21 Actions to Help Avoid a Cyber Attack on your Agency
- Ensure each Client and Tenant of your Agency provides photo ID at sign up. Keep this on file to authenticate signatures.
- Install security software on every computer in the office which includes a firewall, anti-virus and antispyware. Ensure that it is updated regularly and automatically. Use spam filters on your emails.
- If you do not have a dedicated IT Manager, assign one person in your Agency to be responsible for information security (such as passwords, backups, anti-virus updates). Ensure this person keeps up to date with cyber security threats and makes everyone in the office aware of any potential issues.
- Implement formal security policies for your Agency. Having companywide security policies in place can help reduce your likelihood of an attack.
- Agencies should invest in an encrypted data backup solution, so any information compromised or lost during a breach can easily be recovered from an alternate location. Consider using a cloud-based email, backup and storage solution for all of your data, including your Trust Account system.
- Use strong passwords and change them regularly. NEVER store them in your browser.
- Wireless networks are convenient and simple to set up, but poor configuration and encryption leave them open to incursion. Don’t use unsecured wi-fi to access your accounts.
- File cabinets should have locks, and there should be no in-trays or other locations where forms and client paperwork are left lying around in the office.
- Ensure there are stringent procedures in place for verifying the authenticity of email requests seeking to change client information. Consider a system in which clients are provided with a secret pass phrase to authenticate their identity in order to have their information amended.
- Keep your software updated at all times or install a solution that does updates automatically.
- Keep your computer’s operating system up to date.
- Ensure that staff members who have left are not able to gain access to any Agency systems or data. Have a strict check-out policy in place. Delete email accounts, logins and ensure that all remaining staff and Agency passwords are changed at this time.
- Ensure software updates and backups are done regularly on mobile devices. Ensure all mobile devices are passcode protected.
- When accessing your bank online, always type the address into the address bar. Never click on an online link or favourite to access the bank’s webpage as these can be manipulated to send you to a counterfeit site. Consider using a security token which changes the internet banking authorisation passcode on a continual basis, and ensure the device protocols are set to the highest possible level for all staff members.
- Reconcile the Trust Account first thing every day. Regular checking of bank account balances and daily reconciling of accounts may uncover unauthorised withdrawals in time for them to be stopped. Ensure that Trust Account Reconciliations are given to the Licensee for checking and signing at least once per week. Ensure your Trust Account auditor is completing audits as required by your Legislation.
- Ensure that two-person authorisation is required to transfer any funds out of the Trust account.
- Be wary of unsolicited emails posing as your bank as some of these may be spam or hoaxes, and be aware that banks will never ask you to supply any of your details via email.
- Ensure that you have the ability to identify and isolate an affected workstation or server.
- Does your Agency have a policy manual for managing work, health and safety in the Agency workplace and manage Human Resources? Agency BOSS has this covered. To find out more, contact us here.
- Check your Insurance Policy and upgrade for cyber attack cover.
Hurry - Melbourne Event Ending Soon! - Click to Learn More -