Organizations should practice mitigation strategies to reduce or eliminate threats. In Australia, the Australian Cyber Security Centre (ACSC) provides advice to ensure cybersecurity. This includes:
- MFA
- Regular software updates
- Password policies as well as provides organizations with staff training and awareness programs.
Malicious attacks is one of the main reasons why data breaches occur, which usually involves stealing user credentials. This could be done through:
- phishing - users are tricked to enter their credentials onto a fake website
- brute force - automated guesses
- malware - some malware capture input and subsequently credentials.
- breached services - attacks can steal from exposed/breached services already.
Key strategies
The official ACSC guide can be found here.
1. Staff awareness
Businesses must train staff to spot and avoid all phishing:
- phishing - fake emails/websites that trick users into entering their credentials
- spear phishing - targeted scams that use genuine personal or company information to appear more real
2. Password safety
ACSC recommends:
- Use strong, long and unpredictable passphrases
- Don’t reuse passwords across important accounts
- Change passwords regularly
- Lock accounts after too many failed login attempts
- Reset compromised passwords immediately
- Avoid sharing passwords between secure and less secure services
3. Secure software practices
To protect systems:
- Use multi-factor authentication for important actions and remote access
- Keep software, browsers and plugins up to date
- Enable anti-virus software to catch malware that steals data
- Watch for suspicious account activity
- Be cautious with credential prompts:
- Don’t enter passwords via links from unknown sources
- Navigate to official websites manually to reset passwords
- Remember, friends’ accounts can also be hacked and used to send fake messages