Categories

Accountant Aged Care Allied Health Andrew Bragg Annuity Apps Asic Asset Finance Asset Planning Asset Protection Asset Protection Strategies Assets Assets and Risks Ato Auction Audit Insurance Australian House Market Report Baby Bonus Bas Binding Death Benefit Nominations Binding Financial Agreement Binding Financial Agreements Body Corporate Bonds Borrowing Brexit Budget Budgeting Business Business Registrations Business Support Business Tax Deduction Business Value Capital Gains Tax Capital Gains Tax: Will Capital Protection Catherine Frost Cgt Checklists Commercial Loans Commercial Property Company Tax Concessional Superannuation Contribution Corporate Trustee Cryptocurrency Darren Foster Debt Debtors Deceased Estate Depreciation Dereen Wallace Director Director Id Divorce Economic Update Economy Emily Kermac Employees Estate Planning Executor Fbt Federal Budget Federal Election Finance Finances Financial Advice Financial Plan Financial Update Franking Credits Government Grants Gst Holiday House Home Office Hybrid Unit Trust Individual Ownership Insolvency Insurance Insurance In Super Interest Rates Investment Investment Loan Investment Loans Investment Property Investments Janet Kohan Jobkeeper Jobmaker Joint Ownership Ken Burk Land Tax Lending Life Insurance Linda Hamilton Loan Repayments Loans Lvr Margin Loans Margin Scheme Market Update Medical Expenses Mortgage Mortgage Broker Mortgage Broking Mygov Negative Gearing Not For Profit Offset Account Overseas Gifts Parental Leave Paris Financial Pat Mannix Payg Payg Variation Pension Practice Valuations Private Wealth Property Property Development Rebecca Mackie Record Keeping Redraw Facility Refinance Renovating Research & Development Retirement Retirement Planning Retirement Savings Salary Sacrifice Scams Self Managed Superannuation Self Managed Superannuation Fund Seminar Shares Small Business Smsf Smsf Borrowing Smsf Property Smsf Self Managed Superannuation Fund Steve Golding Steve Wildes Strategic Business Structuring Structures Student Subdividing Property Succession Plan Superannuation Superannuation Fund Tanya Hofbauer Tax Tax Benefits for Super Tax Concession Tax Deduction Tax Investment Property Tax Losses Tax Offset Tax Planning Tax Savings Tax-Free Temporary Full Expensing Tenants in Common Tessa Testamentary Trusts Tfe Training Transition to Retirement Trust Trusts Ttr Will Working from Home
Home » E-News » Latest News

Protect yourself from ransomware

Protect yourself from ransomware

Ransomware is a common and dangerous type of malware. It works by locking up or encrypting your files so that you can no longer access them.

A ransom, usually in the form of cryptocurrency, is demanded to restore access to the files, or to prevent data and intellectual property from being leaked or sold online.

A ransomware attack could block you from accessing your device or the information on it. Take some time to consider how a ransomware attack might affect you. This will help you to invest the right amount of time, effort and money into protecting your systems.

You should consider:

  • What can you replace? For example, files you downloaded from the internet.
  • What can’t you replace? For example, photos that aren’t backed up.
  • What would you spend to recover your information or device after a ransomware attack?

Follow the steps in this guide to mitigate the risk and impact of a ransomware attack.

Secure your devices to stop ransomware attacks

  1. Regularly update your devices

Cybercriminals use known weaknesses to hack your devices. Updates have security upgrades so known weaknesses can’t be used to hack you. You should always update your system and applications when prompted. You can also turn on automatic updates on some devices and applications so that updates happen without your input.

If you have a server or Network Attached Storage (NAS) device in your network, make sure they are regularly updated too.

  1. Set up and perform regular backups

A backup is a digital copy of your most important information (e.g. photos, customer information or financial records) that is saved to an external storage device or to the cloud.

The best recovery method from a ransomware attack is to restore from an unaffected backup. Regularly backup your files to an external storage device or the cloud. Backing up and checking that backups restore your files offers peace of mind.

  1. Implement access controls

Controlling who can access what on your devices will help reduce the risk of ransomware. It will also limit the amount of data that ransomware attacks can encrypt, steal and delete.

To do this, give users access and control only to what they need. This can be done by making sure each person who uses the device has the right type of account.

There are two types of accounts you can set up on Microsoft Windows and Apple macOS; a standard account and an administrator account. Everyday users should have a standard account. Only those who need to should have an administrator account. Consider creating a standard account to use as your main account as they are less susceptible to ransomware. It’s also important that users don’t share their login details for accounts.

  1. Use antivirus software

Antivirus software can help to prevent, detect and remove ransomware on your device. Make sure you turn on your antivirus software and keep it up to date.

 

 

  1. Turn on ransomware protection

Some antivirus products offer ransomware protection. Make sure you enable this function to protect your devices.

For Microsoft Windows devices, you can enable ‘controlled folder access’ within Windows Security. This will prevent designated files on your device from being encrypted by ransomware.

  1. Disable macros

Microsoft Office applications can execute macros to automate routine tasks. Macros can be used to deliver ransomware to your device so they should be used with caution.

If you don’t need to run macros, it is best practise to disable them. If you do need to run macros, consider preventing macros from running automatically and restricting which macros can run.

  1. Turn on multi-factor authentication

Multi-factor authentication (MFA) makes it harder for cybercriminals to gain initial access to your device, account and information by making them jump through more security hoops and additional authentication layers. This means that the cybercriminal will have to spend more time, effort and resources to get into your device before any ransomware attacks can begin.

MFA typically requires a combination of two or more of the following authentication types before granting access to an account:

  • something a user knows (PIN, password/passphrase)
  • something a user has (smartcard, physical token)
  • something a user is (fingerprint, iris scan).
  1. Use unique passphrases

If your accounts do not have multi-factor authentication then make sure to use a unique passphrase. Never reuse a passphrase across multiple accounts. This could help stop ransomware from spreading or your accounts being compromised.

Extra measures for small business or advanced home networks

  1. Secure your servers

If you use a NAS or other server in your home or business, take extra care to secure them. These devices are common targets for cybercriminals because they often store important files or perform important functions.

  1. Minimise external facing footprint

Audit and secure any internet exposed services on your network (Remote Desktop, File Shares, Webmail, remote administration services). Discuss this with an IT professional if you are unsure.

  1. Migrate to cloud services

Consider using online or cloud services that offer built in security, instead of managing your own. For example, use online services for things like email or website hosting.

Understand how to prevent ransomware attacks

  1. Check messages you receive

Cybercriminals will send you fake messages to try and get you to take some action. For example, they might ask you to click a link, download a file or give away your personal information. If you receive a message that you weren’t expecting it might be a way for a cybercriminal to get access to your account or device.

  1. Be careful opening files and downloading programs

Sometimes you need to open a file or download a program from the internet.

Avoid opening files that you receive unexpectedly or from people you don’t know. As an example, don’t open an email attachment if you don’t recognise the email address or weren’t expecting to receive it.

Do not download files if they have a different file extension than what you were expecting (for example, a file that ends in .exe or .msi when you were expecting a PDF or image).

Check that software is made by a reputable company before downloading and installing on your device. Always download software from the company’s official website or an official app store.

  1. Avoid links that ask you to log in or reset your password

Sometimes you might receive a link that asks you to enter your credentials or reset your password. Do not enter your credentials after receiving instructions from an unexpected message. This could be a phishing attempt designed to steal your login details.

If you think the message might be legitimate, find another way to action the request. For example, if you need to change your password for an account go to the official website and request to reset your password there.

  1. Remain vigilant and informed

Sign up to get alerts through the free ASD’s ACSC alert service. This service will send you an alert when a new cyber threat is identified.

 

Source: Australian Cyber Security Centre (ACSC)


Tags: financial advice |