leadership team managed this incident very well, with honesty and timely provision of factual information about the breach and the data impacted.

I’m not going to focus on mandatory data breach notification for now, as there’s enough material out there already to fuel an energy company, however what I think important is to make people realise the positive side of being ready for an incident, and having great comms and a comms strategy in place and ready to roll.

As I mentioned earlier, the unfortunate reality is that it is no longer a matter of “if” an incident will occur – but “when”. Therefore I cannot stress enough the importance of having solid incident response plans in place, plus a solid comms plan and chain of command for when it does.

Given the world we live in today, it’s even more important for companies big and small to spend some time rehersing their response to a variety of security incidents that have already occurred. Harsh reality, but as the scouts say it – it’s better to “be prepared” for when that not so pleasant day comes – when a breach or data incident occurs.

Most people within the industry talk about running regular ‘cyber simulations’ (red on blue flag exercises) at least once per quarter, to ensure everything is ready, super proactive, and ready to go. It’s an opportunity not only to test business processes, incident response and communications plans, but to challenge their capbilities in responding to real world cyber incidents through realistic simulations.

Be Prepared For The Terrible Ten Cyber Scenarios

Have you thought through what would happen if any of the more common incident scenarios did indeed happen? Why not make things easier, and engage with the relevant people within your business to ensure everyone knows and understands the roles they play, and are better prepared for when an incident does actually happen?

I call these the “Terrible Ten Cyber Scenarios” – because these are ten real scenarios I hope no one should have to deal with, but some actually have. Unfortunately there’s various real examples of these happening to a wide variety of companies globally. Hence why every business should think about, and be ready for them. In no particular order, they include some nightmare scenarios:

1. Public disclosure of a company breach, data loss or hack by a journalist online prior to any incident detection, knowledge or notification
2. Exposure of confidential customer data
3. Destructive cyber attack on company production systems
4. Large scale virus compromise of company systems
5. Prolonged denial of service attack preventing customer use of company systems
6. Brand damage through targeting / ridiculing of key high profile executives or board members online
7. Disclosure of internal company / staff data not intended to be public
8. High value fraud against customers or company systems
9. Ex filtration of company intellectual property (IP) for commercial, strategic or political gain
10. Social media brand attack – defacement of company online public assets

So how about enhancing your companies trustworthiness?

Let’s play this one out and walk through the first one to demonstrate the difference in adopting a proactive trustworthy approach.

Whilst working for a large organisataion that has lots of customers (and annual revenue to boot), you receive a notification from a reputable, and globally known IT security journalist informing you that they’ve been notified of a large security incident involving your company. Whilst no one has been given any other indication or detection of an issue, everyone in the office spins into a frenzied panic.

A short time later, you receive a call from your public affairs / comms rep – informing you that they’ve just heard from a popular local IT News journalist, who is asking for a formal comment / response on a potential incident at your company. They’re looking for more info so they can publish an article about it online in the next couple of hours. Tick, tock, tick, tock….heart goes pa-doom pa-doom…

The proactive step
Whilst obviously you will need to kick off a team that focuses on performing a preliminary assessment and containment of the incident / breach, at this stage you still don’t know too much about it, or what has been exposed…. (yet). Once the initial contact from the reputable external source notifying you of the incident has been validated as authentic, there’s still not too much to go on, but you know it’s going to be big in the media. The incident itself could be big or small, but there’s no info to confirm either way.

So what do you do? Be pro-active.
The best approach is to inform senior company staff of the incident, to so that they hear it directly, rather than second or third hand from another team, department or worse – from external. That way, they can be prepared, and won’t be caught off guard. Even though that’s not much info – a heads up is better than none.

The point is, that by being prepared for an incident, and most importantly having comms at the ready, demonstrating pro-activeness, you can enhance – rather than degrade your brand’s perceived trustworthiness. By being able to provide factual, accurate and specific information on what has occurred, and what data was affected in a very timely, genuine and empathetic fashion you can make a massive difference, whereby you actually come out on top.

Same for big Australian companies and consideration for contacting the Office of the Australian Information Commissioner.

If you can give them heads up about the incident, tell them exactly what you know (which is not much at this stage) you are demonstrating to them (and everyone) that you are providing the facts as you know it, and doing the right thing. Most importantly you are giving them an early heads up. That way they can support and guide you through the process moving forward.

Other considerations

Obviously, there’s a number of legal obligations to be aware of, especially given the upcoming changes to mandatory data breach notification in February 2018, so it’s best to read up on the information provided from The Office of the Australian Information Commissioner – who have published a detailed guide on developing a data breach response plan.

It’s also worthwhile reporting details of security incidents – particularly where there is likely to be a risk of fraud as a result of the incident to ACORN. https://report.acorn.gov.au/ – They can assist with helping, and potentially forwarding your info to the relevant law enforcement team.

So are you ready?…

If you’d like to receive regular updates on cyber security, fraud, online safety, or other advice, please subscribe:

[email-subscribers namefield=”YES” desc=”” group=”Public”]

Feel free to contact me directly if you have any issues, or need more help.

Recover From Malware Quickly : Essential Expert Tips To Protect Your Identity, Data & System

0

Even the smartest people fall for the common cyber tricks

From time to time I sometimes hear from old friends or work colleagues or people I’ve presented to who have been directly impacted by cyber crime, and need some help or advice. Be it they’ve fallen victim to a phishing email and have been infected with some form of ransomware or keystroke logger, or worse fallen for a social engineering trick which involved allowing hackers to remotely connect onto their computer. Believe me – even the smartest people fall for some of these sorts of scams!

When you know that your computer or device has been infected with malware, or you’ve given remote access to hackers – it’s very unnerving. However, I’ve often found that most people impacted believe that everything can be made good again by just running a quick virus scan, and the problem goes away. I wish it was that fool proof. Whilst most anti-virus / security vendors do a pretty good job, it’s unfortunately not that simple… . there’s a continuous cyber arms race or what others call a game of cat and mouse, where new vulnerabilities are always being found, and in some cases weaponised by cyber attackers before the security vendors, IT software organisations have a chance to catch up.

That’s why I thought it would be useful to write up this article, so people have some easy to follow instructions for what to do when they do get hit with malware.

How might you get infected in the first place?

There’s a variety of ways in which you might accidentally get infected with malware. It might be as simple as falling for a phishing email that asks you to opening an attachment or link, or when you’ve done something you probably shouldn’t – such as downloading and attempting to install a pirated copy of Microsoft office, or other popular (but illegally pirated) software products. In other cases it might be a file that you downloaded when attempting to get hold of a latest movie online. I’m not endorsing illegal software or pirated media, however I know that these are often the reasons why people got infected in the first place.

In rarer cases (but it does sometimes happen), you might have done nothing illegal, but fallen for a social engineering trick – where someone calls your home phone, and convinces you that there’s a problem with your computer, and you need to download some ‘software’ to clean up the mess. You give them full remote connectivity to your machine to help you… which gives them an opportunity to install other malicious software such as keystroke loggers, or user credential grabbing utilities in order to gain further access into your online accounts. There’s plenty more ways, but this is just to cover some of the re-occurring scenarios I’ve heard from people contacting me directly.

OK – so surely antivirus will save the day?

Whilst most antivirus programs can detect and clean up most malware, they do not always detect the very latest threats out there. If you don’t believe me, go check out some of the detection rates from independent testers such as https://www.av-test.org, or if you do ever receive a malicious file, submit it to https://www.virustotal.com, and see how many of the antivirus engines detect it, as that’s exactly what the malware writers do when they create new versions.

The other myth is that malware often gets the blame whenever someone gets impacted by cyber crime. Malware is a broad term that encompasses viruses, worms, trojans, as well as adware, spyware and others. In mosts cases, if you run an antivirus scan of any computer, no doubt the product will more than likely detect or report ‘malware’ that is in fact adware or some other threat that is very low risk. They then think everything is hunky dory if the virus product informs them that it has cleaned the malware and all is good. But could you guarantee that this was actually the case?

Cleaning up after a malware infection or remote access trick
If your computer has been infected with malware, or you installed software under the direction of a scammer, you need a fresh install of your computer’s operating system. No other option guarantees that your computer is clean and malware free. Sure you could clean up with a virus scan, but is it really completely gone? Only a wipe and rebuild will assure that.

Most people don’t want the hassle of having to rebuild or reset their device, as it means that they lose all of their installed programs, files etc. Yes it is inconvenient, but if not properly dealt with and fully eradicated there’s a possibility of you being impacted again through the malware infection.

There are a few different ways to re-install your operating system, however the only way to guarantee that you are malware free is to wipe (format the drive) and re-install from a clean install.

This is what you need to do:

1. Disconnect your infected computer from your network, and physically turn it off to cut all connections. This ensures that if hackers have remote connectivity to your computer, they lose their access, and you can safely fix the problem.

2. You then need to go buy a clean 8Gb USB stick from your local store, and find a friend or colleague with a healthy computer that hasn’t been impacted by malware!

3. Use your friends computer to download the Microsoft media creation tool to set up your USB with the files you need to install. https://www.microsoft.com/en-us/software-download/windows10

4. You then need to plug in the USB drive into your infected Windows 10 computer, and boot off the USB stick and work through the install process. Most computers will automatically attempt to boot off the USB drive, however, in some cases you might need to change the BIOS boot priority to do so. Here’s a quick article on how to do this: http://www.boot-disk.com/boot_priority.htm

5. Once you’ve completed the install, ensure you install your security software of choice as soon as you have a clean version of the operating system installed, and ensure all patches are installed on your Windows 10 device, or Apple OSX computer before use. This guarantees that your machine is free from infection. Additional Windows re-install instructions are here, and Apple OSX instructions are here.

Lastly, we need to cover the importance of backups and restores

I’ve spoken to lots of business owners and individuals about backups and what constitutes a good option. I’ve met some people who literally have a handful of USB drives, and copy all of their important files to a USB drive once a week and unplug it and leave it in a safe. Some use more business grade solutions such as using online services, or others who use more traditional options such as hardware backup media created on site, and stored securely at an offsite location.

Basically having a backup of your important files is a good step, however it’s not a 100% guarantee that you are completely protected. One example is where one business owner I met told me how he got caught out – as he used a rotating three week backup cycle (3 different backups, rotating once per week) however he had been infected with ransomware but didn’t know it, and it had worked it’s way through all of his files and encrypted them. He didn’t realise until too late, when he discovered his backups contained not the original files, but the encrypted ones – so he had no viable backup to restore his files from.

The other thing about backups is that you need to somehow check that you can actually restore the backup – and know that it works. Something to consider!

If you have any comments, feedback, questions or something to add, please feel free to comment below.

Feel free to contact me directly if you have any issues, or need more help.

Roblox Parents Primer

Roblox now has 36.2 million active users (as at March 2021) – so it’s more than likely your kids may already know about this online game. This article provides you with everything you need to know as a parent, and what to watch out for:

Roblox is an awesome game that your kids will love, and if they haven’t told you about it yet… in the coming weeks you’ll more than likely get a request from your kid to install and play it, after they hear about it from their friends at school…. but are you aware of the risks to your child, and know what to do to protect them from pornography, grooming through chat, and bullying on the Roblox platform?…

I’ve had a number of friends ask me about Roblox and if it’s safe for their kids, so I thought it might be worth sharing the advice more broadly –  so everyone can keep their kids stay safe whilst using Roblox.

There’s a few things you need to know and do as a parent – to ensure your kids don’t get subjected to inappropriate content, or get bullied or groomed within the platform.

I’ve provided a general overview of the platform, covered off some of the risks, plus some practical steps for what you need to do below. Hope this helps!

So what is Roblox?
It’s basically a very popular online multiplayer game that works on both PC’s and iPads (computer seems to be more popular), and looks like a mix of Minecraft / Lego.

It’s a lot of fun for the kids and hence why it’s so so popular! The platform has grown its global user base since going live in 2006, and is said to now have more than 36.2 million daily active users (as at March 2021).

Basically they get to play within various games within the platform,  or can build their own. There’s hundreds of games… they range from mazes, obstacle courses, to a wide variety of themes or interests – e.g. fashion shows – mostly innocent stuff. The issue is the self made content – as obviously is ripe for misuse. There’s games including content such as horror, shoot to kill, and other themes definitely not suitable for children.

Hundreds of games available – but are they appropriate & safe for your kid?

Some of the Roblox games are G / PG rated and do seem to be suitable for younger children, but only if the parental controls are set up – and there is strict parental supervision. Under 13 year old accounts have automatic restrictions set, which is a good start, however by default there a number of settings that aren’t active – which need to be enabled to protect your child. I’ll cover these further down this post.

The guys behind Roblox have put a fair amount of effort into providing parental features and controls, however no matter how good these are, there’s always the potential that parents simply don’t know about them / or use them,  or are inappropriately  configured, or not at all – leaving your kids at risk.

Here’s a useful link covering more of the parental features by Roblox.

So what do you need to be aware of:

Roblox has been reviewed on commonsensemedia.org, by both commonsense reviewers and by parents of players.

In a nutshell, there’s a few things to be aware and concerned about – your child might end up viewing pornographic images, or might be subjected to misuse of the chat feature, which I’ll explain in more detail below.

Parental controls, via the account restrictions are therefore essential to protect your kids.

Inappropriate Content
Roblox does have clear rules around no swearing and no pornography, but Roblox can only rely on users reporting such behavior being reported. You report stuff by simply sending an email to : [email protected]

The challenge is that players create their own worlds or games via the Roblox Studio app – where they can create ANYTHING.  That’s all good – but your child can choose to play a game that someone else has created, which might not be appropriate – potentially including pornographic graphics, or be violent etc. If you don’t have parental controls enabled, your child can choose any game to play and potentially be subjected to material that isn’t appropriate for them.

Games that are registered as having Mature or Adult content are largely blocked in under 13+ accounts. There are however some other creative ways players can get around this, with rude titles, swear words, and inappropriate / raunchy / provocative / rude clothing / outfits.

If you turn on account restrictions, they can only access curated games within the platform – which are reviewed and known to be safe and appropriate. Additionally, if you turn on the account restrictions feature, contact settings (under the Privacy page) will also be set to “Off“.

We’ll cover this in the quick tips section further below.

Chat & Online grooming
The other thing to be aware of is the Roblox platform chat capabilities – as it’s quite limited from a parental settings perspective. Players can send each other messages, and can send and receive friendship requests to each-other too. Strangers can also request to become a friend.

Here’s a screenshot of the privacy section of the settings. It’s either ‘Friends’ or ‘no one’ for “Who can message me” and “Who can chat with me in app” settings, and either ‘Everyone’ or ‘no one’ for “Who Can chat with me in game”:

Do you really want “Everyone” to be able to chat with your child in a game? Maybe not. The challenge is – if your kid has already started to use the chat facility with their friends, then it is a difficult one to then remove it. Best to explain the risks of stranger danger, and what they need to know….

Stranger Friend Requests

Whilst the new account restrictions can do a great job of blocking chat and blocking games that have adult content within them, unfortunately your child even with the strictest settings set up, will still get random friend requests from complete strangers. Often your kids will always accept these requests without giving it much thought as to who they might actually be communicating with.

Be aware that it’s possible to receive friend requests whilst using an “under 13 year account” with the available account restrictions all enabled to the strictest settings. If your child accepts these friend requests, unless the parental controls are set to the strictest “no chat in game” settings they can then talk to these strangers, who become “friends” after their request has been accepted, via messaging and chat. They could also play with them on shared games. Something to watch out for, and you should talk to your kids about this.

If your kids are already using the platform, using the parent account, check who they have made friends with, and delete / block friends. To do this when logged in, click on the friends menu, and the click on the profile of the “friend” you want to “un-friend” and then select “Unfriend” from their top right profile.

Some quick tips for parents
1. Ensure you set up your parental account so that you can manage your child’s settings within the platform.

2. Once you have the parental account configured, next step is to ensure you set up the 2 step verification, so that when your child logs in from a new device, a code will be sent to your email address to approve it.To do this log in, and click on the cog icon in the top right of the screen, select settings, and then click on the security tab.

3. Whilst logged in, also set the account PIN, so that only you can change the security & privacy settings.

4. Make sure your child’s account is set up as “under 13 year old” account – as this has automatic restrictions set. To check this, log in using your parent account, and you’ll see your child’s account name displayed in the top right hand corner – with a “<13” to indicate that it is a under 13 year old account.

5. Lastly, and most importantly ensure that you have enabled the “Account Restrictions“, so that your child can only access curated content on the platform. This prevents inappropriate games from being accessible. This setting also disables all of the chat features.

Watch out for multiple player accounts 

There is no way to stop your child from having multiple Roblox accounts on a device. Your child could have one Roblox account you know about…. and perhaps one over 13+ account that you don’t know about that you don’t supervise.

There is no restriction or mechanism to stop your child from setting up an over 13+ account. You will not get an email notification about a new account being enabled, or be able to see it on their device if they log out of it. That’s why it’s important to supervise and check in every now and then.

Supervise your child
It’s a really good idea for parents to supervise account sign up, set the account restrictions, and then sit with their kids when they are playing. Especially for younger teens and under 13 year olds. Make sure the computer or device they use is in a supervised spot – where you can see what they are doing.

It’s also a really good idea to talk about stranger danger online, and to set boundaries around accepting friend requests, and supervise your child if you do allow them to join and play with their real offline friends.

Some additional considerations:

  1. Ensure your child has not entered any personal details in the Roblox account info – so that they aren’t sharing any personal info such as their birth date, gender or location. Some kids do this, and don’t realise the risks of sharing too much info online.
  2. Ideally ensure the account name that your child sets up, does not relate to their real name.
  3. Ensure your child uses a long password, and that they know not to share with anyone other than yourself. Nothing worse than bullying though someones account being misused.

Please get in touch if you have any other questions or concerns about the Roblox platform.

I’m always happy to hear from people.