Blog | Security
Attackers don’t take time off over Xmas – Do you have the right security measures in place?

Is your organisation among the many workplaces that will be closed over the break?

Unfortunately, this is an opportunistic time of year for many attackers to take advantage of business closures and reduced IT/security staff. There are several ways you can help minimise your risk and ensure that the correct security measures are in place to protect your organisation during this time.  

WE’VE PULLED TOGETHER SOME USEFUL RESOURCES BELOW –

Doing some last-minute online shopping? Stay safe online this holiday shopping season with tips from Microsoft –

Stay safe online this holiday shopping season with tips from Microsoft – Microsoft Security Blog

It is not uncommon for employees to sometimes use corporate devices for personal reasons – a common one that can occur at this time of year is online shopping. Whilst this may have more impact on personal cybersecurity habits than organisational habits, these tips are still useful for staff to be aware of and to look for when using the web for purchases. 

Phishing Attacks 

Phishing attacks are scams designed to gain access to your system by fraudulently obtaining your log-in credentials, steal your identity, or get you to send money to criminals. With an increase in scams across the silly season Microsoft have put together a 7-step poster to help protect yourself from phishing, check it out here –  

Click to access 7_ways_to_protect_yourself_from_phishing.pdf

Ransomware Attacks 

Ransomware has grown in profile and impact and poses one of the most significant threats to Australian organisations. The ACSC recorded a 15 per cent increase in ransomware cybercrime reports in the 2020–21 financial year.  

A recent trending example of this is Conti ransomware. These attacks are a particularly dangerous and rising phishing attack which is used to gain remote access to a device. An email is used which claims to come from a sender the victim trusts and uses a link to point the user to a maliciously loaded document. Stay aware, and learn more about the growing number of Conti-ransomware attacks on Australian companies here – 

https://www.cyber.gov.au/acsc/view-all-content/advisories/ransomware-profile-conti

There has been a lot of talk recently about CVE-2021-44228 Apache Log4j2. A number of vulnerabilities have been unearthed in a piece of the Java code which essentially allows for remote actors to execute commands on servers. Microsoft have analysed the scope of this vulnerabilities and have created recommendations –  

Microsoft’s Response to CVE-2021-44228 Apache Log4j 2 – Microsoft Security Response Center 

Don’t forget about the regular security patch releases from Microsoft and other vendors – ensure that these are being applied over this seasonal period. 

Effective and robust cyber security is built on three pillars: people, processes and technology.

Make sure that you cover all three pillars this season – you can’t just rely on technology to provide security. 

Related Posts

Handpicked content
Want to go deeper? Talk to one of the Rapid Circle team

Wilco Turnhout

Co-Founder (NL/EU)

wilco.turnhout@rapidcircle.com

Andrew Fix

Chief Technology Officer (AU/NZ)

andrew.fix@rapidcircle.com