Job description – Computers: All Users
Internet Security
The threats we are dealing with on the internet these days are quite different to what we have dealt with in the past. It used to be that workplaces would operate their own infrastructure for important services, like email. Often, these companies would not keep up with regular maintenance and security updates, so hackers would target these systems to try and break in and take control. Today, many of the cloud-bases services that businesses use are secured and monitored 24/7 by teams of professionals.
Hackers are now targeting people instead of computers – it’s getting to be easier to trick a person into doing something, rather than hacking a computer to take control. Tricking a person into logging into a fake login page, or paying a bogus invoice, is called phishing.
Things to look for
Login to Office 365
If you are ever asked to log in to Office 365, please make sure that you look out for the BAAG logo on the login screen when it’s asking for your password. If you can’t see a BAAG logo and it’s asking for your password, then it’s likely you’re being tricked.
If you click on a link in an email that someone has sent you, and it asks you to log in to Office 365, do not enter your password if you can’t see a BAAG logo at the top of the login box. Office 365 will give you two screens when you’re logging in. First it asks for your email address. This will be the generic Microsoft Office 365 login page. Note the Microsoft logo at the top of the login box and also that it is not asking for your password at this stage:
After you have entered your email address and clicked on Next, the screen will change to the customised BAAG login page. Note the BAAG logo, the bee and the different background:
Do not enter your password for Office 365 unless you see the BAAG logo.
Multi-Factor Authentication
Multi-factor authentication (MFA) is using more than one factor to identify you when you login to a particular service. A password is one factor. Another factor will be having an SMS sent to your mobile. We are planning to start using SMS authentication soon. You will only need to authenticate each device you use once every 60 days.
Microsoft have conducted a significant amount of research into internet security and cloud services. In their experience, using MFA cuts down over 99% of all phishing attempts. Even if someone were to steal your email address and password and try to log into your email from their computer, they will be prevented from doing so as they won’t have access to the random code in the SMS you will receive.
Keep an eye out for anything unusual
There are no hard and fast rules for this, but rather keeping a good look out for anything that is unusual, and querying it with someone. It something looks off, or even a bit different, seek a second opinion.
Always confirm a change of bank details
If a client or supplier contacts you to tell you that they have changed their bank account details, always verify this with the client via another method that is not email. If their email has been compromised, the scammer will see your query and reply before a legitimate person at the company can act. Call them, text them or get in touch in person and verify the new bank details before making a payment.
Ask for a second opinion
Phishing scams are becoming very sophisticated these days and there is no single piece of advice or technology that will stop 100% of all attacks. If you’re at all unsure about something, please take the time to ask someone else about it. Do not trust everything you see on your computer screen. For example, it’s very easy to forge the From: address in an email. If you have any questions, please ask them. It’s always going to be easier to answer 50 queries about potential suspicious emails than it is to clean up after one phishing scam.
The IT system at Bulleen Art & Garden represents a massive investment of both money and staff time over many years. The following guidelines are to be followed at all times, without exception. The potential for loss or damage to the business is very real if these guidelines are not followed.
There are a few simple rules that can help reduce the potential damage caused by viruses. Don’t open any email attachments that you feel look suspicious, and remember viruses can come from people that you know and may look innocent. If you have any doubts about an email you have received contact a manager immediately. Never, under any circumstances, download or install any software on any computer at Bulleen Art & Garden without discussing it with your manager first. Abuse of this rule will be dealt with severely as it is a practice that can very easily put us at risk.
There is only one place you should be saving your work, in the General Data (Public) directory, in the appropriate sub-directory. Avoid saving to your desktop, there is a good chance you will lose your work. If you need a lesson, ask.
If you are playing Dungeons and Dragons please be sure to wear full Cosplay costumes at all times. Dwarves must be bearded regardless of gender identity.