Gone but not forgotten, or gone for good?

So, it turns out that October is cyber security awareness month. Yup, sorry, we’re a little late to the party.

However, our friends over at Sophos have been busy on the trail, so we thought we’d share a couple of their useful tips.

If you connect it, protect it

Cyber security no longer just belongs to the realm of servers, laptops and computers. A quick count of devices connected to your home network will probably surprise you. Devices such as Alexa, Google Home and Kindles are also points of vulnerability.

The first step for any device connected to your network is to change the default password. A quick google search easily reveals the default passwords for many brands of routers and IoT devices.

Tighten up your (and your employees) work-from-home network

What do you know about your employees home network? Have they changed the default password on their router? Do they even have a password on their wi-fi? A quick scan in this bloggers apartment block shows 30% of available wi-fi networks are not protected with a password.

A little-known fact is that some routers let you set-up multiple networks, which means you can segregate work devices from the home devices. You can also separate your IoT devices on the 2.4Ghz channel (as they generally need an older protocol), leaving 5Ghz for the higher bandwidth devices.

Gone but not forgotten, or gone for good?

Other tips

Use different passwords for different accounts

We know that passwords can be tricky with all those rules like capital letter, number and special characters. But if you use only one password, then the minute you get compromised all the attackers need to do is take that one password and open up your life (and bank accounts).

Want to know if you’ve previously been compromised? There’s a website called have I been pwned (https://haveibeenpwned.com/) which allows you to put in your email address and will tell you which site was compromised, along with what and when your data was made available.

Gone but not forgotten, or gone for good?

Multi-factor authentication (MFA)

We’re going to keep saying it. Even Qantas this week sent an email to all it’s frequent flyer members with cyber security tips including activating MFA.

Multi-factor authentication requires a user to prove that they are really who they say they are. This can be done through a simple text message code or a secure app.

This should be standard for access to your company’s documents, services and especially any financial or sensitive data. Within Microsoft and many other applications, it’s simply an additional layer of security that needs to be enabled. You generally don’t have to pay to access the MFA services.


Finally, don’t be afraid to talk about cyber security with your employees. Humans are the biggest weakness in any cyber security strategy. If something does happen to go wrong, use it as a learning experience without apportioning shame or blame. Cyber crooks are only getting smarter, and it’s not as simple as it used to be to spot a phishy email.

Talk to us about how we can help you improve your cyber security posture, both inside and outside your network. After all, friends don’t let friends get scammed.