Cyber Security

With the overwhelming increase in scams and hacks, we are here to offer you some key information to help keep your devices safe, and you safe, whilst online.

This page is all about the important topic of Cyber Security.

We know that it can be confusing at times navigating the cyber world of technology so we will keep it simple as we can.

Skip your social media surfing for the next ½ hour and read up on how to stay Cyber Safe.

If you have been involved with a Cyber security indecent

Please contact Australian Signals Directorate
An Australian Government Cyber Security Support Service. 

https://www.cyber.gov.au/report-and-recover/where-get-help.

Upskill your Cyber Security Knowledge with a 1 hour free course from Cyber Wardens.
Protect yourself and your small business now!

Take a quick quiz here to see how Cyber Secure you are?
https://www.cyber.gov.au/learn-basics

Before we get too much further into this page, some sobering facts about our online world and why we need to use our technology consciously. 

How Many Cyber Attacks happen per day? https://techjury.net/blog/how-many-cyber-attacks-per-day/ – There are some staggering statistics here.

Some suggestions on how to Stay Cyber Safe

Just like home security, you can never be 100% foolproof in keeping out those that are desperate to get in. But you can take some basic actions which deter most cyber scammers and hackers and give you some protection and peace of mind.

  1 . Use strong passwords – If you are using a password manager correctly, you should only know your password manager password

  2. Record your passwords in a password manager or iCloud Keychain

  3. Turn on 2FA (2 Factor Authentication) for all sensitive online accounts – preferably an Authenticator app – i.e Step Two

  4.  Do not answer social engineering text or calls (spam text or calls)

PASSWORDS – Create strong passwords (these can be created with a random password generator or memorable passphrase) – Random passwords using random letters, numbers and special characters or passphrase like “My Blue Car has 4 Windows”.

You can Check your password strength here, you may be surprised at how little or how strong your password is. https://www.security.org/how-secure-is-my-password/

Another password tip – update your passwords from from time to time. Save your strong passwords in your password manager and keep your passwords different from each other. Also delete any online accounts that you no longer use.

AWARENESS – the very best way to stay ahead of the scammers is to understand how they work and what to look for – so that you don’t fall for their tricks if they do come a calling!

Aussie Broadband have posted clear, and detailed, information on the various types of scams:  phone, text and email.  Have a read at these 2 links.  (Its only about 10 mins reading – and well worth it!)

What is a Scam or a Hack?

A scam is when someone contacts you personally via an email, a phone call or a text and asks you (tricks you) to take some action. This could be clicking a link, giving them access to your computer or phoning a number.  The action taken inevitably leads to them gaining access to your finances, or you sending them money directly as you believe it to be legitimate. 

A hack is when someone uses their technical skills to breach the security you have on your account, or your device, to access your personal information or your finances.  There is no personal contact or notification of this as it is done directly into an account.

“I Have Nothing to Hide” – The Dangerous Myth About Privacy – It’s become a default response from many to overreaching surveillance. When did privacy start being about having something to hide? It used to simply be about having the right to decide for ourselves who gets access to our data. But over the past decade we’ve lost that choice, and so much of our personal and sensitive information is shared without our knowledge or explicit consent – More here

Email can be intercepted ! 

Email can be intercepted and read by people you may not want to see what you have sent – This is known as an MITM (man in the middle attack).

These MTM attacks can even modify an attachment on your email. If your attachment is an invoice, they may change the Bank account details on your invoice to their own bank details, send on the modified attachment and your customer will pay them and not you!

If you receive and email with an invoice to pay, and you have not paid to their account before, before sending payment, phone the sender and check their Account number on the invoice you received matches the details the sender has.

Remember, email and their attachments can be altered by the bad guys along the way, and you could end up paying into the wrong account. With this kind of attack, banks will not refund your money under their internet fraud policies. If incorrect payment does happen, more often than not, the actual sender will still want their payment, so you may end up paying the bill twice.

If you need to send sensitive information or attachments, it would be worth considering sending the information or attachments on a secure messaging platform. For example –  Signal, Threema, or sending documents or PDF copies of an invoice for example via a secure file transfer service like Transferly.

If you are using iPhone or Mac and are correctly logged into an Apple ID with iMessage turned on and you know the receiver is on iPhone or Mac with their Apple ID setup correctly, then you could send iMessage to iMessage as Apple to Apple uses End to End encryption in Apple messages. Check for blue message bubbles, not green. Blue bubbles are encrypted – IF this sounds all to difficult, go back to Signal! Encryption on Signal is setup for you by default.

Proton Mail is also a secure way to send email and attachments, so only your intended recipient can read it. Sending Proton to Proton is end to end encrypted. If you send to a non Proton address (Gmail for instance), Follow the encryption prompts on the Proton email to securely encrypt your email to the receiver

If email is the only option, consider if your email provider is reputable. We recommend Proton Mail as a secure email provider. Proton emails can be securely encrypted with a password that you will need to tell the receiver. You could phone the receiver and tell them the password, or send them an iMessage text with the password or send them the password on an encrypted transfer service such as Transferly. 

Alternatively, you could just send your sensitive information or invoice via Transferly. This service is end to end encrypted for secure sending of files, messages or passwords. 

So the key here is to stay vigilant with all online transactions and check all details before sending payment to anyone. 

Some Products and Services that could assist you

Proton Mail is an easy alternative to Big Tech email. Most popular email providers, such as Gmail, Outlook, and Yahoo, scan the content of your emails and use your email address to create a detailed profile on you and profit from your data.

Proton Mail’s end-to-end encryption and zero-access encryption ensure only you can see your emails. Not even Proton can view the content of your emails and attachments.

Proton Mail is based in Switzerland, is open source, has no trackers and is ad free. 

Along side private and secure email. Proton also offers VPN, Cloud storage, Password Management and Calendar.  A complete suite that is an easy alternative to big tech email

PASSWORD MANAGER – The best way to keep track of all your passwords is with a Password Manager.  DO NOT keep them in your head, a little pocket book or in the ‘safety’ of your ‘tech person’ who may be your son, daughter, neighbour or uncle.

Document your account passwords and, *we suggest Dashlane as a Password Manager. We have been using this App for over 5 years and it has proven invaluable in managing the security of our passwords.

Dashlane now have a Family feature so you can manage passwords across multiple devices, and family members, for around $100 AU / year.

Two great alternatives to Dashlane is Proton Pass and  BitWarden. There are free and paid versions of these applications, as is Dashlane, however the free version of Proton Pass and BitWarden both sync across all your devices, unlike Dashlane. 

If you are an Apple user, an alternative to Dashlane is to turn on KeyChain on your iCloud Apple ID.  When you use Safari on your Mac, Keychain will automatically fill password from the secure iCloud vault on all of your devices logged into your Apple ID.

SLNT Products offer privacy for you and your device. Makers of high quality Faraday Bags, they instantly block all connections in and out to your device. Giving you peace of mind, safe travel, and health and well being benefits.

Visit the SLNT page now to discover more. While you are there, we recommend your watch the video in this post on “Social Engineering” on the SLNT page. It is eye opening. If you are new to the concept of technology privacy, this is a great place to start. Watch here – https://slnt.com/blogs/insights/social-engineering-tips-to-make-yourself-safe-from-this-hacking-tactic

If you are using FREE antivirus, YOU are the product – Be aware, you data is what monetises Big Tech. AVAST Antivirus has been fined $16.5 Million Dollars for selling customer data collected through their Antivirus platform and Web Browser plug-in.

This highlights the need to be very clear on what you sign up to online and how that service is going to make money – https://www.theverge.com/2024/2/22/24080135/avast-security-privacy-software-ftc-fine-data-harvesting

If you still want an Antivirus on top of the built in security of the Apple operating system, we recommend MalwareBytes. There is free and paid subscriptions for this product, however the paid service is an always on protection, whilst the free version needs to be manually prompted to scan your Mac

Quad9 – is an alternative DNS resolver to your ISP supplied DNS service. DNS is short for “Domain Name System”.

A DNS resolver is a phone book for the internet, an english to numeric convertor if you will.

The internet essentially runs on IP Addresses or a set of numbers like “185.321.564.12” for example. DNS simply and invisibly to you, turns this number into “abcxyz.com” for example. This means you do not have to remember the actual IP address or number for one of the 360 million active domains currently online.

A DNS server will magically do this for you. Most DNS servers are tracked, and therefore your internet activity is logged. Quad9 is a private and untracked DNS service based in Switzerland. Aside from Quad9 being untracked, or private, it also blocks malicious websites and web based threats before they arrive at your device.

Quad9 is configured into your home or business modem router via the modem user interface, and runs silently without interruption to you, all the while adding another layer of protection to your online privacy and security.

Visit Quad9 for more information, or to find the DNS server numbers you need to add to your router. https://www.quad9.net/

VPN vs iPhone Hotspot – A common misconception is a VPN will hide you from the internet. A VPN is not as much of a silver bullet as many people believe. You are not completely anonymous and a VPN will put more of those pesky “Are you a human” roadblock tests in the way. There are many reasons to use a VPN, but there are pros and cons to consider.

A VPN is essential if you are often using public wi-fi connections in airports, cafes or libraries, which are less secure, or perhaps struggling with a Geo-location internet connection limitation or wish to connect to a different countries streaming service content (Netflix etc). 

An alternative to using a VPN is to hotspot to your iPhone and connect online using your personal data supplied by your phone carrier. This connection is end 2 end encrypted, so very secure. If this is not possible in the location you are in, a VPN is the the next best thing. 

We suggest *using Proton VPN , at a reasonable price for security at around $120 AU / year per user with protection for up to 5 devices.  If you have more than 5 devices, you can add additional 5 device licence subscriptions to your account to cover all of your devices. 

If you prefer to try before you buy, we recommend a look  at Proton VPN Free. Proton Free has a few limitations imposed, but works well as a VPN and will give you a great feel of how a VPN can assist your online activities.  

A solid alternative to Proton VPN is IVPN. No Trackers, No Logs, No email account to sign up. IVPN is an Open Source product with apps for all platforms. IVPN is also a very ethical company (as is Proton), and so both services are worth considering.

Here is a comparison between the two platforms – https://www.thevpnlab.com/compare/protonvpn-vs-ivpn/

Tips for Managing your Digital Footprint – How Should You Manage Your Digital Footprint?

Firewalls Don’t Stop Dragons – https://firewallsdontstopdragons.com/ – An excellent resource for everything you need to keep you security and privacy safe. Definitely worth the visit. There is also a great Podcast and a Book to buy if you want a practical guide to help you keep safe. Click here to visit the Firewalls Don’t Stop Dragons Website

Naomi Brockwell of NBTV.Media is a Privacy Evangelist with an informative website that is loaded with security safety and privacy tips. – https://www.nbtv.media/

Naomi even has a great book you can read offline to help you with your Cyber Safety – Click here for the book 

Time to Log Off – https://www.itstimetologoff.com/ – A website full of great resources on how to manage your digital life with more balance

Read through these points noted here. It is very difficult to stay anonymous online (short of NOT going online), so be aware of what you are leaving behind and maybe make some updates to your online footprint? – https://www.teachthought.com/the-future-of-learning/digital-footprints/

Backups – Backups don’t prevent a Scammer or Hacker BUT they do provide you with the best security for when your device is damaged (think coffee spill or flood damage) or the hard drive fails or you accidentally delete or lose something. Backing up your data gives you a fighting chance to keep your data safe at all times.

iDevices can be automatically backed up via iCloud and Mac computers can be automatically backed up to an external hard drive using Time Machine.  You just need to set these backups up to know that your valuable data will be retrievable, no matter what. 

*These suggestions are recommendations from our experience. And of course, feel free to do your own independent research and choose services which will best suit your requirements.

If you think you’ve been scammed or hacked, wish to setup a backup, or want to know more about Password Managers and VPN.  Come into store for a chat.

Stay Cyber Safe everyone.