IMAGE ALTERNATE TEXT

How to protect your business

Protecting your business

Tips on how to protect your business

There are a few simple steps you can take to help improve your online safety and protect yourself from scammers and cyber-criminals. Here’s how:

  • Make sure you have up-to-date anti-virus and firewall software on your devices.
  • Protect your PEXA digital certificate - store it securely if you’re not using it in PEXA.
  • Don’t share your PEXA password or digital certificate PIN.
  • If you think something has gone wrong and you or someone in your business has been compromised, contact PEXA and suspend the user’s PEXA access.

Note, this is not a full list of security measures you should take to ensure your cyber-security. If you are in doubt, or you are not sure, you should seek advice from an IT professional.

Full Subscriber obligations on digital security are set out in PEXA’s System Security Policy.

Want more? Scroll below for further detail on how you can protect your business

Identify spam and phishing

How to identify spam and phishing messages

Spam: unsolicited emails or messages - commonly bulk advertising.

How to manage spam

Don’t unsubscribe from spam emails. By unsubscribing spammers learn that your email is correct and will continue spamming you.

Instead, use your email settings to direct them to your junk folder.

Phishing: fraudulent emails or messages attempting to deceive you and steal sensitive information such as passwords or bank details.

Examples of phishing emails

  • Reporting unusual activity in your bank account
  • Claiming your account is suspended
  • Attempting to share files with you
  • Impersonating a friend or work colleague
  • Falsely informing you that you’ve won a competition

These different types of scams all have the same goal: to try to trick you into revealing your sensitive details, or to click a link or download an attachment which contain malicious software to access your private information.

How to spot phishing emails

Although phishing emails are designed to trick you, understanding the key 'giveaways' of a fake message will help you to spot them and to avoid opening malicious attachments or voluntarily giving away sensitive information to cyber-criminals.

Here are some common signs that an email you have received is a phishing message.

Spelling errors

Official communications will generally have no grammar or spelling errors. Such mistakes can be a warning that the email is malicious.

Generic greetings and sign offs

A legitimate personal email would address you by name, whereas a phishing email is bulk delivered to a wide audience and will use default greetings and sign-offs such as “Dear Sir”.

Call to action

A phishing email will sometimes instruct you to act quickly to avoid a problem. This is to try and rush you into clicking their malicious material also known as 'click-bait'.

Suspicious links and fake websites

If you are suspicious about an email and it contains a link that you are being directed to click, hover your mouse over it to preview the URL. If the URL has no resemblance to the website of the alleged sender, this is a strong indication that it is a fake link.

Malicious attachments

If any of the above red flags have been observed in an email, do not open the attachment. This may be what the scammer is using to get your private information.

What to do if you receive a phishing email

  • Don’t respond
  • Don’t click links or download attachments
  • Delete the email and report it to your relevant security administrator

Protect your computer

How to protect your computer from malware

Malware is short for malicious software. It can include:

  • Viruses
  • Worms
  • Trojans
  • Spyware
  • Ransomware
  • (and other malicious programs)

Malware programs can harm your system by:

  • Recording your keyboard strokes to access your passwords or credit card details
  • Viewing your sensitive emails
  • Executing a ransomware attack

Ransomware attacks involve sending a misleading email, such as a bill or fine, to trick you into clicking a link. If this happens, ransomware locks the files on your computer and opens a pop-up window requesting a ransom to be paid, often in Bitcoin or another cryptocurrency. Payment of the ransom may not secure the release of your files.

Protecting yourself from attacks

Take the below precautions to help avoid a malware attack.

Update software

Frequently updating your operating system, browser and applications helps safeguard your privacy.

Run anti-virus software

Installing anti-virus software will help to prevent scammers from accessing your information by warning you of suspicious activity.

Have back-ups of files

It’s good practice to keep a back-up of your data in the event of an attack or unforeseen loss of memory on your system. This can take the form of cloud storage, portable hard drive or USB.

Identifying a possible malware attack

  • Your computer is slower than normal in start-up
  • Your computer crashes frequently
  • There are new, unfamiliar icons on your desktop
  • Your computer is running very slowly
  • You can’t access your files
  • Your files have been edited 
  • Files appear, disappear or undergo significant and unexpected changes in size

What to do if you’ve suffered a malware attack

  • Isolate the affected device: disconnect it from the internet and any other connected devices to prevent the malware spreading
  • Check if your anti-virus is up-to-date and run a scan
  • If you’re unable to remedy the issue, seek advice from an IT professional

Keep your identity safe online

How to keep your identity safe online

The value of your identity

Your identity is of the utmost importance and should be carefully guarded. Whilst physical identity documents, such as your birth certificate, are more difficult for scammers to obtain, your ‘digital identity’ consists of various pieces of information about you such as your name, address, date of birth, driver’s licence number, passport number, bank details and other unique identifiers that can be used to impersonate you over the phone or internet for fraudulent and other criminal purposes.

Ways to protect your identity

Observe the below measures to help protect your personal information.

Review your social media settings

Check the privacy settings of your social media accounts and see who has access to your profile(s). You should avoid sharing personal information such as your whole date of birth (DD/MM/YYYY), email address and phone number. It’s also a good idea to have your settings on “private” and avoid accepting ‘friend requests’ from people you don’t know. 

Protect your devices

Always run anti-virus, malware and spyware protection programs, use strong passwords and update them regularly. Avoid repeating the same password, especially banking passwords.   

Never click suspicious links

If you suspect an email or text message you’ve received is malicious, never click an attached link.

Website address

If a website starts with “https”, you are being protected by a security protocol – always check for this.

Take care of documents with personal information

It’s always best to shred documents that you’re discarding to protect your personal information. Always be mindful of paper and electronic documents that have your details and be careful with where you leave them or who has access to them.

How to get your stolen identity back

  • Report the theft to police
  • Change your passwords on all accounts and shut down accounts you did not set up that have been created by the scammer
  • Contact any business or organisation that may be affected or at risk
  • Contact the Australia Cybercrime Online Reporting Network (ACORN)

Protect your passwords

Simple ways to protect your passwords

Passwords are part of our everyday lives now. We use them to access our bank accounts, social media, email and more. That’s why protecting them is so important.

The tips below will help you continue to keep your passwords safe.

Use a variety of characters

If your password is all letters, though it might be easy for you to type and remember, it’s also easy to guess. Try to incorporate the following factors in your password:

  • Uppercase and lowercase letters
  • Numbers
  • Special characters like $,% and @

Don’t use something obvious

Never use information that is easy to guess or accessible to criminals. Avoid the following:

  • Children’s names
  • Pet’s names
  • Favourite sporting team
  • Date of birth

Other general tips

  • Change your password regularly
  • When changing it, don’t just change one character – make it a significant change
  • Don’t share your passwords: a business will never ask for your password, if this happens to you, it is likely a phishing scam
  • Don’t have the same password for every account – if your privacy is breached and a hacker gets your password, they would then have access to all of your private accounts
  • Don’t let computers ‘remember’ your password for important sites such as online banking

 

Important notice

The information provided in this document is general in nature and is not intended to be a comprehensive guide to cyber security. PEXA Members are responsible for the security of their own systems. You should not rely solely on the information in this document. If you are unsure of your obligations under the Participation Agreement between PEXA and your organisation, or if you are not satisfied that your systems are adequately secure, you should obtain professional advice.

 

< Return to Security

Our friendly staff are on hand to assist you with registering for and learning to use PEXA. Complete the form below and we’ll be in touch with you shortly.