In recent times, attacks on Microsoft 365 accounts with enabled MFA have become more frequent and successful. Unfortunately, users often remain unaware that their accounts have been compromised.

Watch our short video on how the attack works, and what we’re doing to stop it.

Traditional Phishing Methods

Historically, attackers would create fake login screens to deceive users into entering their credentials. If MFA was enabled, this often thwarted the attack, as the second authentication step (like a mobile app or SMS code) acted as a barrier.

Microsoft reported that 99.9% of these identity-based attacks were thwarted by MFA, and started requiring it as part of their Security Defaults rollout, leading to widespread adoption among Microsoft 365 tenants.

Rise of New Attack Methods

EvilGinx GCIT Securing Microsoft 365 Against MFA Attacks

Recently, open source tools like Evilginx have emerged, enabling attackers to steal authenticated session cookies. Attackers craft convincing phishing emails with fake login URLs that closely mimic legitimate sites. Unsuspecting users, seeing what appears to be a familiar login screen, enter their credentials and complete MFA, unknowingly handing over their session cookies to attackers.

With stolen session cookies, attackers gain full access to victims’ Microsoft 365 accounts, including emails, files, and sensitive company data. This access allows them to impersonate users effortlessly.

Current Countermeasures

Clarion – First Line of Defense

Clarion Identifies Potential Phishing Attacks in Microsoft 365

To combat evolving threats, our team employs Clarion, an open-source tool designed to detect phishing attempts. It warns users when they land on a suspicious login page, preventing them from entering their credentials.

24×7 Security Operations Center (SOC) Monitoring

Recognizing that 90% of attacks occur outside regular business hours, our SOC ensures immediate response and mitigation, even over weekends.

Enhanced Phishing Protection

Utilising advanced AI mail filtering tools, we intercept and prevent malicious emails from reaching users’ inboxes, minimizing the risk of phishing attacks.

Country-Based Restrictions

Previously, we were blocking a list of high-risk countries and enforcing MFA on all other login attempts. Moving from a high-risk country block list to an allow list model ensures that access attempts from unauthorized countries are automatically blocked, reducing exposure to external threats.

Stricter VPN Authentication

Implementing upgraded security measures for VPN access ensures that only authenticated and authorized users can connect, mitigating the risk of attackers using VPNs to bypass country restrictions.

Security Awareness Training

Regular online training sessions educate staff on identifying and avoiding phishing attempts, empowering them to be the first line of defense against cyber threats.

Ongoing Phishing Simulations

Regular phishing simulations test users’ ability to recognize and avoid phishing emails, reinforcing security awareness throughout the organization.

Advanced Security Options

For organisations requiring higher security standards, we offer passkey implementation, hardware key authentication and a zero-trust security model. Contact us to discuss tailored security solutions.

Conclusion

Protecting your Microsoft 365 environment against sophisticated attacks requires proactive measures and continuous adaptation to emerging threats. By implementing robust security strategies and educating your team, you can significantly reduce the risk of account breaches and data loss.

For more information on securing your Microsoft 365 environment, please contact us at 1300 369 111 or info@gcit.com.au.

While there are many things you can do to prevent and prepare for them, Cyber-attacks may seem unavoidable.

Making sure you have a Cyber Security Strategy in place can help reduce the risk and severity of breaches and help you navigate the fallout after an attack occurs.

What To Do Before a Cyber Breach

If anything, the recent string of data breaches and hacks has shown that no business is safe from cyber-attacks. However, having a Cyber Security strategy can go a long way in increasing your company’s preparedness.

One of the best starting points for your cyber security strategy is to follow the Australian Cyber Security Centre’s Essential Eight. According to the ACSC:

“While no set of mitigation strategies is guaranteed to protect against all cyber threats, organisations are recommended to implement eight essential mitigation strategies. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems.”

You can read more about how to implement this framework via our article why the Essential Eight is vital for your business or by referring to the ACSC’s Essential Eight guidelines.

Every business needs cyber security protection, especially those dealing with sensitive personal data. Some companies may also need to consider the need for cyber security insurance, also known as cyber liability insurance or cyber insurance.

Signs That You May Have Had a Cyber Attack or Breach

A cyber-attack or leak can happen anytime and involves attempts to steal or destroy data, money, or intellectual property or disrupt and cause system outages.

Some of the signs of a potential cyber security incident include the following:

  • Unauthorised access to a system or attempts to access a system
  • Emails with suspicious attachments or links
  • Questionable network or system activity
  • Suspected tampering of electronic and computer devices

Shortly after a cyber security incident, you may experience unusual activity on your systems, including:

  • Data is missing or appears altered.
  • Noticeably increased start-up times of computer hardware or starting up incorrectly
  • Computer systems are running slower than usual
  • Frequent crashes of computers on previously working devices
  • Company email accounts sending spam to contacts
  • Your internet browser automatically directs you to unsafe or suspicious websites
  • Computer hardware running low on storage space, where they were no issues previously
  • Being unable to access system and network accounts

If these issues occur, immediately contact your IT provider or Managed Service Provider (MSP) and enact your cybersecurity incident response plan.

After A Breach

Sometimes breaches happen. No cyber security plan is entirely impassable, but your response to a leak or hack will have significant ramifications for the future of your business and your customers.

Therefore, a company should have a cybersecurity incident response plan (CIRP).

A well-designed CIRP helps you mount an effective and swift response to cyber incidents. The following steps will help get your business up and running as quickly as possible.

Limit Damage

Limiting the damage wherever possible is essential if you suspect a cybersecurity incident has occurred.

First, turn off all computers and disconnect them entirely from the internet and wall power. This removes the chance for a hacker to continue accessing your devices or spreading the attack across your network.

At this point, it’s important not to connect any backup systems or portable devices, such as laptops, to your network as you want to keep the integrity of your backups to prevent data loss and decrease the chance of spreading the cyber-attack.

Enact Your Cyber Security Incident Response Plan (CIRP) and Seek Help

Your business should have a cyber security incident response plan as outlined above. Now is the time to use it. Ensure all staff members know their responsibilities and the tasks they must perform. If your business still needs a CIRP, contact your managed service provider (MSP) or contact us for help.

One of the best resources for Australian Businesses is the Australian Cyber Security Centre (ACCC). Their website provides guidance to help businesses identify cyber-attacks and incidents – and for immediate assistance, you can call the Australia Cyber Security Hotline: 1300 Cyber1 (1300 292 371).

Contact your IT provider or MSP so they can identify the cause of the cybersecurity incident and can limit the damage caused. In many cases, your MSP can contain and eliminate the threat and repair and restore your crucial business systems.

Make sure to consider the best way to contact your MSP as attackers may have already compromised methods such as email; instead, phone them directly via their support line.

At GCIT, our clients can contact us directly via 1300 369 111.

Report the Cyber Security Incident to the Authorities

Another consideration is whether you need to contact the police, the Office of the Australian Information Commissioner (OAIC) or your insurance company if you have cyber security or business insurance.

A Cyber Security incident can result in a data breach, and personal information can be compromised. In such an event, you may have an obligation to notify authorities, including the OAIC and the Australian police.

The Australian Cyber Security Centre (ACSC) also have a tool called ReportCyber for reporting cybersecurity incidents. Reporting assists the ACSC in developing advice, techniques, and capability to respond to and prevent cyber-attacks and threats.

It is vitally important to report any instances of cyber attacks resulting in data breaches. Per the Privacy Act 1988, notifications to the OAIC must be made within 30 days or as soon as practicable.

Entities responsible for certain critical infrastructure assets are now obligated to notify the Australian Cyber Security Centre (ACSC) of the cyber security incident within strict timeframes, as little as 12 hours for highly critical incidents.

This reduced time frame is due to amendments made to the Security of Critical Infrastructure Act 2018 (Cth) (SoCl Act) on the 8th of July, 2022.

To learn more about these changes, HWL Ebsworth Lawyers wrote a great article describing how this effect businesses and to whom it applies.

Investigate the Breach

Once the cyber-attack has been contained and all affected devices are quarantined, it’s essential to identify how exactly the breach occurred and what the damage is. To do this, you may employ the skills of a forensic IT specialist who investigates the causes and effects of the cyber security event.

This is important for three reasons:

  1. It allows you to identify what occurred and the scope of the breach.
  2. It enables you to formulate an effective plan to respond to the cyber security event, and it will determine the gaps and vulnerabilities in your company’s cyber security.
  3. It’ll allow you to perform fixes so the same occurrence doesn’t happen again.

Notify Customers and Clients

After your team members are informed, and you have alerted the relevant authorises about the cyber-attack, it is time to notify your customers or clients. If the cyber security breach falls under the Privacy Act (1988), you must promptly notify the individual at likely risk of serious harm.

In addition, under the Notifiable Data Breach (NDB) scheme, you must inform the affected individuals and the OAIC when an eligible data breach occurs.

According to the OAIC, an eligible data breach occurs when:

  • There is unauthorised access to or unauthorised disclosure of personal information or a loss of personal data that an organisation or agency holds
  • This is likely to result in serious harm to one or more individuals, and
  • The organisation or agency hasn’t been able to prevent the likely risk of serious harm with remedial action.

This notification to individuals must include recommendations about the steps they should take in response to the data breach.

When communicating with customers and clients, it is vital to be transparent and open about how the data breach affects them and what you are doing to improve the situation.

Some Key Things to Communicate Are:

  • When did the breach happen, and why?
  • What systems/services have been affected?
  • What steps are you taking to resolve the situation?
  • Is the breach ongoing, and can you say when you will fix it?
  • Who can customers contact if they have questions or concerns?

Depending on the extent of the data breach or cyber-attack, it may be worth hiring a public relations firm for the duration of the incident. This can help improve communication between you and your customers.

Restore and Recover Data and Systems

Once the breach has been isolated and eradicated from your systems, recovering and restoring your IT systems, networks, and devices can begin. Many organisations will have a business continuity plan or disaster recovery plan.

This plan details how your company will ensure its ability to continue providing services to your customers or continue operations.

However, even if no plan was implemented, this process should include restoring systems to normal operations, monitoring to confirm that any previously affected systems are operating normally, and making plans to remediate vulnerabilities to prevent similar incidents.

Evaluate and Improve

When the cyber security incident is resolved, it’s essential to reflect on the actions that occurred and improve your cyber security in the future using the information gained during the event.

This will not only strengthen your defensive capabilities into the future but strengthening your cyber security can also improve your standing when it is time to renew your Cyber Security Insurance.

Some Considerations when Creating a Cyber Incident Response Plan

Below are some tips for creating an effective CIRP:

  • Keep a hard copy of your response plan and include important contacts such as your MSP, Insurance provider and the Australian Cyber Security Centre. During a cyber-attack, you may be unable to rely on Digital copies.
  • Prepare and train your staff to respond when a cyber security incident occurs. Ensuring staff act quickly to an incident is integral to preventing or reducing data losses and breaches.
  • Educate employees on identifying a cyber event and provide training on preventative measures such as the Essential Eight for your staff to decrease your risk.

 

At GCIT, we specialise in providing Cyber Security peace of mind to our clients using best practice security measures and customised support.

Our services help industry-specific occupations utilise the best security practices without interfering with your business’s daily operations or productivity.

To find out how GCIT can help your business contact us at 1300 369 111.

Cyber Security incidents can have a detrimental impact on Australian businesses. With the increased reliance on internet-enabled services, companies are more vulnerable than ever. This has made them ideal targets for financially motivated cybercriminals with the issue  being compounded, as many small businesses need more resources or time to create a comprehensive cybersecurity plan.

In the last twelve months, there has been an increase in the number and sophistication of cyber threats in Australia. The Australian Cyber Security Centre (ACSC) received over 76,000 cybercrime reports over the 2021-2022 financial year, an increase of nearly 13% from the previous year. For small businesses, the cost has also increased, costing on average over $39,000 per cybercrime reported. The cost of a cyber incident is not just monetary. It can cause irreparable damage to your consumer trust and compromise customer, business, and employee data.

For small and medium-sized businesses, it is essential to have cyber security mitigation strategies to help decrease the instances and impact of cyber incidents. The Australian Cyber Security Centre recommends the Essential Eight Framework to mitigate the risk of cyberattacks on Businesses.

What is the Essential Eight?

The Essential Eight is a framework recommended by the Australian Cyber Security Centre to help organisations protect themselves against cyber-attacks. It is designed to protect Microsoft Windows-based networks and systems. However, its principles can be applied to several situations and devices. In addition, it includes several mitigation strategies to reduce the risk of cyber threats significantly. This makes it the ideal starting point for many small and medium-sized businesses. The Essential Eight outlines several steps you can incorporate into your organisation’s existing systems to improve security and stability.

When implementing the Essential Eight, the first step is determining the maturity level you need. There are four levels, Level Zero through to Level Three. A Maturity Level of Zero signifies that an organisation has weaknesses or holes in their cyber security strategy. Grades One through Three recommend security measures of increasing strength and complexity to improve an organisation’s cybersecurity.

How to incorporate the Essential Eight into your business

If your business does not employ the Essential Eight, we recommend starting with Level One. Below are the critical components of this framework.

Application Whitelisting

Apply application control

Application Control prevents unauthorised applications from being installed or run on a company computer. It’s a zero-trust security approach designed to protect against malware and untrusted applications. For example, in a Medical Centre, this could involve allowing access to only your practice management software, such as Best Practice or Medical Director, and related tools.

A practical method of implementing application control is to use Windows Defender Application Control (WDAC). This tool is included in Microsoft 365 Business Premium, a component of all GCIT-managed service plans.

Patch Applications

Patch applications

Patch management ensures that all systems are up to date with available security patches promptly. Patches are necessary to close vulnerabilities or bugs in your software. This would involve updating programs such as Microsoft 365 with the latest updates.

Most business-specific software will deliver communications when updates are available. However, it’s the responsibility of the Business owner or IT Service Provider to ensure these are applied promptly. Patches and updates should be applied within two weeks of release or within 48 hours if a security exploit exists.

Keyboard Macros

Configure Microsoft Office macro settings

Microsoft Office applications can create and execute macros to automate routine tasks. A macro is a sequence of automated actions that can replace mouse clicks and keystrokes to complete complex tasks. While these can be helpful tools, macros can also contain malicious code used by attackers to run harmful code or download malware.

We can manage the risks of Office macros using Attack Surface Reduction Rules in Microsoft Defender for Business, a Microsoft 365 Business Premium component.

Application Hardening

User application hardening

Application Hardening involves reducing vulnerabilities in the applications your company uses. In the context of the Essential Eight’s Level One maturity model, Application hardening refers to security settings in the web browser. Specifically:

  • Web browsers do not process Java from the internet.
  • Web browsers do not process web advertisements from the internet.
  • Internet Explorer 11 does not process content from the internet.
  • Users cannot change web browser security settings.

These settings can be implemented using Security Baselines in Microsoft Intune, another inclusion in Microsoft 365 Business Premium.

Patch Operating Systems

Patch operating systems

A patch is a security update that fixes vulnerabilities. Like Application Patching, timely Operating System patching ensures your operating system has all current security updates installed.

Patches need to be constantly monitored to ensure systems are up to date. Security updates can be deployed per workstation using Microsoft Update settings. However, your IT provider can also manage them with a Remote Monitoring & Management (RMM) tool. Like many IT service providers, GCIT offers services to control Operation System patching through our RMM tool.

Restrict Admin Privileges

Restrict administrative privileges

Administrative Privileges allow a user to create, delete and modify files, settings, programs and other user accounts. A user with administrative privileges can significantly change an IT environment’s configuration and security posture. Administrative rights also allow users to elevate their operations and access sensitive information. Without restrictions on user accounts, malware and malicious code can cause much more damage, especially if the user that triggered it is an admin.

Restricting admin privileges also creates a more stable and predictable workspace, as fewer users can make significant environmental changes. Your IT Provider should regularly audit your environment’s permissions through consistent access reviews. They should also use the just-in-time access approach, ensuring users have the least possible privileges to perform administrative tasks for only the needed time.

Multi-Factor Authentication

Implement multi-factor authentication

When a user logs in to an account, multi-factor authentication requires multiple forms of authentication to prove their identity. This may come in the form of a password plus a generated code sent via SMS, email or authenticator app, or a secondary device that is already logged in and may need to approve access. An example is Apple’s multi-factor authentication which allows users to sign into their accounts using a password. They can then approve this action on an authorised apple device such as an iPhone.

Multi-factor authentication is one of the most effective security measures a business can implement. When implemented correctly, it can make stealing credentials that can cause further malicious activities considerably more difficult. Microsoft reports that multi-factor authentication prevents 99.9% of identity-based cyberattacks. This effectiveness, combined with its ease of use, makes multi-factor authentication a vital first line of defence for any organisation.

Regular Data Backup

Create regular backups

Businesses need to ensure they back up business-critical information. Backups are not just for quick recovery in the event of a disaster but can also be an operational requirement for some industries. For instance, general practices require it to achieve accreditation from the Royal Australian College of General Practitioners (RACGP).

Backup is the process of copying files or databases to ensure their preservation in the event of equipment failure, security and cyber breaches or other disasters. Businesses should check their backup system regularly, including testing its ability to recover data. The loss of critical data can impose a high financial and operational cost on your business. However, having a business continuity plan with a reliable and frequently tested backup procedure can mitigate some of these effects.

Conclusion

Protecting your business from cyberattacks is one of the most important steps to improve your business’s stability, improve customer trust, and ensure continued operations. However, it’s important to note that the steps outlined above cannot entirely remove the threat of a cyberattack. Still, they can mitigate the risk and hopefully decrease any attack’s severity and long-lasting impacts.

At GCIT, we are specialists in providing Cyber Security services to numerous businesses across Queensland and New South Wales. Our Award-winning cybersecurity experts can take the stress out of IT Security and make sure your data is secure.

Contact GCIT to find out how we can help your business or organisation protect against cyberattacks.

8 ways to improve the security of your personal data - GCITS Gold Coast

In 2022 we are online more than ever before, and many services that were previously done in person, such as banking, booking appointments and paying bills, are now completed through websites or mobile applications. As a result, the risk of cyber-attack has never been higher.
In the circumstances surrounding the Medibank and Optus hacks, there is not a lot that current and previous Optus customers could have done to prevent the exposure of their personal data. However, some steps can be taken to minimise the risk of exposing confidential data.

1. Use Antivirus Software

An often-overlooked step antivirus is an essential piece of software that can reduce malware attacks on your system. Once installed, you can let it run in the background, and it will automatically conduct malware scans and removal. Most antivirus can also offer several other features, including scanning removable devices such as USB drives, blocking spam websites and advertisements and detecting spyware.

While paid 3rd party antivirus software such as Bitdefender and McAfee can achieve the best results by activating and using Microsoft Security features, you can still get a fundamental level of protection. For Business, Microsoft 365 Defender is also a great choice to detect, manage and remove cyber security threats from your devices.

2. Protect your devices with strong passwords

It is good practice to password-protect your digital devices, including computers, tablets, and mobile devices, through strong, unique passwords. These devices can hold some of your most personal information as they now have access to everything from email accounts, social media accounts, banking apps, and an assortment of other information. If these devices fall into the wrong hands, a strong password will make it harder to access your device.

When creating your passwords, use a mix of symbols, numbers, and letters. Don’t use easy-to-guess passwords such as ‘123456’ or ’password’ or include information such as your birthdate or home address. This may sound like common knowledge, but research suggests that there is still a worrying amount of people using these easy-to-guess passwords. Make sure to use different passwords for different accounts. If you use the same password across multiple accounts and a hacker gains access to one account, it may compromise many others.

3. Set-up Two Factor Authentication on your Accounts

In addition to using strong passwords, two-factor authentication further improves your security. In a worst-case scenario, where your login details are compromised, a potential hacker will be blocked from accessing your data as they will still need to use an additional authentication method.

Many financial applications, online accounts and government logins now have two-factor authentication as standard or have the option to activate it. You can either get your authentication code via an app such as Google Authenticator, which creates time-based codes that renew every few seconds, gain a code via an email or get an SMS code directly to your mobile.

4. Learn to identify and avoid phishing scams

According to the ACCC (Australian Competition & Consumer Commission), Phishing scams are ‘attempts by scammers to trick you into giving out personal information such as your bank account numbers, passwords and credit card numbers.

These scams often pass off as legitimate businesses such as internet service providers, banks, or energy companies and try to gain your personal data by asking to confirm your details, login to your account or alert you to ‘unauthorised or suspicious activity on your account.’

As a rule, it is a good idea to never open emails from people you don’t know, and don’t download email attachments without knowing what they are. Never give out personal information when contacted by a business, bank or other entity and make sure your email spam filters detect phishing attempts.

Phishing scams may also appear as fraudulent websites, disguised to look the same as a legitimate website such as a bank, government agency or online shop. These are designed to gain your information, such as credit card information, login details, and personal addresses. Before you enter any personal data onto a website, be sure to check that it is legitimate. Signs of a legitimate website are an SSL certificate, a padlock icon, a green bar, or HTTPS at the beginning of the URL. Never enter personal information into a website accessed via a suspicious link from an email, SMS or social media message.

5. Setup alerts through your bank

Fraud alerts can be set up through your online bank account through emails, text messages or a phone call if your bank suspects suspicious activity may have occurred on your account.
Some banks, such as Commonwealth bank, also allow you to temporarily lock the use of credit cards if they have been lost to stop unauthorised use of your account. These measures have the ability not just to protect you against fraud but to save you money as well.

6. Follow the news to learn about data breaches.

As we have found in recent months, hackers don’t just target individuals. One of the ways your data can be compromised is when it is handled by a 3d party that becomes the target of a cyber-attack. Like the situation with Optus and Medibank, hackers will also try and often succeed in infiltrating businesses, government agencies, higher education institutions, health care facilities and any other organisations that gather personal or sensitive information.

When an organisation is subject to a data breach, they are legally required under the Privacy Act 1988 to notify affected individuals and the OAIC (Office of the Australian Information Commissioner). However, these situations can change rapidly, as seen with Medibank; initially, it was not known that personal medical history had been compromised. However, as the story developed, it was revealed that all customer personal data had been compromised. This is an example of why it is essential to keep informed about data breaches that may affect you, so you can be prepared to update or change any personal information or passwords asap.

To see the latest alerts, you can follow the ACSC (Australian Cyber Security Centre) on Facebook and Twitter, check out their alerts page on the website and sign up for email alerts.

7. Keep your devices and software updated.

Hackers will often try to exploit flaws in software and operating systems. They are looking for vulnerabilities they can use to insert malicious code. Microsoft and Apple regularly update operating systems with security patches, closing these vulnerabilities as they are found. Keeping your operating system and software up to date reduces how a hacker can access your device. As a best practice, updates should be applied within two weeks of release or 48 hours if a security exploit exists.

8. Use the GDPR (General Data Protection Regulation) to your advantage.

Many companies operating outside of Australian borders or with customers within the European Union must follow the GDPR. As a result, you may be able to get international companies such as Apple and Microsoft to delete your personal data based on this compliance. Be prepared for rejection however, as European Union laws do not apply to Australian Citizens, and companies can deny your request on this basis.

Not all security breaches can be prevented but taking steps to avoid violations and cyber-attacks can reduce the chances of them occurring and better protect your personal data in the long run, potentially saving you from the stressful or costly consequences of a cyber-attack.

 

At GCIT, we are specialists in providing Cyber Security services to numerous businesses across Queensland and New South Wales. Our Award-winning cybersecurity experts can take the stress out of IT Security and make sure your data is secure.

Contact GCIT to find out how we can help your Business protect against cyberattacks.

Medical Center Cyber Security

Medical Centres are a high-value target for cybercrime, and the impacts of a cyberattack on a Medical Centre can be catastrophic. In 2020, during the COVID-19 pandemic, the health sector reported the highest number of cyber-attacks outside the government and individuals.

While large, high-profile attacks can happen to large hospitals and health systems, solo and smaller practices can have a false sense of security that they are too small to target. Unfortunately, smaller practices are often the most vulnerable to cyber-attacks due to their lack of dedicated IT security expertise and access to sensitive data.

Australian health providers have an increased reliance on telehealth and internet-enabled services, making them an ideal target for financially motivated cybercriminals. These attacks generally involve phishing campaigns, business email compromises and ransomware – a form of malware designed to encrypt files and data that render systems and files unusable until a ransom is paid

The Australian Cyber Security Centre recommends the Essential Eight Framework to mitigate the risk of cyberattacks on Medical Centers.

What is the Essential Eight, and how does it apply to your medical centre?

The Essential Eight is a framework recommended by the Australian Cyber Security Centre to help organisations protect themselves against cyber-attacks. It’s designed to protect Microsoft Windows-based networks and systems, but you can apply its principles to several situations and devices. In addition, it includes several mitigation strategies to reduce the risk of cyber threats significantly. This makes it the ideal starting point for a Medical Practice as it outlines several steps you can incorporate into your organisation’s existing systems to improve their security and stability.

When implementing the Essential Eight, the first step is to determine the maturity level that you’re aiming for. There are four levels, Level Zero through to Level Three. A Maturity Level of Zero signifies that an organisation has weaknesses or holes in their cyber security strategy. Levels One through Three recommend security measures of increasing strength and complexity to improve an organization’s cybersecurity.

How to incorporate the Essential Eight into your medical practice

If your medical practice does not already employ the Essential Eight, we recommend starting with Level One. Below are the key components of this framework.

 

Application Whitelisting

Apply application control

Application Control prevents unauthorised applications from being installed or run on a company computer. It’s a zero-trust security approach designed to protect against malware and untrusted applications. For example, in a Medical Centre, this could involve allowing access to only your practice management software, such as Best Practice or Medical Director, and related tools.

A practical method of implementing application control is to use Windows Defender Application Control (WDAC). This tool is included in Microsoft 365 Business Premium, a component of all GCIT managed service plans.

 

Patch Applications

Patch applications

Patch management ensures all systems are up to date with available security patches in a timely manner. Patches are necessary to close vulnerabilities or bugs in your software. In a Medical Practice, this would involve updating programs such as Best Practice & Medical Director with the latest updates.

Practice Management Software like Best Practice and Medical Director will deliver communications when updates are available. However, it’s the responsibility of the Practice Manager or IT Service Provider to ensure these are applied promptly. Patches and updates should be applied within two weeks of release or 48 hours if a security exploit exists.

 

Keyboard Macros

Configure Microsoft Office macro settings

Microsoft Office applications can create and execute macros to automate routine tasks. A macro is a sequence of automated actions that can replace mouse clicks and keystrokes to complete complex tasks. While these can be helpful tools, macros can also contain malicious code used by attackers to run harmful code or download malware.
We can manage the risks of Office macros using Attack Surface Reduction Rules in Microsoft Defender for Business, another Microsoft 365 Business Premium component.

 

Application Hardening

User application hardening

Application Hardening involves reducing vulnerabilities in the applications your company uses. In the context of the Essential Eight’s Level One maturity model, Application hardening refers to security settings in the web browser. Specifically:

  • Web browsers do not process Java from the internet.
  • Web browsers do not process web advertisements from the internet.
  • Internet Explorer 11 does not process content from the internet.
  • Web browser security settings cannot be changed by users.

These settings can be implemented using Security Baselines in Microsoft Intune, another inclusion in Microsoft 365 Business Premium.

 

Patch Operating Systems

Patch operating systems

A patch is a security update that fixes vulnerabilities. Similar to Application Patching, timely Operating System patching ensures your operating system has all current security updates installed.
Patches need to be consistently monitored to ensure systems are up to date. Security updates can be deployed per workstation using Microsoft Update settings. However, your IT provider can also manage them with a Remote Monitoring & Management (RMM) tool. Like many IT service providers, GCIT offers services to control Operation System patching through our RMM tool.

 

Restrict Admin Privileges

Restrict administrative privileges

Administrative Privileges allow a user to create, delete and modify files, settings, programs and other user accounts. A user with administrative privileges can significantly change an IT environment’s configuration and security posture. Administrative rights also allow users to elevate their operations and access sensitive information. Without restrictions on user accounts, malware and malicious code can cause much more damage, especially if the user that triggered it is an admin.

Restricting admin privileges also creates a more stable and predictable workspace, as fewer users can make significant changes to the environment. Your IT Provider should regularly audit your environment’s permissions through consistent access reviews. They should also take a principle of least privilege approach with just-in-time access, ensuring users have the least privileges possible to perform administrative tasks – for only the time they need.

 

Multi-Factor Authentication

Implement multi-factor authentication

When a user logs in to an account, multi-factor authentication requires multiple forms of authentication to prove their identity. This may come in the form of a password plus a generated code sent via SMS, email or authenticator app, or a secondary device that is already logged in and may need to approve access. An example is Apple’s multi-factor authentication which allows users to sign into their accounts using a password and then approve this action on an authorised apple device such as an iPhone.

Multi-factor authentication is one of the most effective security measures a Medical Practice can implement. When implemented securely, it can make stealing credentials that can cause further malicious activities considerably more difficult. Microsoft reports that Multi-factor authentication prevents 99.9% of identity-based cyberattacks. This effectiveness, combined with its ease of use, makes multi-factor authentication a vital first line of defence for any organisation.

 

Regular Data Backup

Create regular backups

Medical Centres need to ensure they back up business-critical information. This isn’t just for quick recovery in the event of a disaster; it’s also a requirement for general practices to achieve accreditation from the Royal Australian College of General Practitioners (RACGP).

Backup is the process of copying files or databases to ensure their preservation in the event of equipment failure, security and cyber breaches or other disasters. For a general practice to achieve accreditation, they must check their backup system at regular intervals – this includes testing its ability to recover data. The loss of critical data can impose a high financial and operational cost on your practice, so having a business continuity plan that includes a reliable and frequently tested backup procedure is vital.

Conclusion

Protecting your medical centre from cyberattacks is one of the most important steps to improve your business’s stability, improve patient trust, and ensure continued operations. However, it’s important to note that the steps outlined above cannot entirely remove the threat of a cyberattack. Still, they can mitigate the risk and hopefully decrease any attack’s severity and long-lasting impacts.

At GCIT, we are specialists in providing Cyber Security services to numerous businesses across Queensland and New South Wales, including many medical centres. Our Award-winning cybersecurity experts can take the stress out of IT Security and make sure your data is secure.

Contact GCIT to find out how we can help your Medical Practice protect against cyberattacks.

.au domain change

What is the new .au domain?

The .com.au country-specific web address has been in use for over 30 years. Like similar country codes such as .uk, it allows web users to identify Australian businesses and commercial entities quickly. In March of this year, .au Domain Administration Limited (auDA) launched a new shorter domain – .au.

The .au direct name is a general-purpose domain open for anyone with a verifiable connection to Australia who wishes to create or manage an online presence.

Unlike .com.au, which requires an ABN or ACN to verify that you are an Australian business to register, a .au domain does not have this requirement, opening it up to the Australian general public. If you currently own a domain name in any other .au namespace, you have priority registration to the .au direct equivalent of your existing domain until 20 September 2022.

What happens if I don’t register my organization’s .au domain before the cut-off date?

If you don’t request a .au domain via priority allocation by 20 September, the domain will become available for registration by the general public on 3 October. After this date, anyone that meets the requirements of registering a .au domain will be able to register one, regardless of whether a .com.au or .net.au equivalent already exists.

What does this mean for my business?

While this new domain offers businesses, organisations, and individuals opportunities to rebrand, extend or change their online presence, it can also pose a significant risk. Cybercriminals can also use this as an opportunity to commit fraudulent activity against your business. By registering your business’ .au name, a cybercriminal could impersonate your organisation by creating a fake online presence. This could include creating a copy of your website or using the .au domain to send phishing emails under your company’s name.

What steps should I take to protect my business or organisation?

While these changes will not inherently cause issues, you can take some steps to protect your organisation. The ACSC recommends that all Australian businesses, organisations, and individuals take advantage of the priority allocation process to register the .au direct equivalents of the existing domain names.

It is common practice for businesses to register the same names across multiple domains, for instance, gcit.com.au and gcit.net.au. When the .au direct namespace domain launched on 24 March this year, the Priority Allocation Process was created. This process allows existing registrants in the .au registry the first opportunity to apply for the .au direct match of their existing domain name/s. To qualify for priority access, you must have registered the domain name before the launch of the new .au domain.

How do I register for a Priority Allocation for a .au namespace domain?

To register the .au direct match of your existing domain name, you must apply for priority status by 20 September 2022 (23:59 UTC 20 September / 9:59 AM AEST 21 September). You can do this either through your current registrar or another accredited registrar. If you use a new registrar, you will need to retrieve a priority token from the Priority ID Token tool. This token enables a registrar to confirm that you are the owner of the matching existing domain name.

What can I do with the new domain once I have registered it?

If you have an existing web presence, one of the easiest things you can do is to create a redirect from the .au domain to your existing website. A redirect ensures that anyone searching for your business will find the correct site regardless of whether they use .au or.com.au. Of course, many businesses already do this with .net.au and .com addresses.

Another option is moving your website to the .au domain and redirecting your current .com.au address. Ultimately the web address you choose for your business will depend on the needs of your business.

To learn more about the new .au domain, visit auDA, the administrator of Australian .au domains.

Many companies are allowing staff to work from home and remote indefinitely, raising questions about how they can protect work data on personal or uncontrolled devices.

As IT experts for working remote Gold Coast IT Support offer the following information to help.

Because we can lose company data in a variety of ways across different devices, we need to apply a variety of protection measures. Let’s take a look at the features in Microsoft 365 that can allow companies to protect their data while users are working remotely.

Use Mobile Application Management

Despite the name, mobile application management doesn’t just apply to mobile devices, it can also protect Windows 10 devices. Mobile Application Management policies can protect company data on both managed and unmanaged devices.

It works by applying protections to the apps your teams use to access company data, like Outlook, Teams, OneDrive and SharePoint.

You can enforce restrictions on these apps to prevent data being saved, cut, copied or pasted.

Mobile Application Management Prevent Copy Paste

You can also require a PIN when the app starts or block the app from running on a jailbroken phone or tablet.

Mobile Application Management Pin Code

This feature can be used to selectively wipe company data from a users device, without affecting their personal files. This is handy for organisations where staff use their personal computers and mobile devices to access company information remotely.

Mobile Application Management Wipe Device

Set up conditional access policies

We can use Conditional Access to enforce restrictions on non-compliant or unmanaged devices. Such as blocking access entirely, or preventing particular actions like stopping users from saving attachments in Outlook on the web or syncing files to OneDrive

We can apply these protections in other ways to apps like OneDrive and SharePoint. Preventing users from syncing data to their personal devices by either blocking access or only allowing limited web only access

SharePoint Prevent Access From Unmanaged Device

Expert IT advice for working remotely

Use Cloud App Security to protect data on third-party apps

These protections don’t just relate to Microsoft 365 apps like OneDrive, SharePoint and Outlook; we can use Microsoft Cloud App Security to apply additional protections to apps like Dropbox Business too. Applying protection to a third-party app like Dropbox Business can prevent users from downloading your company data to unmanaged devices.

Control Dropbox Access Unmanaged Device

Apps like Dropbox Business also provide their own security measures, allowing you to block access and wipe company data when a device next comes online.Wipe Dropbox Device Remotely

Configure idle session time outs

To lessen the likelihood of the wrong people accessing company information on a shared device, we can configure idle session time outs. These will sign users out after a period of inactivity, just like your bank does.

Enable SharePoint Idle Session Timeout

Get alerts on suspicious activities

Cloud App Security includes built-in alerts that trigger on potentially suspicious activities. We can use these to get notified about things like mass deletions, mass downloads and unusual volumes of external sharing

Enable Cloud App Security Alerts

Protect sensitive data with Data Loss Prevention

We can use data loss prevention to restrict or impose conditions on the sharing of sensitive information. These policies can trigger on certain keywords like project names or sensitive information types like credit card numbers, driver’s license details or tax file information. Once a file containing this info is detected, it can display a warning, be blocked from being sent or have encryption applied.

Use Data Loss Prevention

Using Cloud App Security, we can apply additional data loss prevention measures to third party apps like Box and Dropbox Business

Use Sensitivity Labels

But what happens if this all fails, and someone downloads company data to a personal, unmanaged device. To protect against this, we can apply sensitivity labels. These labels define how sensitive a particular piece of content is and in turn can enforce protections on our data. What’s more, these protections apply no matter where it ends up. These baked-in protections can limit who can access the file and what they can do with it. Preventing the wrong people from opening, copying, saving, forwarding or printing sensitive documents or emails.

Protect Data With Sensitivity Labels

In many cases, these protections can be applied automatically by scanning for those same keywords and sensitive information types that data loss prevention uses.

Automatically Classify Content With Sensitivity Labels

As you can probably tell by now, there’s a lot you can do to protect your sensitive data when people are working from home. If you need help with any of this, reach out to us below.

  • This field is for validation purposes and should be left unchanged.

 

Improvements to Azure AD Identity Protection have launched, making it easier to identify and manage identity risks in your organization.

What is Azure Active Directory Identity Protection?

Azure AD Identity Protection uses machine learning to identify signs of suspicious activity or issues that might cause you to have a compromised identity in your organization. We can use Azure Identity Protection to configure policies that impose conditions on sign-ins or users that are deemed risky by Microsoft 365. We can also use it to manage, investigate and remediate risk alerts when a suspicious sign-in or user is detected.

Azure Identity Protection can generate alerts based on the following risk events:

  • Atypical travel
  • Anonymous IP
  • Unfamiliar sign in properties
  • Malware linked IP addresses
  • Leaked credentials
  • Azure AD Threat intelligence (activities that match known attack patterns)

The leaked credential alert is especially useful because it will let you know whether some of your users have credentials that are exposed on the dark web or in another breach. We use this in conjunction with the Have I Been Pwned API to alert our customers to compromised credentials.

Where can I find Azure Active Directory Identity Protection?

  1. Sign in to portal.azure.com
  2. Open Azure Active DirectoryAzure Identity Protection In Azure Portal
  3. Scroll down to Security on the left rail
  4. Open Identity Protection.Open Azure Identity Protection

What’s new in Azure Active Directory Identity Protection?

Azure Identity Protection has been updated with new controls for managing, investigating and remediate issues with our identities.Azure Identity Protection Improved Controls

We can use these improved controls to manage risk events in bulk, easily confirming a compromised user or dismissing alerts. These new controls are handy for larger organisations who generate many alerts each day. Azure Identity Protection Managing User Risk Events In Bulk

For each alert, we can drill down and see more information on the user’s recent activities. We can see other user sign-ins and risk detections, as well as reset passwords, confirm compromise, block access and investigate further in Azure ATP. Choosing to investigate further opens up Cloud App Security, providing more insight into the user’s recent activities that contributed to the alert.Azure Identity Protection User Risk Event Details

What license do I need for Azure Identity Protection?

Azure Identity Protection is included in Azure AD Premium P2 license. Azure AD Premium P2 is available under the following licenses:

  • Azure Active Directory Premium P2  standalone SKU
  • Microsoft 365 E5
  • Office 365 E5
  • Enterprise Mobility Suite E5

You get some limited reporting on risky users, risky sign-ins and risk detections in Azure AD Premium P1, which is included in Microsoft 365 Business Premium.

Since Microsoft licensing can change, see here for up to date licensing requirements.