There used to be a time where criminals would dangle down from the ceiling from wire while wearing all black and break into your filing cabinet to steal company financial data.

While criminals like that probably do still exist, they need to get with the program, and so do you.

Cyber criminals, whether it be a sovereign state or a 16-year-old in his mother’s basement, can potentially hack any system connected to the internet (and sometimes not connected) to harvest all kinds of data.

There are two main ways a hacker will compromise a system. They will either force their way in using methods like using a brute-force attack or dictionary attack against your password, or a user unknowingly lets them in.

The latter is the most common as passwords these days are generally quite strong and can take months or even years to crack. A hacker is more likely to use social engineering to convince you they are someone they are not (like your boss or your bank) and directly ask you for a password or use very clever questions to get more information out of you.

Smart social engineers will look you up on social media websites such as LinkedIn and Facebook to gauge your interests, so they can tailor an attack specifically for you. This is called spear-phishing.

What can you do? Making sure you have a strong password is imperative to staying safe online, if your password is strong then a hacker will not brute force it, they would have to socially engineer you.

Ensure you have the latest updates installed on your devices. Software and hardware vendors are issuing updates daily to fix bugs that can be exploited by hackers.

Educate yourself and your employees of common attack methods, for example:

  • Your bank will NEVER call you and ask for login credentials.
  • If you receive a phone call you are unsure is legitimate, then ask them for a reference number and return phone number. If they don’t give either or the phone number is not the phone number you see on your statement/their website, then it is a scam.
  • No company will EVER call you to say you have a virus on your computer and they will fix it for you. (Unless this is something you have set up with your IT provider).
  • Bunnings does NOT send out $500 gift cards.
  • The ATO will NEVER ask you to make a payment using iTunes gift cards.

The ONLY way to ensure your data is 100% safe is to put it on a hard drive, place that drive in a lead box and then bury it 20 metres underground. If your data is protected well enough that it is not worth a hacker’s time to attack you, then you’re safe.

You can also contact your IT provider for advice on hardening your security to help protect yourself.

If you have any questions regarding this article or wish to speak to one of our IT team, please contact us on 07 5413 9300 or it@pjtaccountants.com.au.