Our top 5 cyber security secrets (featuring TranTech Computers)

This week we had a special guest join us in the studio – David Tranter from TranTech Computers.

We enlisted the help of David to shed some light on a not-so-sexy, but super crucial topic: Cyber Security. It’s so important to protect any digital information that your business creates and stores, and in case you haven’t given it a thought – we’ve put together this episode to get you started.

Here are the top five things to consider for better cyber security for your business (from a real expert):

Passwords: This should come as no surprise, but… you need to change your passwords. It sounds overwhelming, but you should have a different password for every site/account. An easier way to manage this is through a password manager. A password manager is an app that saves all your passwords, so you only have one long password to remember (plus second-step for multi-factor login, more on that soon!). This is so important because security breaches do happen - for example, a couple of years ago, LinkedIn had a breach where users’ passwords got uploaded to a big text file. Hackers could then download this file and get a list of all these different passwords. It’s then just a matter of finding the email address (not hard!) and trying your password on all different accounts (because we tend to use the same passwords over and over, and hackers know this!) - such as your actual email. If someone can manage to get into your email account, they can basically get into your life.

Cyber security training: There is a range of training that can be done with you/your team, such as phishing training. Phishing attacks are the practice of sending fraudulent communications that appear to come from a reputable source. As a business, you can do phishing training where your IT company sets up pretend phishing scams, and try to ‘fish’ to see if staff are clicking potentially threatening links/attachments/etc.

Payment scams: Again, this is similar to phishing scams and has financially affected a number of businesses. While there are heaps of different ways they can occur, the one that really rings true is the “change in payment details” scam. For example, if you get an invoice from your supplier, and it has different bank details on the bottom. That's where you need to stop immediately and confirm via phone that they actually have changed their details. Don’t just hit reply on the email – because chances are, this will go back to the scammer. Pick up the phone and speak to the relevant person at the accounts department to confirm. If their account details have changed.

Sometimes these can be really sophisticated, where the scammer will register a .com email address that looks like it comes from a legitimate source. Other times, it can be super, super basic. On occasion, the scammer will do some reinforcement, where you may get an email that comes in the first place with an official type letter that says ,“Please note our bank details have changed on this date here. Signed your sincerely etc”. It's got a letterhead, it's fully titled and looks like a professional letter. They'll send that off, and then they'll send a fake invoice - and so on. One the worst TranTech have come across was when a client got a letter like that to change bank details. They updated their banking system and when their payment run came in, they paid it. Then another 30 days later, another invoice came in - and they paid that. For the supplier, the client was in their 90 days arrears so they rang to chase up payment - and that’s when it was found out. Definitely always worth checking first!

Backups: This isn’t cyber security so much, but if you don’t have a good backup, then you're not going to be able to recover after a breach. Let's say you do have a breach of any type – like a nasty cryptolocker attack. A crypto attack is basically when all your files are ransomed and rendered useless - those are files like Word documents, Excel, photos – the whole lot. You can't open anything and the only way to get them back again is to pay the ransom or to restore your backup. So it’s important to know what your backup system is, how it works, how often it backs up, when did it backup last and what is the restore time to get you system back up and running again so you can function as a business.

Two-factor authentication: What even is that? Let's take emails as an example. You have your email address, and then you have a password. That's one layer of security - one factor. Then you’d need to add a second factor. That could be a text message that comes to your phone, or an authenticator app that's on your phone, or through biometrics on your physical device (like fingerprints or facial recognition). The more factors or layers you add to your security, the better. To set up a two-factor is different for every site, but basically all you have to do is go to your account settings to find “security” and there'll be options on how to set it up. Or alternatively, just speak to your IT team to do it for you!

BONUS: Cyber insurance is definitely something you should consider for your business. Be aware, it’s no use having cyber insurance if you don’t have all the other precautions in place. If you have all the necessary security measure in place, and you’re still a victim of a cyber attack, insurance can save you and your business a lot of money!