Blog

Understanding the Australian economy through the lens of underwear and lipstick sales

Published on December 11th, 2023 12:04PM by Christopher McNaughton

In an intriguing development, recent trends in Australia’s retail sector—namely, a decline in men’s underwear sales and an uptick in lipstick sales—are offering nuanced insights into the state of the national economy. These unconventional economic indicators, while seemingly trivial at first glance, are proving to be revealing barometers of broader economic trends and consumer sentiment. […]

New fraud costing Australian business millions annually

Published on March 17th, 2021 09:52AM by Christopher McNaughton

If you work in the Finance Department of your company your email account might already have been hacked in a new scam costing Australian business millions every year A new type of fraud, often originating offshore, involving the takeover of Finance Department staff’s email accounts, is impacting large and small businesses all over Australia. […]

INFORMATION THEFT – THE EMPLOYEE RISK

Published on August 3rd, 2020 11:40AM by Christopher McNaughton

Information Theft – What is the Risk? Our research has shown that around 68% of employees will steal information from their employer. This figure jumps to 87% for exiting employees. Running any business mean providing our employees access to sensitive information, but we need to be mindful that access to information comes with a […]

Don’t Become a Victim of Cyber Crime

Published on July 16th, 2020 11:34AM by Christopher McNaughton

The Impacts of a Cyber Attack In your personal life and as an employee, there are many aspects to consider when it comes to the use of devices (e.g. smartphones, tablets, computers and laptops). E.g. compromises of devices and the information they store can have significant productivity, financial impacts to your business as well […]

YOUR COMPANY HAS BEEN BREACHED!

Published on May 27th, 2020 02:31PM by Christopher McNaughton

The Data Governance Watershed “You’ve been breached!” These are words none of us want to hear, but the situation is almost inevitable. When the breach does occur, will your data governance structure help to protect you? Many organisations are at a data governance watershed, somewhere between having systems and processes in place and actually being […]

#case study
#cyber attack
#cyberattack
#Information Security
#Office 365

CASE STUDY – OFFICE 365 BREACH

Published on April 14th, 2020 12:22PM by Christopher McNaughton

CASE STUDY (5 Min read) The following case study details a case where SECMON1 was engaged to conduct a security review of an organisation’s O365 environment. The organisation had received some information from clients which caused them to suspect they had been breached. It was clear from the outset that a breach had occurred. A […]

#Information Security
#Office 365

Office 365 Under Increased Attack

Published on April 7th, 2020 04:28PM by Christopher McNaughton

The recent increase in employees working remotely, combined with the migration to platforms such as Microsoft Office 365, has seen a dramatic increase in security incidents. The main reasons for these are typically poor implementations and lack of visibility of activity. Microsoft Office 365 is highly targeted due to its wide popularity and the often […]

#covid-19
#PASSWORD
#remoteworker
#VPN
#WIFI
#workingremotely

LARGE INCREASE IN COVID-19 THEMED MALICIOUS CYBER ACTIVITY

Published on April 6th, 2020 01:33PM by Christopher McNaughton

How to protect your self when working remotely There have been many reports of an increase in cyber-attacks on remote workers by up to 400%. We need to do all we can to protect ourselves, our company data and our personal data at the moment. There are some relatively simple things we should do to […]

#application patching
#Information Security
#patching

Application Patching – Information Security Essentials

Published on April 1st, 2020 07:21PM by Christopher McNaughton

Application Patching Application patching refers to applying updates to software applications. It is absolutely critical for ensuring system security and must be done as soon as practicable. Time is key with patching: it is ideal to apply patches within 48 hours of release from the relevant software provider or vendor. When installing new applications, always […]

#Information Security
#macro
#macro settings

Configuring Macro Settings – Information Security Essentials

Published on April 1st, 2020 07:20PM by Christopher McNaughton

Configuring Macro Settings Disabling or limiting Microsoft Office macros can aid in preventing malicious code from entering your organisation’s network. Compromised macros can often evade basic email content filtering and application whitelisting. While macros can greatly improve productivity, they can also make your systems vulnerable, especially if they are out-of-date or downloaded from the Internet. […]

#Application Whitelisting
#Information Security

Application Whitelisting – Information Security Essentials

Published on April 1st, 2020 07:20PM by Christopher McNaughton

Application Whitelisting Application Whitelisting is a means to limit the number of programs running in your business environment that can potentially pose a danger to the security of your data. It restricts users from installing and accessing applications on their computer or electronic device other than those explicitly allowed by your company. In the SECMON1 […]

#Information Security
#mfa
#multi factor authentication

Multi Factor Authentication – Information Security Essentials

Published on April 1st, 2020 07:20PM by Christopher McNaughton

Multi Factor Authentication Multi-Factor Authentication requires end users to provide multiple methods of identification to confirm their identity in order to gain access to corporate resources and applications, as well as perform online transactions. By requiring an additional factor beyond a simple password, multi-factor authentication technology makes it far more difficult to exploit the login […]

#application hardening
#Information Security
#user application hardening

User Application Hardening – Information Security Essentials

Published on April 1st, 2020 07:20PM by Christopher McNaughton

User Application Hardening While useful for many business operations, applications like Flash, Java, Adobe Acrobat and certain features in Microsoft Office (e.g. OLE), can allow malware or intruders to enter your network. Disabling these applications and blocking online ads can remove any opportunity for adversaries to exploit these potentially disruptive tools. If your organisation uses […]

#admin priveleges
#Information Security
#local admin
#local administrator

Restricting Administrator Privileges – Information Security Essentials

Published on April 1st, 2020 07:19PM by Christopher McNaughton

Restricting Administrator Privileges Restricting administrative privileges makes it difficult for to spread malware and malicious code inside your network. In terms of access to your valuable business data, administrative accounts are the keys to the kingdom. If malicious code is activated using an administrative account, it can elevate its privileges, spread to other hosts, avoid […]

#Information Security
#operating system
#os patching
#patching

Operating System Patching – Information Security Essentials

Published on April 1st, 2020 07:19PM by Christopher McNaughton

Operating System Patching Operating System (OS) patching refers to applying updates to operating systems. It is absolutely critical for ensuring system security. Time is of the essence in patching. It is ideal to apply patches within 48 hours of release. In the SECMON1 blog post ‘Security Overview – Information Security Essentials’ , we spoke about […]

#Information Security
#local admin
#local administrator

Disabling Local Administrator Accounts – Information Security Essentials

Published on April 1st, 2020 07:19PM by Christopher McNaughton

Disabling Local Administrator Accounts The Administrator account (NT AUTHORITYAdministrator) exists by default on all Microsoft Windows (Windows NT-based) systems and Active Directory domains. It is typically used as a setup and disaster recovery account. If you must use the local administrator account, only use it during setup and to join the machine to the domain. […]

#back ups
#backing up
#backup
#Information Security

Backing Up – Information Security Essentials

Published on April 1st, 2020 07:19PM by Christopher McNaughton

Backing Up The concept behind backups is simple: Make a copy of your files and configurations and place them on storage separate from your main hard drive. That storage can be another drive, an external drive, a NAS, a rewritable disc, or an online storage and syncing service. Should you lose the files, either through […]

#Information Security

Security Overview – Information Security Essentials

Published on April 1st, 2020 07:18PM by Christopher McNaughton

SECURITY OVERVIEW This guide is an overview of security measures all organisations can do to best protect themselves from threats to the security of their business and customer information and systems. It contains a list of security mitigations that organisations can use to assist in securing their data to prevent data breaches and […]

#data breach
#Health Check
#Office 365

Office 365 Health Check

Published on March 25th, 2020 09:20AM by Christopher McNaughton

We frequently encounter implementations of Office 365 where basic information security has been overlooked.

#data breach
#Office 365

Preventing Office 365 data breaches

Published on March 24th, 2020 11:11AM by Christopher McNaughton

Whether you run a small, medium or large business it is essential to ensure your Office 365 environment is secure and being appropriately used by your staff.

#data breach
#data governance
#data privacy
#data security
#work from home

COVID-19 & Working from home – Mitigate the security risks

Published on March 19th, 2020 03:13PM by Christopher McNaughton

As COVID-19 infections increase globally there has been a vast increase in the numbers of staff working from home. Many of our clients have asked us to assess the potential security risks which may result. We thought it may be helpful to share some of this advice more widely. There are a number of key […]

#data breach
#data governance

The organisational impact of a poor data culture

Published on March 19th, 2020 10:43AM by Christopher McNaughton

Staying on top of all the data we now generate is becoming more difficult than ever. Knowing the nature of that data, where it is, and who is accessing it, is knowledge that is sadly lacking in many organisations.

#abhorrent
#australian law
#violent

Abhorrent violent material – What you need to know about the Australian Law

Published on March 2nd, 2020 01:01PM by Christopher McNaughton

The streaming of the recent shooting massacre in Christchurch, New Zealand has prompted the Australian Government to push through legislation which creates stringent requirements for organisations hosting and streaming certain data.

#APRA
#CPS234

APRA’s new CPS234 standard brings tighter information security regulation

Published on February 25th, 2020 09:48AM by Christopher McNaughton

On July 1, 2019, the new Prudential Standard CPS 234 Information Security came into effect, bringing in tighter regulation around information security for banks, insurance and superannuation companies. If this is your organisation, make sure you read the below to understand the key new requirements for APRA regulated entities and whether there is anything you need to do to comply. Here’s everything you need to know about the new prudential standard in Australia.

Categories

Understanding the Australian economy through the lens of underwear and lipstick sales

New fraud costing Australian business millions annually

INFORMATION THEFT – THE EMPLOYEE RISK

Don’t Become a Victim of Cyber Crime

YOUR COMPANY HAS BEEN BREACHED!

CASE STUDY – OFFICE 365 BREACH

Office 365 Under Increased Attack

LARGE INCREASE IN COVID-19 THEMED MALICIOUS CYBER ACTIVITY

Application Patching – Information Security Essentials

Configuring Macro Settings – Information Security Essentials

Application Whitelisting – Information Security Essentials

Multi Factor Authentication – Information Security Essentials

User Application Hardening – Information Security Essentials

Restricting Administrator Privileges – Information Security Essentials

Operating System Patching – Information Security Essentials

Disabling Local Administrator Accounts – Information Security Essentials

Backing Up – Information Security Essentials

Security Overview – Information Security Essentials

Office 365 Health Check

Preventing Office 365 data breaches

COVID-19 & Working from home – Mitigate the security risks

The organisational impact of a poor data culture

Abhorrent violent material – What you need to know about the Australian Law

APRA’s new CPS234 standard brings tighter information security regulation