Presentation is loading. Please wait.

Presentation is loading. Please wait.

Practical tips to defend your business from cyber attacks

Published by Modified over 6 years ago

Similar presentations

Presentation on theme: "Practical tips to defend your business from cyber attacks"— Presentation transcript:

1 Practical tips to defend your business from cyber attacks
How to protect your conveyancing practice from payment redirection fraud? Practical tips to defend your business from cyber attacks

2 Who we are Nicholas Technology and legal expert with over 20 years of industry experience  Gabor Cybersecurity expert with over ten years experience, having worked in both private and public sectors

3 We defend small to midsize businesses from cyber scams and hacking
Who we are We defend small to midsize businesses from cyber scams and hacking

4 What we are covering tonight…
Why cybercriminals target conveyancing practices The consequences of being scammed How payment redirection fraud works How to protect your practice Questions

5 Would everyone please stand up…
Before we begin, a small exercise Would everyone please stand up…

6 Sit down if you…. Anyone still standing?
❌ Have a business computer which does not have anti-virus ❌ Do not know what two factor authentication (2FA) is, or have never used 2FA for your ❌ Have used 2FA but turned it off because it was too inconvenient ❌ Do you provide phishing awareness training to your employees? ❌ Have advanced phishing protection in place? Anyone still standing?

7 1) Why cybercriminals target conveyancers?

8 1) Why cybercriminals target conveyancers?
Practitioners are low hanging fruit for cybercriminals. underinvestment in security bad advice no advice High-value financial transactions Insecure communication channels New e-conveyancing platforms

9 1) Why cybercriminals target conveyancers?
In-house research of conveyancers:* ISP provided (e.g TPG) - 20% Webmail (e.g. Hotmail) - 10 % Office % * Non-representative sample

10 1) Why cybercriminals target conveyancers?
Two-factor: Yes - 10% No - 90% Anti-phishing protection: Yes - 0% No - 100% Password reuse: Yes - 90% No - 10% Paid antivirus: Yes - 90% No - 10%

11 You do not have to look far for Aussie examples
“MasterChef finalist caught in conveyancing hacker attack” Mid-May, a client lost about $700,000 May 31 when a client lost more than $1 million end-up-in-thailand.html

12 2) Consequences?

13 2) Consequences? Breach of confidential information Financial Lawsuits
copy of identity documents personal details Financial Lawsuits Reputation

14 Try Googling your brand..
once you have suffer a publicised data breach

15 3) How payment redirection scams work

16 3) How payment redirection scams work
As easy as 1-2-3 Steal mailbox passwords Phishing Data breaches Intercept s Tamper with payment instructions

17 Phishing Social Engineering
Exploits the weaknesses in people – ‘click whirr’ behavioural responses Fake logins that capture credentials

18 Credentials from Data Breaches
Websites get hacked. People reuse same and password across multiple online accounts.

19 Credentials from Data Breaches

20 Secret: “hackers” log into your webmail

21 4) How to protect your practice

22 4) How to protect your practice
Two-factor authentication (2FA) Stop spoofing Better antivirus Anti-phishing services

23 4) How to protect your practice
Two-factor authentication (2FA) Stop spoofing Better antivirus Anti-phishing services

24 I. Two-factor authentication (2FA)
Powerful security measure protecting from: Bad passwords Stolen passwords Leaked passwords

25 I. Two-factor authentication (2FA)

26 I. Two-factor authentication (2FA)
How to turn on:

27 4) How to protect your practice
Two-factor authentication (2FA) Stop spoofing Better antivirus Anti-phishing services

28 II. Stop spoofing

29 II. Stop spoofing How to impersonate Saul Goodman Method #1 – Address Spoofing: Saul’s address and his name are spoofed on an incoming so that the sender appears to be:  Saul Goodman Method #2 – Display Name Spoofing: Only Saul’s name is spoofed, but not the address:  Saul Goodman

30  SPF/DKIM/DMARC DNS records
II. Stop spoofing Method #1 – Address Spoofing: Saul’s address and his name are spoofed on an incoming so that the sender appears to be:  Saul Goodman  SPF/DKIM/DMARC DNS records More:

31 Use anti-phishing services
II. Stop spoofing Method #2 – Display Name Spoofing: Only Saul’s name is spoofed, but not the address:  Saul Goodman Add warning banners Use anti-phishing services More:

32 4) How to protect your practice
Two-factor authentication (2FA) Stop spoofing Better antivirus Anti-phishing services

33 Keeps your computer safe from: Ransomware Phishing Keyloggers
III. Better antivirus Keeps your computer safe from: Ransomware Phishing Keyloggers Miscellaneous wizardry 

34 III. Better antivirus Buy the business version any of these: avast!
Avira Bitdefender ESET Kaspersky

35 4) How to protect your practice
Two-factor authentication (2FA) Stop spoofing Better antivirus Anti-phishing services

36 IV. Anti-phishing services (email)
Pre-screens your incoming s Superior to your spam filter Machine learning & AI powered Text semantics Web link protection Deep analysis of file attachments

37 IV. Anti-phishing services (email)
Typically available as separate services for your platform Works with every platform (Office 365, G Suite, GoDaddy, etc.) We suggest you to research what providers are available on the market providing managed anti-phishing services

38 IV. Anti-phishing services (web browsing)
Web browsing protection protects from phishing attempts arriving in: Private s Instant messengers (WeChat, etc.) Text messages

39

40 IV. Anti-phishing services (web browsing)
Blocks access to phishing websites on: Computers and smartphones In the office or on the road Protects your staff at home

41 IV. Anti-phishing service (II.)

42 III. Anti-phishing services (phishing awareness)
4% of people in any given phishing campaign will click on a phishing * Phish your own staff Identify vulnerable people Target them with training materials *

43 5) Where to get help

44 5) Where to get help Report the scam to ACCC ScamWatch, ACORN and ACSC Victims of identity theft: you should contact IDCARE, NFP helping people Have a conversation with your IT Service Provider, or staff. Use these slides as a talking point!

45 💌 nick@ironbastion.com.au 💌 gabor@ironbastion.com.au
6) Questions? 💌 💌 🌏

46 Attribution Cruz/Kavadias/Szathmari – How to Protect Your Legal Practice from Payment Redirection Fraud

Download ppt "Practical tips to defend your business from cyber attacks"

Similar presentations

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
By Ashlee Parton, Kimmy McCoy, & Labdhi Shah

By Ashlee Parton, Kimmy McCoy, & Labdhi Shah
October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.

October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.
Phishing – Read Behind The Lines Veljko Pejović

Phishing – Read Behind The Lines Veljko Pejović
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Quiz Review.

Quiz Review.
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Information Security Phishing Update CTC

Information Security Phishing Update CTC
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Cyber Crimes.

Cyber Crimes.
IT security By Tilly Gerlack.

IT security By Tilly Gerlack.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
The way to avoid being trap into cyber crime. What is cyber crime? The Department of Justice categorizes computer crime in three ways: 1. The computer.

The way to avoid being trap into cyber crime. What is cyber crime? The Department of Justice categorizes computer crime in three ways: 1. The computer.
Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.

Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.
Https://www.youtube.com/watch?v=1hpU_Neg1KA. INTRODUCTION & QUESTIONS.

INTRODUCTION & QUESTIONS.

Similar presentations

Ads by Google