Toll Group suspends IT systems following unusual server activity. Cyber Aware’s tips on managing a cyber incident

Before COVID-19 dominated the news cycle, you may have seen that Toll Group, the well-known global logistics network, and freight transport provider, fell victim to a targeted ransomware attack.

As many as 1000 servers were infected during the February attack, and the company received harsh criticism from the public for their prolonged silence regarding the attack.

Key delivery services were majorly disrupted, and while clients experienced significant delays, many were left in the dark; unsure of whether & when they could return to regular operations.

“It’s 10 days overdue, so for the last week I’ve been spending at least three or four hours a day on the phone trying to get some information.” quoted sales manager, Jeff Ward.

While the fallout of a cyber-attack is objectively damaging on a technical and financial level, the reputational damage is what businesses often fail to recover from, with an average of 60% of businesses failing to continue operations following a cyber-attack.

Now it’s May, and the company has reported another security incident, however this time with much more transparency and urgency.

While customers and clientele were left frustrated and unsure during the last incident, this time around Toll appears to have applied the lesson learned on PR and incident management by immediately closing services and alerting the public.

While the specifics are not yet known, and the nature of the damages or incident are yet to be revealed, stakeholders this time around are aware of the current situation, and most importantly, have not been left hanging!

Toll’s cyber-incidents and response this year are demonstrating both the best & worst of incident management, and from this case, your business can learn the following things:

  • Prepare a statement in advance, and release it promptly. Much like Toll’s most recent example, your initial statement does not need to disclose a full report of damages, impacted clients or the nature of the attack.
  • Have a plan of action. Prepare backups of your key data so you can comfortably recover the damages. Layout a plan not only for the event that you need to cease activity but also for resuming your business activity following a breach.
  • Adhere to your country’s regulations, but don’t stop there. As many of us in the cybersecurity industry are aware, in February of 2018 Aus Gov rolled out Mandatory Breach Data Notification laws that laid out the specifics for reporting a data breach, and the associated penalties for failing to do so (cough up to $2.1million cough).

It’s critical that whether you’re operating under GDPR, the NDB, or otherwise, that you are familiar with your obligations and responsibilities following a data breach.

But of course, don’t stop at policy requirements. Consider how you can best reach legal demands while also maintaining trust and responsibility among your shareholders/public-image.

Given the increased vulnerability of businesses during this pandemic, it is crucial that you are prepared not only from a security standpoint but from an operational and reputational perspective as well.

This pandemic has been an immediate and radical change for all of us. Alongside our scattered workforce, shifting work culture, and general pressures as an adapting business, the last thing any of us need right now is a frustrated & disheartened client-base due to poor incident response.

For more information on incident response and cybersecurity awareness, visit cyberaware.com!

Cyber Aware’s essential safety tips for returning to the workplace

As new cases of COVID-19 remain low, and discussions of lowered restrictions populate Australian news, it’s time that we take a step back and consider the new security challenges during our return to the office.

This pandemic has driven huge, immediate change at both a societal and cultural level. Within our own businesses, many of us have discovered a capability to keep the ship afloat without the benefits of the office, and a lot of workers will find themselves comfortably working from home on a regular basis.

While some predict that work-from-home is the new norm, and others are forecasting a mass return to the workplace, the reality is that we’ll likely land somewhere in between, especially while we work out the kinks of social distancing and beating this pandemic.

As such, Cyber Aware recommends that any workers, whether you’re frequenting the workplace or the lounge room, follow these key safety steps:

  • Be cautious as to the devices you bring between the office and home. Just because your battery died and you had to use your home-laptop, doesn’t mean that it’s fit for use in the office. If your home device has a virus or any malicious content on it, bringing it to the office can expose the whole network. BYOD policy can seem trivial, but it’s been responsible for bringing down entire nuclear facilities, let alone your workplace. And, on that note:
  • Keep your work and personal devices separate! Not only will it be embarrassing to bring up your teenager’s search history during a work meeting, but it’s also a huge risk to access corporate, confidential data on the same device where your family browses the web & downloads unknown content.
  • Moving back to the office, it is a good idea to not only utilise a VPN at home but at all times. A common form of attack, especially for larger workplaces, will be fake wi-fi and network compromise. Stay ahead of this by connecting to your business network through a secure tunnel, a VPN. (If you’re in a managerial position, we’ve always been huge fans of HackHunter for weeding out fake wi-fi devices).
  • I think it’s safe to say that things have gotten a little bit laissez-faire during the lockdown. With so many distractions at home, the 9 to 5 has started to look more like a 12 to 12 with fifty breaks in between. Whether this is for better or worse, one thing is for certain; break any habits of using social media for work purposes. Simply put, any new platform you put work-data on is another platform it can be stolen or compromised through. Facebook and Gmail are not suitable avenues for delivering private data.

And of course, continue to maintain physical distancing measures, and continue to regularly wash your hands. The main point of lockdown was to avoid overwhelming the healthcare system; the virus is still a major concern regardless of current lockdown measures, so keep your physical safety and wellbeing as a top priority.

For more information on reducing risk and working from home, visit cyberaware.com/remote

Leading compliance providers voice major cybersecurity concerns during COVID-19

On April 14, 2020, Gartner surveyed 145 leading legal and compliance entities, revealing that more than half of the respondents deem cybersecurity and data breaches as the most-increased third-party risk facing their organisations.

No alt text provided for this image

This is primarily in response to the advent of remote-working, wherein the vast majority of organisations are seeing their workforce working from remote locations and employing a new, largely unmonitored array of third-party tools.

Arguably the most widely-adopted platform during this time, Zoom (who has skyrocketed from 10 million users to over 200 million in only 3 months), recently made the limelight for major vulnerabilities and security concerns. Considering this, it’s not hard to see why third-party apps are especially important in the current risk-conversation surrounding COVID-19.

We all have unique methods of working and our own preferred apps, which is why it’s quickly becoming a huge problem for organisations that are trying to keep up with the flood of third-party apps being used from home.

Best put by the managing vice president in Garntert Legal and Compliance, Vidhya Balasubramanian stated that “Remote working has been hastily adopted by suppliers to keep their business running, so it’s unlikely every organization or employee is following best practices.”

Cybercrime continues to be a pressing issue during this pandemic, both with COVID-19 themed scams running rampant and reported cases skyrocketing, such as Malaysia’s 82.5% increase. It’s important that as employees or business owners, we take a step back and evaluate our cyber posture.

While working from home, here are a few steps you can take to mitigate the risk from third-party apps:

  • Stick to the same apps you use at work. Company apps are often reviewed based on their security standards. By simply using a new app, you could be breaching compliance and causing risk to your company.
  • Don’t share work data over personal accounts. While it’s tempting to open up a Google Doc on our personal account or send a PDF through Facebook, these are personal accounts with lower security standards and should be treated as such.
  • Keep your apps up to date, and keep your self up to date with the media! In Zoom’s example, there are still countless users who are unaware of the security flaws on the app. The same can be said for many third-party apps. Stay aware and frequently update your software so you know what security concerns are present and whether they’ve been patched.

For more information on reducing risk and working from home, visit cyberaware.com/remote.

Coronavirus SMS scams: Attackers piggyback on official Government safety announcements

Have you received the below SMS message?

No alt text provided for this image

If you have, don’t worry, it’s a legitimate announcement from the Australian Government; screenshotted directly from my phone.

However if you’ve received an SMS similar the below, proceed with caution. It’s a scam:

No alt text provided for this image

(Image courtesy of the Australian Computer Society)

Scamwatch reports that since the COVID-19 outbreak, they’ve received more than a thousand reports of coronavirus-related scams. These range from phishing emails, SMS scams, and general social engineering attempts, however, they typically share a few common characteristics:

  • They often pose as a government body
  • They frequently play on false government rebates or tax claims relating to COVID-19
  • They always ask you for a call-to-action (providing private details, card information or otherwise)

In the above example, the link in the SMS reportedly took the victim to a fake COVID-19 information page in which a multitude of false services was advertised, ranging from fraudulent early-access to superannuation funds to false ATO tax rebates.

During this time, in which many Australians are facing unprecedented financial hardship, it’s easier than ever for scammers to play on our vulnerabilities and exploit our need for stability.

To ensure that you don’t fall victim to predatory COVID-19 scammers, follow these tips as a general rule-of-thumb:

  • Even if a URL or SMS is from a legitimate source; never click the link directly.
  • Fake websites can hide within hyperlinks; It’s always safer to type the website out in your browser instead
  • Do not respond to or action claims for personal or financial details. Delete any SMS or email correspondence requesting you to do so unless it is heavily verified

And most importantly; if it sounds too good to be true, it is. Remember that we’re all in this together, any benefits, claims, or stimulus we receive during these times are not unique to us alone. Check with your colleagues and with official sources to confirm that you’re actually entitled to financial support or rebate, and then go through the official channelsto process them.

For more information on keeping your business cybersafe during COVID-19, visit https://portal.cyberaware.com/remote.

Elon Musk and NASA ban corporate use of Zoom over privacy concerns

SpaceX (Elon Musk’s aerospace manufacturer company) recently banned its employees from video conferencing via Zoom on account of “significant privacy and security concerns”.

NASA soon followed suit, along with U.S. law enforcement who issued a public warning regarding the security of the skyrocketing app.

The security concerns surrounding Zoom initially gained the spotlight alongside their sudden blow-up following cascading work-from-home arrangements for COVID-19. The first notable privacy shortcoming came in the form of “Zoombombing”, wherein uninvited guests could join a video conference to essentially run amuck. This ranged from intentional attempts to eavesdrop on confidential conversations, and simple trollery in the form of abuse, pornographic material, and general disruptive behavior.

In addition to this, multiple security concerns and exploits have been discovered over the past weeks, such as this major flaw that allowed accounts to be hijacked quite easily, as well as thousands of Zoom accounts being found for sale on the Dark Web.

And as recently as April 15th, two new exploits were discovered on both Windows and MacOS that could enable unauthorised parties to spy on Zoom meetings.

Zoom CEO Eric Yuan has done the respectable thing and owned up to the security concerns by issuing a public apology, and statement of action following these significant concerns, citing an unexpected, gigantic increase in the Zoom userbase (going from 10 million daily users up to 200 million since December.)

Regardless of whether you’re on Zoom, Slack or another video conferencing provider, here are a few easy things you and your colleagues can do to keep your conferences secure:

  • Keep an eye on the participants in your conference

This is especially important for larger conferences, wherein unidentified or unauthorised persons can slip under the radar more easily. If you’re in a meeting of more than just a small team, it’s a good idea to assign a moderator who can keep track of participants.

  • Be aware of your surroundings

Everyone has a story about accidentally sharing the wrong information in a conference (including myself). Be mindful of what’s up on the whiteboard in the background, and if you’re screen-sharing make sure you close confidential or embarrassing tabs.

  • Limit confidential information through conferences

In light of these recent security concerns, it’s important to be mindful that video-conferences are another potential source of data leaks and security concerns. Limit the information you discuss in conferences to ensure that it isn’t leaked or eavesdropped on by malicious parties.

Finally, it’s important to note that while Zoom is currently in the limelight for security concerns, it’s likely that you’ll find similar issues on other video-conferencing services that simply aren’t as publicised at the moment.

Regardless of the platform you use, remember that video-conferencing is always another platform that you’re sharing data on. Conferencing should always be treated with caution and appropriate security policies accordingly.

For more information on work-from-home security, visit portal.cyberaware.com/remote

Travelex pays $2.3 million USD ransomware bailout: Ransomware cases silently rise during COVID-19

If your business faced a ransomware attack, would you pay the hacker?

It’s estimated by Kaspersky that 45% of business employees are unaware of how to handle a ransomware attack, and especially given the current circumstances, this is a critical cybersecurity opening for many organisations.

Wherein the majority of organisations are used to a conventional security structure with secure office networks, firm access control policies, and countless on-site security measures to reduce risk, countless workers are now suddenly minimising or totally missing these security measures in place for stock-standard home networks and a plethora of exploitable risks that come with the move.

In 2019, it was also estimated that 15 percent of all ransomware victims chose to pay the ransom. However, it is widely recommended that ransomware should be treated similarly to a real-life hostage situation: never pay the ransom.

Not only does this not guarantee that the hacker will remove the ransomware, but it also incentivises them to target you and similar businesses again.

A recent example of a massive ransomware payout was that of Travelex in December 2019. Travelex is a foreign currency exchange that services businesses across 26 countries, and in response to a targetted attack by the prominent hacker group, the Sodinokibi gang, Travelex paid out a sum of $2.3 million dollars.

The Sodinokibi gang held 5GB of encrypted data at ransom to accomplish this payout, which they promised to delete upon payout. The issue is that while the payout did prevent the attackers from publishing the sensitive data, there is no way of knowing whether they actually deleted the information.

And considering that this is a criminal group, it only stands to reason that they’d keep it as a further avenue of exploitation and profit.

While the Travelex incident was late last year, research indicates that ransomware attacks have gone up significantly throughout the COVID-19 pandemic, especially against businesses in the health industry.

Regardless of whether or not your business lands in the health sector, here are some precautions you can take pertaining to ransomware, especially in these current circumstances:

  • Be cautious of ransomware scams disguising as COVID-19 apps or services (Read here)
  • Evaluate what security measures are missing due to work-from-home, and do your best to replicate them in employee houses (See my article from last week)
  • Back. Up. Your. Data.

That last step is especially important, as oftentimes the only thing that can give you some leeway in the case of a ransomware negotiation, is if you have a copy of stolen data to restore from. (See Here for more information on developing a back-up plan for your business)

Finally, for more details on staying safe online and covering your work-from-home security, see our remote-working program.

What does COVID-19 mean for password hygiene?

With the advent of remote-working in response to COVID-19, we’re all making necessary adjustments. We’re incorporating new behaviors into our day-to-day life, such as limiting our time out of the house to essential shopping or exercise, and are now using our homes for activities that we’re otherwise used to performing out in the world.

We’re adopting new indoor exercise routines, frequently preparing our own meals in favor of the usual take-out, and have had to establish boundaries between working space and relaxing space within our own houses. Most notably, it’s reported that hand-washing is up by 1000% across the globe (don’t fact check me on that).

While we adjust and make preparations during this unprecedented time, it’s important that we take consideration for some of the subtler changes pertaining to safety as well. One of which being simple password hygiene.

It didn’t take long at all for scammers to jump at this opportunity and roll out a plethora of COVID-19 scams, but this isn’t the only way they’re exploiting and profiting from the masses during this time. Hackers & scammers are well aware that with the move to home-offices, comes a move away from office security.

Things like network security, access control, and general password hygiene are more exposed now than they have been for a long time

In the migration to our home-offices, most of us are taking passwords that were previously used only on secure office networks and entering them into home machines with lower standards of security. Furthermore, systems that we never had to re-log into, or that we’ve forgotten the passwords for, are having their passwords reset for the home-office.

When re-entering or changing passwords for your work systems, it’s a critical time to reconsider how strong they are, and how long you’ve been using them.

To ensure that your passwords aren’t compromised as a result of the change in workplace security.

Make the switch to passphrases.

A passphrase, simply put, is an anagram. Rather than using a simple word with some numbers, it’s encouraged in modern online safety to use complicated passwords. These can be made easily by using a phrase that you’re sure to remember, and flipping it into a passphrase. For example:
”Jack and Jill Went Up The Hill” can be used as a passphrase such as “JaJwUtH”.

Add a few numbers and a symbol to the end of that, and straight away you’ve created a strong, memorable passphrase.

Don’t re-use or share your passphrases.

I like to think of each of my passphrases as though they were my toothbrush: I don’t re-use them too much, and I never share them with others.
In most cases when your passphrase is stolen or compromised, it tends to sit on the dark-web for anywhere between a few weeks to a few months. By changing your passphrases regularly, and by using unique passphrases for each essential login, you prevent cybercriminals from being able to use stolen credentials to access your systems in the long run.

As for sharing them around, if you have team-workers or managerial staff who share a login system with you, it is key that wherever possible you are using separate sets of logins, and most importantly, that those logins are not shared between other systems.

Use a password manager!

Finally, we recommend using a password manager to store your passwords. Between the cyclical news surrounding COVID-19 and our frequently changing workloads as a result of it, our brains are full up.
It’s encouraged to use complex and unique passphrases across a number of devices, but we couldn’t reasonably ask you to remember them all.

This is where password managers come in. Their secure programs that typically plug straight in to your browser, and work like an encrypted encyclopedia of all your login credentials.

Most password managers don’t just remember the passwords, but typically enter them in for you, enable two-factor support, and even create secure, randomly generated passwords for you where needed.

Of all the advice in this article, password managers are likely the most essential. We recommend 1Password, LastPass, and Google Password Manager.

Want To Boost Your Cybersecurity? Forget Your Passwords

Many years ago, when I was a 14-year-old budding computer nerd, I experienced my first data-breach. I’d been playing World of Warcraft for hours on end (I was a kid, quit judging!) when another player offered me an “exclusive” opportunity to test out some new beta weapons and equipment.

All I had to do was enter my logins to the beta-test form, and this promised “exclusive gear” would be added to my account in 24 hours.

An email was sent through with the required form and being young, naive and full of the typical invincibility syndrome that young 14-year-old boys tend to have, I entered my username and password then signed off for the night.

Sure enough, I returned the next day to find that my passwords had been changed, all of my character’s clothes and weapons were stolen, and my email account had been compromised. I’d used the same email and password for my World of Warcraft account as I had for my personal email account.

Thankfully, at that time I had nothing of real value to lose from those accounts, and had some very valuable lessons to learn: don’t trust strangers online, and don’t re-use passwords!

Re-using passwords is a big no-no, but let’s be honest, everyone does it. I don’t know a single person who hasn’t re-used a password across multiple logins. It’s quick, it’s easy, and most of all it’s memorable.

The problem with re-using passwords, however, is that if they get stolen or guessed just once, they can then be used to access everything. It’s like cutting a master-key to fit your front-gate, garage and car all in one. And it’s why a silly encounter in an online game led to my email account being hacked.

In most major cyber breaches the logins are often stolen from somewhere unrelated, such as a social media account or streaming subscription, and then re-used for later attacks on bank accounts or corporate systems.

To avoid credential-based attacks, the expectation is that we use a different password for each and every login we have. However, given that the average person now has upwards of 27 online logins to remember, it’s quickly becoming an impossible task to individualise them and is likely why we’re seeing 81% to 87% of people re-using their passwords in the first place.




Following my first data-breach as a kid, my solution to making and remembering unique passwords was to enter familiar names into the Wu-Tang Name Generator. But what if I told you there was a better way!





My advice moving into 2020: instead of trying to remember all of your passwords, try forgetting them instead with password manager!

The way that password managers work is similar to how a browser’s auto-fill works. When logging in to an account, you type in your username & password just once, then your password manager securely stores and remembers them. Next time you log in, the password manager will take care of the grunt-work and log in for you.

The only password you still need to remember is your master key for the password manager itself.

You’re probably thinking that this doesn’t sound safe, but in exchange for this easy login tool, good Password Managers bulk up their security on the master login. Often times, you’re required to know your master-key, have a two-factor authentication code and authorise the device that you’re logging in from.

In exchange for that hassle, you don’t need to write down or remember any of your other passwords.

Further to being an easy and safe solution to remembering passwords, password managers also enable some huge security benefits:

  • Allows for unique passwords: Wherein you’re now limited by the number of unique passwords that a human-brain can remember (or that your desk can fit on sticky-notes), a password manager has a computer-brain, and can probably remember a few more. This means more unique passwords & fewer memory games.
  • Allows for stronger passwords: Most password managers will automatically suggest complex passwords for you. Instead of using common hackable passwords like donald or password123, a manager enables the use of complex, strong passwords like “t3cH^1©4l j4r30n” without ever needing to type or remember them!
  • Easy Use of Two-Factor: IBM estimates that over 80% of cyber-attacks in the last decade could have been prevented with two-factor and strong passwords. Modern password managers both facilitate stronger passwords, and often come pre-installed with automated two-factor support. In short, this means that any login or hack attempted against your account(s) needs not only the password, but also the two-factor key you set up as well.

Some password managers I’d recommend are LastPassOnePass (my preferred choice), and the updated Google Password Manager with Two-Factor enabled.

Moving into 2020, free up some of that precious brainpower and let a password manager do all that pesky remembering for you!

Author: Leonard Bernardone

Preparing for Black Friday Sales

Another year, another “Black Friday Crowds rampaging through Walmart” Youtube compilation for me to relax too while doing my online Christmas shopping! But for those of us who prefer to shop online and avoid the probability of being trampled to bits over a discounted microwave, there are still some big risks to consider.

Australians are seeing some of the largest damages from online scams to date, with reported losses of over $4 million in 2019 (a staggering $700k increase from 2018’s total losses). The amount of Australians who shop online has been steadily increasing every year, with the national average going up an ever further 20% in 2018, and cybercriminals are increasing their efforts accordingly. 

We recommend sharing these seven safety tips in the office to close out the week, especially for the colleague browsing 20+ tabs in search of the best deals:

  1. Don’t open PDF catalogues in emails. How many infected attachments does it take to cause a ransomware outbreak? Not many! Any deals/offers should be in the email itself, not hidden in a risky PDF.
  2. Watch out for fake websites in emails. If an email convinces you to shop at a particular store, dodge the risk of a scam email and just Google search the store directly for a safe link.
  3. Watch out for gift card scams. Gift cards are the recurring most popular item on wish lists, and attackers will often ask for payment via Gift Cards themselves. Don’t get stuck laundering money by mistake, or purchasing a dead card.
  4. Keep your money off of public Wi-Fi. The thing about public Wi-Fi is… it’s public. You don’t know who else is sitting on that network and monitoring your transactions. Switch to mobile data or wait until you’re home/at the office.
  5. Checkout using safe payment gateways. Have you ever seen those scams where a fake EFT reader is put onto an ATM to steal funds? Lately, scammers have been doing the same thing on website checkouts! They intercept your order and steal your card data using a tactic called e-skimming. Always check for https, or just stay safe using services like Paypal. 
  6. Switch to credit, or limit your spending account. If you must use a debit card, make sure it has a limited spend-per-day and transaction alerts set up with your bank.
  7. Classic advice: Don’t Click Popups. If an offer sounds too good to be true, it is. Hit that beautiful x button and move on. 

Did we get them all? What? “No” you say? Well, please leave a comment below! Let us know what you’ll be doing to stay safe online this Black Friday/Cyber Monday. 

Have a scam-free weekend people! 

Hackers capitalise on Covid 19: Exploiting the sudden boom of at-home workers

The immediate and rapid migration from our workplaces to the household has greatly expanded the cybercrime landscape:

Cyber-criminals across the globe are tailoring their efforts to remote workers and developing new scams designed specifically to exploit individuals during this vulnerable time.

As we leave the office and migrate to our respective homes, we need to take a step back and consider a few things:

  1. We’re taking our office with us: not just the pens and pencils, but our sensitive company data and system logins. Assets that we as individuals need to keep safe during the transition to working from home.
  2. In doing this, we’re simultaneously leaving behind one of the biggest benefits of working in the office: security.

Amidst the endless news-cycle of COVID-19, we’re seeing constant public safety warnings extending not only for our hygiene and physical wellbeing, but also our mental health, socialisation, and cybersafety.

The Australian Cyber Security Centre (ACSC)and countless government bodies are warning of the surge in online risks and vulnerabilities that COVID-19 has introduced.

All of a sudden, we’re incurring dangers of network security, access control, data management and a whole slew of cyber-security necessities that the majority of us have never had to consider before.

For cyber-criminals, this is an opportunity to profit and exploit like never before. To put it into an analogy, it’s as if the all of the shopfronts in the world have unanimously removed their locks and taken their inventories out on to the streets.

Countless workplaces have just had their security scattered to employee households with little-to-no central safety measures, and to ensure that both staff and the organisation at large are operating safely during these changing times. there are two key factors that every business needs to account for:

  1. Network security: This means a centralised standard of VPN, secure Wi-Fi and access control to any data and systems of the organisations when accessed remotely

This is typically performed by a dedicated I.T. team, member of staff or service provider. In the event that you haven’t already arranged this, I’d recommend moving fast to get ahead of the demand.

Already companies such as Cisco Systems Inc have seen a 1000% increase in demand for support services that cater to work-from-home security setups. Ensure that all members of your team are working from home under company networks and a secure connection.

  1. An individual understanding of risk and cyber safety: While working from home, you’ll find yourself facing a whole range of new cyber-threats and scams specifically designed to capitalise on individual mistakes. From opening the wrong email to clicking the wrong link, we’re all at risk of exposing corporate data from our own household if we aren’t careful.

You can expect to see scams that play on concerns surrounding COVID-19, especially on matters of personal safety and job security.

Already, cyber-criminals are disguising key-logging scams, malicious viruses and password theft as urgent warnings or health tips pertaining to COVID-19. (You can report and read on said scams via the Scamwatch website)

This is common practice for scammers: Finding a hot topic of public concern or vulnerability and using it to exploit those in distress for a profit. Even as recently as the Australian Bushfire Crisis, scams were quickly tallied by Scamwatch to be in the hundreds, some with damages in the thousands. (Further reading & advice regarding Australian Bushfire Scams can be found via the ACCC)

Considering COVID-19 is a global crisis and incomparable epidemic, expect to see plenty of scams. Make sure to operate with both caution and a hefty grain of salt. We’re all surrounded by a lot of information at the moment. A lot of it bad news. We’re inundated and the majority of us are feeling overwhelmed. It’s especially important during this time in which we may not be processing things at our usual standards, that we take a step back and reconsider what we’re looking at online.

It’s especially easy at the moment to click the wrong link or open the wrong email by mistake. To avoid falling into a malicious or compromising situation, slow down while you’re checking your emails and try your best to stay mindful while you navigate through your work-day.

In addition to staying aware of the current scams surrounding COVID-19, you can further protect yourself by keeping work devices and home devices separate. We recommend that you both refrain from doing work on personal systems and keep your personal accounts logged off of your work-devices to prevent cross-contamination of potential threats between work and home.

Finally, here’s a quick-guide image to follow for some work-from-home essentials:

For more information on staying safe at home and protecting your corporate data, we’ve developed an awareness program tailor-made to working from home: https://portal.cyberaware.com/remote

Top
Before you go, get a demo of our next-gen security awareness platform and see how we can help reduce your client's human risk.
WAIT!
Thanks, Not Interested
GET STARTED!
Get a demo of our next-gen security awareness platform today. Please fill in the form below and a member of our team will be in touch shortly.
Get a demo of our next-gen security awareness platform today. Please fill in the form below and a member of our team will be in touch shortly.
GET STARTED!
Thanks, Not Interested
GET STARTED!
Get a demo of our next-gen security awareness platform today. Please fill in the form below and a member of our team will be in touch shortly.