While there are many things you can do to prevent and prepare for them, Cyber-attacks may seem unavoidable.

Making sure you have a Cyber Security Strategy in place can help reduce the risk and severity of breaches and help you navigate the fallout after an attack occurs.

What To Do Before a Cyber Breach

If anything, the recent string of data breaches and hacks has shown that no business is safe from cyber-attacks. However, having a Cyber Security strategy can go a long way in increasing your company’s preparedness.

One of the best starting points for your cyber security strategy is to follow the Australian Cyber Security Centre’s Essential Eight. According to the ACSC:

“While no set of mitigation strategies is guaranteed to protect against all cyber threats, organisations are recommended to implement eight essential mitigation strategies. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems.”

You can read more about how to implement this framework via our article why the Essential Eight is vital for your business or by referring to the ACSC’s Essential Eight guidelines.

Every business needs cyber security protection, especially those dealing with sensitive personal data. Some companies may also need to consider the need for cyber security insurance, also known as cyber liability insurance or cyber insurance.

Signs That You May Have Had a Cyber Attack or Breach

A cyber-attack or leak can happen anytime and involves attempts to steal or destroy data, money, or intellectual property or disrupt and cause system outages.

Some of the signs of a potential cyber security incident include the following:

  • Unauthorised access to a system or attempts to access a system
  • Emails with suspicious attachments or links
  • Questionable network or system activity
  • Suspected tampering of electronic and computer devices

Shortly after a cyber security incident, you may experience unusual activity on your systems, including:

  • Data is missing or appears altered.
  • Noticeably increased start-up times of computer hardware or starting up incorrectly
  • Computer systems are running slower than usual
  • Frequent crashes of computers on previously working devices
  • Company email accounts sending spam to contacts
  • Your internet browser automatically directs you to unsafe or suspicious websites
  • Computer hardware running low on storage space, where they were no issues previously
  • Being unable to access system and network accounts

If these issues occur, immediately contact your IT provider or Managed Service Provider (MSP) and enact your cybersecurity incident response plan.

After A Breach

Sometimes breaches happen. No cyber security plan is entirely impassable, but your response to a leak or hack will have significant ramifications for the future of your business and your customers.

Therefore, a company should have a cybersecurity incident response plan (CIRP).

A well-designed CIRP helps you mount an effective and swift response to cyber incidents. The following steps will help get your business up and running as quickly as possible.

Limit Damage

Limiting the damage wherever possible is essential if you suspect a cybersecurity incident has occurred.

First, turn off all computers and disconnect them entirely from the internet and wall power. This removes the chance for a hacker to continue accessing your devices or spreading the attack across your network.

At this point, it’s important not to connect any backup systems or portable devices, such as laptops, to your network as you want to keep the integrity of your backups to prevent data loss and decrease the chance of spreading the cyber-attack.

Enact Your Cyber Security Incident Response Plan (CIRP) and Seek Help

Your business should have a cyber security incident response plan as outlined above. Now is the time to use it. Ensure all staff members know their responsibilities and the tasks they must perform. If your business still needs a CIRP, contact your managed service provider (MSP) or contact us for help.

One of the best resources for Australian Businesses is the Australian Cyber Security Centre (ACCC). Their website provides guidance to help businesses identify cyber-attacks and incidents – and for immediate assistance, you can call the Australia Cyber Security Hotline: 1300 Cyber1 (1300 292 371).

Contact your IT provider or MSP so they can identify the cause of the cybersecurity incident and can limit the damage caused. In many cases, your MSP can contain and eliminate the threat and repair and restore your crucial business systems.

Make sure to consider the best way to contact your MSP as attackers may have already compromised methods such as email; instead, phone them directly via their support line.

At GCIT, our clients can contact us directly via 1300 369 111.

Report the Cyber Security Incident to the Authorities

Another consideration is whether you need to contact the police, the Office of the Australian Information Commissioner (OAIC) or your insurance company if you have cyber security or business insurance.

A Cyber Security incident can result in a data breach, and personal information can be compromised. In such an event, you may have an obligation to notify authorities, including the OAIC and the Australian police.

The Australian Cyber Security Centre (ACSC) also have a tool called ReportCyber for reporting cybersecurity incidents. Reporting assists the ACSC in developing advice, techniques, and capability to respond to and prevent cyber-attacks and threats.

It is vitally important to report any instances of cyber attacks resulting in data breaches. Per the Privacy Act 1988, notifications to the OAIC must be made within 30 days or as soon as practicable.

Entities responsible for certain critical infrastructure assets are now obligated to notify the Australian Cyber Security Centre (ACSC) of the cyber security incident within strict timeframes, as little as 12 hours for highly critical incidents.

This reduced time frame is due to amendments made to the Security of Critical Infrastructure Act 2018 (Cth) (SoCl Act) on the 8th of July, 2022.

To learn more about these changes, HWL Ebsworth Lawyers wrote a great article describing how this effect businesses and to whom it applies.

Investigate the Breach

Once the cyber-attack has been contained and all affected devices are quarantined, it’s essential to identify how exactly the breach occurred and what the damage is. To do this, you may employ the skills of a forensic IT specialist who investigates the causes and effects of the cyber security event.

This is important for three reasons:

  1. It allows you to identify what occurred and the scope of the breach.
  2. It enables you to formulate an effective plan to respond to the cyber security event, and it will determine the gaps and vulnerabilities in your company’s cyber security.
  3. It’ll allow you to perform fixes so the same occurrence doesn’t happen again.

Notify Customers and Clients

After your team members are informed, and you have alerted the relevant authorises about the cyber-attack, it is time to notify your customers or clients. If the cyber security breach falls under the Privacy Act (1988), you must promptly notify the individual at likely risk of serious harm.

In addition, under the Notifiable Data Breach (NDB) scheme, you must inform the affected individuals and the OAIC when an eligible data breach occurs.

According to the OAIC, an eligible data breach occurs when:

  • There is unauthorised access to or unauthorised disclosure of personal information or a loss of personal data that an organisation or agency holds
  • This is likely to result in serious harm to one or more individuals, and
  • The organisation or agency hasn’t been able to prevent the likely risk of serious harm with remedial action.

This notification to individuals must include recommendations about the steps they should take in response to the data breach.

When communicating with customers and clients, it is vital to be transparent and open about how the data breach affects them and what you are doing to improve the situation.

Some Key Things to Communicate Are:

  • When did the breach happen, and why?
  • What systems/services have been affected?
  • What steps are you taking to resolve the situation?
  • Is the breach ongoing, and can you say when you will fix it?
  • Who can customers contact if they have questions or concerns?

Depending on the extent of the data breach or cyber-attack, it may be worth hiring a public relations firm for the duration of the incident. This can help improve communication between you and your customers.

Restore and Recover Data and Systems

Once the breach has been isolated and eradicated from your systems, recovering and restoring your IT systems, networks, and devices can begin. Many organisations will have a business continuity plan or disaster recovery plan.

This plan details how your company will ensure its ability to continue providing services to your customers or continue operations.

However, even if no plan was implemented, this process should include restoring systems to normal operations, monitoring to confirm that any previously affected systems are operating normally, and making plans to remediate vulnerabilities to prevent similar incidents.

Evaluate and Improve

When the cyber security incident is resolved, it’s essential to reflect on the actions that occurred and improve your cyber security in the future using the information gained during the event.

This will not only strengthen your defensive capabilities into the future but strengthening your cyber security can also improve your standing when it is time to renew your Cyber Security Insurance.

Some Considerations when Creating a Cyber Incident Response Plan

Below are some tips for creating an effective CIRP:

  • Keep a hard copy of your response plan and include important contacts such as your MSP, Insurance provider and the Australian Cyber Security Centre. During a cyber-attack, you may be unable to rely on Digital copies.
  • Prepare and train your staff to respond when a cyber security incident occurs. Ensuring staff act quickly to an incident is integral to preventing or reducing data losses and breaches.
  • Educate employees on identifying a cyber event and provide training on preventative measures such as the Essential Eight for your staff to decrease your risk.

 

At GCIT, we specialise in providing Cyber Security peace of mind to our clients using best practice security measures and customised support.

Our services help industry-specific occupations utilise the best security practices without interfering with your business’s daily operations or productivity.

To find out how GCIT can help your business contact us at 1300 369 111.

On November 17th, Microsoft announced a new feature for Microsoft Teams – sign language view. This accessibility update improves the Teams meeting experience for signers by allowing users to keep selected users in centre stage, ensuring interpreters remain in a consistent location throughout every meeting.

Sign Language view makes several changes to improve accessibility for the Deaf and/or hard of hearing, including:

  • Keeping interpreters and other signers ‘video feeds in a consistent location
  • Ensuring that video feeds are an appropriate shape and size for sign language to be visible
  • Allowing participants to have up to two other signers in view throughout each meeting
  • Reducing repetitive meeting setup tasks like pinning interpreters and turning on captions at the start of each meeting.

With sign language view enabled, video streams are automatically prioritised at the highest available image quality and the correct aspect ratio. Like pinning and captioning, the sign language view does not affect other members in the meeting and can adapt to your needs.

The sign language view allows video feeds of the individuals you have assigned to stay visible on centre stage if their video is turned on. Other meeting members can also be pinned or spotlighted without blocking the view of the sign language interpreter.

Teams Sign Language Interpreter

Microsoft Teams: Sign Language View

When a member of a meeting shares content such as a presentation, the prioritised sign language interpreter’s video changes position, however, it remains more prominent than other video feeds and remains at high quality.

Microsoft Teams Sign Language View Presentation

Microsoft Teams, Sign Language View prioritised even when presenting

Microsoft has also allowed users to:

  • Set sign language view as a default across all their meetings
  • Pre-identify preferred signers that work within an organisation
  • Toggle captions on and off across all their meetings.

Users can find these options in the new Accessibility panel in the setting menu.

Accessibility Settings in Microsoft Teams

Accessibility Settings in Microsoft Teams

To find out more, read the article from the team at Microsoft, and learn more about Microsoft team accessibility features and how to use the sign language view feature.

The sign language view accessibility feature was initially released in Public Preview and is currently being rolled out for the Teams desktop application and web clients for commercial and GCC customers. You can enable public preview on a per-user basis. To find out how to enable the feature check out Microsoft Teams Public Preview in Microsoft Learn.

For advice on making Microsoft Teams work for your organisation, contact GCIT today

Cyber Security incidents can have a detrimental impact on Australian businesses. With the increased reliance on internet-enabled services, companies are more vulnerable than ever. This has made them ideal targets for financially motivated cybercriminals with the issue  being compounded, as many small businesses need more resources or time to create a comprehensive cybersecurity plan.

In the last twelve months, there has been an increase in the number and sophistication of cyber threats in Australia. The Australian Cyber Security Centre (ACSC) received over 76,000 cybercrime reports over the 2021-2022 financial year, an increase of nearly 13% from the previous year. For small businesses, the cost has also increased, costing on average over $39,000 per cybercrime reported. The cost of a cyber incident is not just monetary. It can cause irreparable damage to your consumer trust and compromise customer, business, and employee data.

For small and medium-sized businesses, it is essential to have cyber security mitigation strategies to help decrease the instances and impact of cyber incidents. The Australian Cyber Security Centre recommends the Essential Eight Framework to mitigate the risk of cyberattacks on Businesses.

What is the Essential Eight?

The Essential Eight is a framework recommended by the Australian Cyber Security Centre to help organisations protect themselves against cyber-attacks. It is designed to protect Microsoft Windows-based networks and systems. However, its principles can be applied to several situations and devices. In addition, it includes several mitigation strategies to reduce the risk of cyber threats significantly. This makes it the ideal starting point for many small and medium-sized businesses. The Essential Eight outlines several steps you can incorporate into your organisation’s existing systems to improve security and stability.

When implementing the Essential Eight, the first step is determining the maturity level you need. There are four levels, Level Zero through to Level Three. A Maturity Level of Zero signifies that an organisation has weaknesses or holes in their cyber security strategy. Grades One through Three recommend security measures of increasing strength and complexity to improve an organisation’s cybersecurity.

How to incorporate the Essential Eight into your business

If your business does not employ the Essential Eight, we recommend starting with Level One. Below are the critical components of this framework.

Application Whitelisting

Apply application control

Application Control prevents unauthorised applications from being installed or run on a company computer. It’s a zero-trust security approach designed to protect against malware and untrusted applications. For example, in a Medical Centre, this could involve allowing access to only your practice management software, such as Best Practice or Medical Director, and related tools.

A practical method of implementing application control is to use Windows Defender Application Control (WDAC). This tool is included in Microsoft 365 Business Premium, a component of all GCIT-managed service plans.

Patch Applications

Patch applications

Patch management ensures that all systems are up to date with available security patches promptly. Patches are necessary to close vulnerabilities or bugs in your software. This would involve updating programs such as Microsoft 365 with the latest updates.

Most business-specific software will deliver communications when updates are available. However, it’s the responsibility of the Business owner or IT Service Provider to ensure these are applied promptly. Patches and updates should be applied within two weeks of release or within 48 hours if a security exploit exists.

Keyboard Macros

Configure Microsoft Office macro settings

Microsoft Office applications can create and execute macros to automate routine tasks. A macro is a sequence of automated actions that can replace mouse clicks and keystrokes to complete complex tasks. While these can be helpful tools, macros can also contain malicious code used by attackers to run harmful code or download malware.

We can manage the risks of Office macros using Attack Surface Reduction Rules in Microsoft Defender for Business, a Microsoft 365 Business Premium component.

Application Hardening

User application hardening

Application Hardening involves reducing vulnerabilities in the applications your company uses. In the context of the Essential Eight’s Level One maturity model, Application hardening refers to security settings in the web browser. Specifically:

  • Web browsers do not process Java from the internet.
  • Web browsers do not process web advertisements from the internet.
  • Internet Explorer 11 does not process content from the internet.
  • Users cannot change web browser security settings.

These settings can be implemented using Security Baselines in Microsoft Intune, another inclusion in Microsoft 365 Business Premium.

Patch Operating Systems

Patch operating systems

A patch is a security update that fixes vulnerabilities. Like Application Patching, timely Operating System patching ensures your operating system has all current security updates installed.

Patches need to be constantly monitored to ensure systems are up to date. Security updates can be deployed per workstation using Microsoft Update settings. However, your IT provider can also manage them with a Remote Monitoring & Management (RMM) tool. Like many IT service providers, GCIT offers services to control Operation System patching through our RMM tool.

Restrict Admin Privileges

Restrict administrative privileges

Administrative Privileges allow a user to create, delete and modify files, settings, programs and other user accounts. A user with administrative privileges can significantly change an IT environment’s configuration and security posture. Administrative rights also allow users to elevate their operations and access sensitive information. Without restrictions on user accounts, malware and malicious code can cause much more damage, especially if the user that triggered it is an admin.

Restricting admin privileges also creates a more stable and predictable workspace, as fewer users can make significant environmental changes. Your IT Provider should regularly audit your environment’s permissions through consistent access reviews. They should also use the just-in-time access approach, ensuring users have the least possible privileges to perform administrative tasks for only the needed time.

Multi-Factor Authentication

Implement multi-factor authentication

When a user logs in to an account, multi-factor authentication requires multiple forms of authentication to prove their identity. This may come in the form of a password plus a generated code sent via SMS, email or authenticator app, or a secondary device that is already logged in and may need to approve access. An example is Apple’s multi-factor authentication which allows users to sign into their accounts using a password. They can then approve this action on an authorised apple device such as an iPhone.

Multi-factor authentication is one of the most effective security measures a business can implement. When implemented correctly, it can make stealing credentials that can cause further malicious activities considerably more difficult. Microsoft reports that multi-factor authentication prevents 99.9% of identity-based cyberattacks. This effectiveness, combined with its ease of use, makes multi-factor authentication a vital first line of defence for any organisation.

Regular Data Backup

Create regular backups

Businesses need to ensure they back up business-critical information. Backups are not just for quick recovery in the event of a disaster but can also be an operational requirement for some industries. For instance, general practices require it to achieve accreditation from the Royal Australian College of General Practitioners (RACGP).

Backup is the process of copying files or databases to ensure their preservation in the event of equipment failure, security and cyber breaches or other disasters. Businesses should check their backup system regularly, including testing its ability to recover data. The loss of critical data can impose a high financial and operational cost on your business. However, having a business continuity plan with a reliable and frequently tested backup procedure can mitigate some of these effects.

Conclusion

Protecting your business from cyberattacks is one of the most important steps to improve your business’s stability, improve customer trust, and ensure continued operations. However, it’s important to note that the steps outlined above cannot entirely remove the threat of a cyberattack. Still, they can mitigate the risk and hopefully decrease any attack’s severity and long-lasting impacts.

At GCIT, we are specialists in providing Cyber Security services to numerous businesses across Queensland and New South Wales. Our Award-winning cybersecurity experts can take the stress out of IT Security and make sure your data is secure.

Contact GCIT to find out how we can help your business or organisation protect against cyberattacks.

iCloud in the Microsoft Photos

iCloud is now available natively within the Photos App for Windows 11 Users, Source: Microsoft, 2022

The Windows team announced earlier this month that the latest update to the Photos App would support iCloud Photos. This update started rolling out on the 9th of November and should be available to all Windows 11 users by the end of the month.

The updated Photos app available in Windows 11 already supports OneDrive, Microsoft’s cloud storage solution. Photo and video collections from iCloud devices can be viewed directly on a PC. This integration will improve the ease of use for many iPhone users allowing photos to sync to the Photos app automatically.

To use this feature, ensure the Photos app is updated to the latest version and install the iCloud for Windows app from the Microsoft Store. Sign into your Apple account in the iCloud for Windows app and choose to sync your photos. Your iCloud Photos and Video content will now automatically appear in your Windows Photo app.

To find out about the latest Windows updates, follow the Window Blog, or see what’s new in the latest Windows 11 2022 Update.

8 ways to improve the security of your personal data - GCITS Gold Coast

In 2022 we are online more than ever before, and many services that were previously done in person, such as banking, booking appointments and paying bills, are now completed through websites or mobile applications. As a result, the risk of cyber-attack has never been higher.
In the circumstances surrounding the Medibank and Optus hacks, there is not a lot that current and previous Optus customers could have done to prevent the exposure of their personal data. However, some steps can be taken to minimise the risk of exposing confidential data.

1. Use Antivirus Software

An often-overlooked step antivirus is an essential piece of software that can reduce malware attacks on your system. Once installed, you can let it run in the background, and it will automatically conduct malware scans and removal. Most antivirus can also offer several other features, including scanning removable devices such as USB drives, blocking spam websites and advertisements and detecting spyware.

While paid 3rd party antivirus software such as Bitdefender and McAfee can achieve the best results by activating and using Microsoft Security features, you can still get a fundamental level of protection. For Business, Microsoft 365 Defender is also a great choice to detect, manage and remove cyber security threats from your devices.

2. Protect your devices with strong passwords

It is good practice to password-protect your digital devices, including computers, tablets, and mobile devices, through strong, unique passwords. These devices can hold some of your most personal information as they now have access to everything from email accounts, social media accounts, banking apps, and an assortment of other information. If these devices fall into the wrong hands, a strong password will make it harder to access your device.

When creating your passwords, use a mix of symbols, numbers, and letters. Don’t use easy-to-guess passwords such as ‘123456’ or ’password’ or include information such as your birthdate or home address. This may sound like common knowledge, but research suggests that there is still a worrying amount of people using these easy-to-guess passwords. Make sure to use different passwords for different accounts. If you use the same password across multiple accounts and a hacker gains access to one account, it may compromise many others.

3. Set-up Two Factor Authentication on your Accounts

In addition to using strong passwords, two-factor authentication further improves your security. In a worst-case scenario, where your login details are compromised, a potential hacker will be blocked from accessing your data as they will still need to use an additional authentication method.

Many financial applications, online accounts and government logins now have two-factor authentication as standard or have the option to activate it. You can either get your authentication code via an app such as Google Authenticator, which creates time-based codes that renew every few seconds, gain a code via an email or get an SMS code directly to your mobile.

4. Learn to identify and avoid phishing scams

According to the ACCC (Australian Competition & Consumer Commission), Phishing scams are ‘attempts by scammers to trick you into giving out personal information such as your bank account numbers, passwords and credit card numbers.

These scams often pass off as legitimate businesses such as internet service providers, banks, or energy companies and try to gain your personal data by asking to confirm your details, login to your account or alert you to ‘unauthorised or suspicious activity on your account.’

As a rule, it is a good idea to never open emails from people you don’t know, and don’t download email attachments without knowing what they are. Never give out personal information when contacted by a business, bank or other entity and make sure your email spam filters detect phishing attempts.

Phishing scams may also appear as fraudulent websites, disguised to look the same as a legitimate website such as a bank, government agency or online shop. These are designed to gain your information, such as credit card information, login details, and personal addresses. Before you enter any personal data onto a website, be sure to check that it is legitimate. Signs of a legitimate website are an SSL certificate, a padlock icon, a green bar, or HTTPS at the beginning of the URL. Never enter personal information into a website accessed via a suspicious link from an email, SMS or social media message.

5. Setup alerts through your bank

Fraud alerts can be set up through your online bank account through emails, text messages or a phone call if your bank suspects suspicious activity may have occurred on your account.
Some banks, such as Commonwealth bank, also allow you to temporarily lock the use of credit cards if they have been lost to stop unauthorised use of your account. These measures have the ability not just to protect you against fraud but to save you money as well.

6. Follow the news to learn about data breaches.

As we have found in recent months, hackers don’t just target individuals. One of the ways your data can be compromised is when it is handled by a 3d party that becomes the target of a cyber-attack. Like the situation with Optus and Medibank, hackers will also try and often succeed in infiltrating businesses, government agencies, higher education institutions, health care facilities and any other organisations that gather personal or sensitive information.

When an organisation is subject to a data breach, they are legally required under the Privacy Act 1988 to notify affected individuals and the OAIC (Office of the Australian Information Commissioner). However, these situations can change rapidly, as seen with Medibank; initially, it was not known that personal medical history had been compromised. However, as the story developed, it was revealed that all customer personal data had been compromised. This is an example of why it is essential to keep informed about data breaches that may affect you, so you can be prepared to update or change any personal information or passwords asap.

To see the latest alerts, you can follow the ACSC (Australian Cyber Security Centre) on Facebook and Twitter, check out their alerts page on the website and sign up for email alerts.

7. Keep your devices and software updated.

Hackers will often try to exploit flaws in software and operating systems. They are looking for vulnerabilities they can use to insert malicious code. Microsoft and Apple regularly update operating systems with security patches, closing these vulnerabilities as they are found. Keeping your operating system and software up to date reduces how a hacker can access your device. As a best practice, updates should be applied within two weeks of release or 48 hours if a security exploit exists.

8. Use the GDPR (General Data Protection Regulation) to your advantage.

Many companies operating outside of Australian borders or with customers within the European Union must follow the GDPR. As a result, you may be able to get international companies such as Apple and Microsoft to delete your personal data based on this compliance. Be prepared for rejection however, as European Union laws do not apply to Australian Citizens, and companies can deny your request on this basis.

Not all security breaches can be prevented but taking steps to avoid violations and cyber-attacks can reduce the chances of them occurring and better protect your personal data in the long run, potentially saving you from the stressful or costly consequences of a cyber-attack.

 

At GCIT, we are specialists in providing Cyber Security services to numerous businesses across Queensland and New South Wales. Our Award-winning cybersecurity experts can take the stress out of IT Security and make sure your data is secure.

Contact GCIT to find out how we can help your Business protect against cyberattacks.

Microsoft 365 website - GCITS Gold Coast

Microsoft has recently announced that it will be changing the Microsoft Office software package and giving it a new name: Microsoft 365. According to the FAQs on the Official Microsoft website, several changes will be happening over the next few months. Office.com, the Office mobile app, and the Office app for Windows will be rebranded to Microsoft 365, with a new icon look and features to come.

These changes will begin rolling out for Office.com in November 2022 (next month), and the changes to the Office app on Windows and mobile with an update in January 2023. There will be no impact on any existing account, profile, subscriptions, or files you currently have with Microsoft Office. The apps will automatically update with the new icon and name from November.

As a part of Microsoft 365, customers will be able to continue to get access to apps such as Word, Excel, PowerPoint, and Outlook. Microsoft is also continuing to offer one-time purchases of those apps to consumers and businesses via Office 2021 and Office LTSC plans. There will also be no changes to Office 365 subscription plans.

This change has been a slow progression that started in 2020, with Microsoft rebranding some of its Office 365 plans to Microsoft 365. The new branding originally started as a subscription package for businesses with an enterprise Windows 10 and Office 365 bundle. Microsoft has since gradually moved all their office applications under the Microsoft 365 branding.

This rebranding is another example of Microsoft branching out and offering more services and applications that don’t fit strictly into the ‘Office’ branding, including providing cloud services, apps such as Clipchamp, and Microsoft Family Safety, with new changes to be expected in the future. Find out more about this change by visiting the new microsoft365.com website.

Medical Center Cyber Security

Medical Centres are a high-value target for cybercrime, and the impacts of a cyberattack on a Medical Centre can be catastrophic. In 2020, during the COVID-19 pandemic, the health sector reported the highest number of cyber-attacks outside the government and individuals.

While large, high-profile attacks can happen to large hospitals and health systems, solo and smaller practices can have a false sense of security that they are too small to target. Unfortunately, smaller practices are often the most vulnerable to cyber-attacks due to their lack of dedicated IT security expertise and access to sensitive data.

Australian health providers have an increased reliance on telehealth and internet-enabled services, making them an ideal target for financially motivated cybercriminals. These attacks generally involve phishing campaigns, business email compromises and ransomware – a form of malware designed to encrypt files and data that render systems and files unusable until a ransom is paid

The Australian Cyber Security Centre recommends the Essential Eight Framework to mitigate the risk of cyberattacks on Medical Centers.

What is the Essential Eight, and how does it apply to your medical centre?

The Essential Eight is a framework recommended by the Australian Cyber Security Centre to help organisations protect themselves against cyber-attacks. It’s designed to protect Microsoft Windows-based networks and systems, but you can apply its principles to several situations and devices. In addition, it includes several mitigation strategies to reduce the risk of cyber threats significantly. This makes it the ideal starting point for a Medical Practice as it outlines several steps you can incorporate into your organisation’s existing systems to improve their security and stability.

When implementing the Essential Eight, the first step is to determine the maturity level that you’re aiming for. There are four levels, Level Zero through to Level Three. A Maturity Level of Zero signifies that an organisation has weaknesses or holes in their cyber security strategy. Levels One through Three recommend security measures of increasing strength and complexity to improve an organization’s cybersecurity.

How to incorporate the Essential Eight into your medical practice

If your medical practice does not already employ the Essential Eight, we recommend starting with Level One. Below are the key components of this framework.

 

Application Whitelisting

Apply application control

Application Control prevents unauthorised applications from being installed or run on a company computer. It’s a zero-trust security approach designed to protect against malware and untrusted applications. For example, in a Medical Centre, this could involve allowing access to only your practice management software, such as Best Practice or Medical Director, and related tools.

A practical method of implementing application control is to use Windows Defender Application Control (WDAC). This tool is included in Microsoft 365 Business Premium, a component of all GCIT managed service plans.

 

Patch Applications

Patch applications

Patch management ensures all systems are up to date with available security patches in a timely manner. Patches are necessary to close vulnerabilities or bugs in your software. In a Medical Practice, this would involve updating programs such as Best Practice & Medical Director with the latest updates.

Practice Management Software like Best Practice and Medical Director will deliver communications when updates are available. However, it’s the responsibility of the Practice Manager or IT Service Provider to ensure these are applied promptly. Patches and updates should be applied within two weeks of release or 48 hours if a security exploit exists.

 

Keyboard Macros

Configure Microsoft Office macro settings

Microsoft Office applications can create and execute macros to automate routine tasks. A macro is a sequence of automated actions that can replace mouse clicks and keystrokes to complete complex tasks. While these can be helpful tools, macros can also contain malicious code used by attackers to run harmful code or download malware.
We can manage the risks of Office macros using Attack Surface Reduction Rules in Microsoft Defender for Business, another Microsoft 365 Business Premium component.

 

Application Hardening

User application hardening

Application Hardening involves reducing vulnerabilities in the applications your company uses. In the context of the Essential Eight’s Level One maturity model, Application hardening refers to security settings in the web browser. Specifically:

  • Web browsers do not process Java from the internet.
  • Web browsers do not process web advertisements from the internet.
  • Internet Explorer 11 does not process content from the internet.
  • Web browser security settings cannot be changed by users.

These settings can be implemented using Security Baselines in Microsoft Intune, another inclusion in Microsoft 365 Business Premium.

 

Patch Operating Systems

Patch operating systems

A patch is a security update that fixes vulnerabilities. Similar to Application Patching, timely Operating System patching ensures your operating system has all current security updates installed.
Patches need to be consistently monitored to ensure systems are up to date. Security updates can be deployed per workstation using Microsoft Update settings. However, your IT provider can also manage them with a Remote Monitoring & Management (RMM) tool. Like many IT service providers, GCIT offers services to control Operation System patching through our RMM tool.

 

Restrict Admin Privileges

Restrict administrative privileges

Administrative Privileges allow a user to create, delete and modify files, settings, programs and other user accounts. A user with administrative privileges can significantly change an IT environment’s configuration and security posture. Administrative rights also allow users to elevate their operations and access sensitive information. Without restrictions on user accounts, malware and malicious code can cause much more damage, especially if the user that triggered it is an admin.

Restricting admin privileges also creates a more stable and predictable workspace, as fewer users can make significant changes to the environment. Your IT Provider should regularly audit your environment’s permissions through consistent access reviews. They should also take a principle of least privilege approach with just-in-time access, ensuring users have the least privileges possible to perform administrative tasks – for only the time they need.

 

Multi-Factor Authentication

Implement multi-factor authentication

When a user logs in to an account, multi-factor authentication requires multiple forms of authentication to prove their identity. This may come in the form of a password plus a generated code sent via SMS, email or authenticator app, or a secondary device that is already logged in and may need to approve access. An example is Apple’s multi-factor authentication which allows users to sign into their accounts using a password and then approve this action on an authorised apple device such as an iPhone.

Multi-factor authentication is one of the most effective security measures a Medical Practice can implement. When implemented securely, it can make stealing credentials that can cause further malicious activities considerably more difficult. Microsoft reports that Multi-factor authentication prevents 99.9% of identity-based cyberattacks. This effectiveness, combined with its ease of use, makes multi-factor authentication a vital first line of defence for any organisation.

 

Regular Data Backup

Create regular backups

Medical Centres need to ensure they back up business-critical information. This isn’t just for quick recovery in the event of a disaster; it’s also a requirement for general practices to achieve accreditation from the Royal Australian College of General Practitioners (RACGP).

Backup is the process of copying files or databases to ensure their preservation in the event of equipment failure, security and cyber breaches or other disasters. For a general practice to achieve accreditation, they must check their backup system at regular intervals – this includes testing its ability to recover data. The loss of critical data can impose a high financial and operational cost on your practice, so having a business continuity plan that includes a reliable and frequently tested backup procedure is vital.

Conclusion

Protecting your medical centre from cyberattacks is one of the most important steps to improve your business’s stability, improve patient trust, and ensure continued operations. However, it’s important to note that the steps outlined above cannot entirely remove the threat of a cyberattack. Still, they can mitigate the risk and hopefully decrease any attack’s severity and long-lasting impacts.

At GCIT, we are specialists in providing Cyber Security services to numerous businesses across Queensland and New South Wales, including many medical centres. Our Award-winning cybersecurity experts can take the stress out of IT Security and make sure your data is secure.

Contact GCIT to find out how we can help your Medical Practice protect against cyberattacks.

.au domain change

What is the new .au domain?

The .com.au country-specific web address has been in use for over 30 years. Like similar country codes such as .uk, it allows web users to identify Australian businesses and commercial entities quickly. In March of this year, .au Domain Administration Limited (auDA) launched a new shorter domain – .au.

The .au direct name is a general-purpose domain open for anyone with a verifiable connection to Australia who wishes to create or manage an online presence.

Unlike .com.au, which requires an ABN or ACN to verify that you are an Australian business to register, a .au domain does not have this requirement, opening it up to the Australian general public. If you currently own a domain name in any other .au namespace, you have priority registration to the .au direct equivalent of your existing domain until 20 September 2022.

What happens if I don’t register my organization’s .au domain before the cut-off date?

If you don’t request a .au domain via priority allocation by 20 September, the domain will become available for registration by the general public on 3 October. After this date, anyone that meets the requirements of registering a .au domain will be able to register one, regardless of whether a .com.au or .net.au equivalent already exists.

What does this mean for my business?

While this new domain offers businesses, organisations, and individuals opportunities to rebrand, extend or change their online presence, it can also pose a significant risk. Cybercriminals can also use this as an opportunity to commit fraudulent activity against your business. By registering your business’ .au name, a cybercriminal could impersonate your organisation by creating a fake online presence. This could include creating a copy of your website or using the .au domain to send phishing emails under your company’s name.

What steps should I take to protect my business or organisation?

While these changes will not inherently cause issues, you can take some steps to protect your organisation. The ACSC recommends that all Australian businesses, organisations, and individuals take advantage of the priority allocation process to register the .au direct equivalents of the existing domain names.

It is common practice for businesses to register the same names across multiple domains, for instance, gcit.com.au and gcit.net.au. When the .au direct namespace domain launched on 24 March this year, the Priority Allocation Process was created. This process allows existing registrants in the .au registry the first opportunity to apply for the .au direct match of their existing domain name/s. To qualify for priority access, you must have registered the domain name before the launch of the new .au domain.

How do I register for a Priority Allocation for a .au namespace domain?

To register the .au direct match of your existing domain name, you must apply for priority status by 20 September 2022 (23:59 UTC 20 September / 9:59 AM AEST 21 September). You can do this either through your current registrar or another accredited registrar. If you use a new registrar, you will need to retrieve a priority token from the Priority ID Token tool. This token enables a registrar to confirm that you are the owner of the matching existing domain name.

What can I do with the new domain once I have registered it?

If you have an existing web presence, one of the easiest things you can do is to create a redirect from the .au domain to your existing website. A redirect ensures that anyone searching for your business will find the correct site regardless of whether they use .au or.com.au. Of course, many businesses already do this with .net.au and .com addresses.

Another option is moving your website to the .au domain and redirecting your current .com.au address. Ultimately the web address you choose for your business will depend on the needs of your business.

To learn more about the new .au domain, visit auDA, the administrator of Australian .au domains.

Many companies are allowing staff to work from home and remote indefinitely, raising questions about how they can protect work data on personal or uncontrolled devices.

As IT experts for working remote Gold Coast IT Support offer the following information to help.

Because we can lose company data in a variety of ways across different devices, we need to apply a variety of protection measures. Let’s take a look at the features in Microsoft 365 that can allow companies to protect their data while users are working remotely.

Use Mobile Application Management

Despite the name, mobile application management doesn’t just apply to mobile devices, it can also protect Windows 10 devices. Mobile Application Management policies can protect company data on both managed and unmanaged devices.

It works by applying protections to the apps your teams use to access company data, like Outlook, Teams, OneDrive and SharePoint.

You can enforce restrictions on these apps to prevent data being saved, cut, copied or pasted.

Mobile Application Management Prevent Copy Paste

You can also require a PIN when the app starts or block the app from running on a jailbroken phone or tablet.

Mobile Application Management Pin Code

This feature can be used to selectively wipe company data from a users device, without affecting their personal files. This is handy for organisations where staff use their personal computers and mobile devices to access company information remotely.

Mobile Application Management Wipe Device

Set up conditional access policies

We can use Conditional Access to enforce restrictions on non-compliant or unmanaged devices. Such as blocking access entirely, or preventing particular actions like stopping users from saving attachments in Outlook on the web or syncing files to OneDrive

We can apply these protections in other ways to apps like OneDrive and SharePoint. Preventing users from syncing data to their personal devices by either blocking access or only allowing limited web only access

SharePoint Prevent Access From Unmanaged Device

Expert IT advice for working remotely

Use Cloud App Security to protect data on third-party apps

These protections don’t just relate to Microsoft 365 apps like OneDrive, SharePoint and Outlook; we can use Microsoft Cloud App Security to apply additional protections to apps like Dropbox Business too. Applying protection to a third-party app like Dropbox Business can prevent users from downloading your company data to unmanaged devices.

Control Dropbox Access Unmanaged Device

Apps like Dropbox Business also provide their own security measures, allowing you to block access and wipe company data when a device next comes online.Wipe Dropbox Device Remotely

Configure idle session time outs

To lessen the likelihood of the wrong people accessing company information on a shared device, we can configure idle session time outs. These will sign users out after a period of inactivity, just like your bank does.

Enable SharePoint Idle Session Timeout

Get alerts on suspicious activities

Cloud App Security includes built-in alerts that trigger on potentially suspicious activities. We can use these to get notified about things like mass deletions, mass downloads and unusual volumes of external sharing

Enable Cloud App Security Alerts

Protect sensitive data with Data Loss Prevention

We can use data loss prevention to restrict or impose conditions on the sharing of sensitive information. These policies can trigger on certain keywords like project names or sensitive information types like credit card numbers, driver’s license details or tax file information. Once a file containing this info is detected, it can display a warning, be blocked from being sent or have encryption applied.

Use Data Loss Prevention

Using Cloud App Security, we can apply additional data loss prevention measures to third party apps like Box and Dropbox Business

Use Sensitivity Labels

But what happens if this all fails, and someone downloads company data to a personal, unmanaged device. To protect against this, we can apply sensitivity labels. These labels define how sensitive a particular piece of content is and in turn can enforce protections on our data. What’s more, these protections apply no matter where it ends up. These baked-in protections can limit who can access the file and what they can do with it. Preventing the wrong people from opening, copying, saving, forwarding or printing sensitive documents or emails.

Protect Data With Sensitivity Labels

In many cases, these protections can be applied automatically by scanning for those same keywords and sensitive information types that data loss prevention uses.

Automatically Classify Content With Sensitivity Labels

As you can probably tell by now, there’s a lot you can do to protect your sensitive data when people are working from home. If you need help with any of this, reach out to us below.

  • This field is for validation purposes and should be left unchanged.

 

Org-Wide Teams in Microsoft Teams let you create a single Microsoft Team that includes all internal users in your organisation. However, Microsoft recommends that you make some changes to the team’s settings to cut down on excess noise and notifications.

What is an Org-Wide Microsoft Team?

An Org-Wide team in Microsoft Teams is just a team that includes everybody in your organisation. Its member list will automatically update as users come and go, and while it currently supports up to 1000 users, there are plans to increase this limit.

How do you create an Org-Wide Microsoft Team?

Creating an org-wide team is quite simple, just choose the Org-Wide team option from the drop-down when creating a new team at https://teams.microsoft.com

Create An Org Wide Microsoft Team

What are some best practices for Org-Wide Microsoft Teams?

If you have a lot of users in your organisation, these types of teams could quickly become very noisy and distracting.

To reduce excess notifications and noise, Microsoft have some best practice recommendations.

Only let team owners post on the General channel

  1. You do this under Manage teamManaging A Microsoft Team
  2. Click Settings, then Member permissions, then select Only owners can post messages.Microsoft Teams Only Owners Can Post In Org Wide Teams General Channel

Disable @mentions for the whole team

You’ll probably want to disable @mentions for the whole team, since that can send a notification to up to a thousand people at once.

  1. You can do this do this under Settings, @mentions, Show members the option to @team or @[team name].

Dont Allow @Mentions In Org Wide Microsoft Teams

 

Automatically favorite important channels

Switch to the channels tab and tick Auto-favorite on the channels you would like to show up by default.

Auto-favourite Microsoft Teams Channels

Also note that while the video above states that the feature is still in development, it has since been marked as launched.