Cyber Security | Enterprise | Small Business |

The growing threat of ransomware

By Allie Coyne October 14, 2020

Ransomware operators are becoming more emboldened to target big-name brands in the hopes of extracting a big bounty, and they’re upping the stakes to make a payout more likely.

The list of prominent brands that have been targeted in recent months is long: Luxottica, Carnival, Equinix, Toll, Canon, LG Electronics, and Xerox are just a few. In the majority of these cases, the victim’s files were not only encrypted but also stolen, and then sometimes leaked publicly if the ransom wasn’t paid.

Traditionally a ransomware attack meant a system was left encrypted and inaccessible until a ransom was paid; now there are around 20 different ransomware gangs that also steal and leak files when the victim refuses to meet the hackers’ demands.

It makes the decision of whether or not to pay the ransom quite a bit more difficult.

The recent ransomware attack on technology company Garmin was labelled a “warning” to other big organisations by Wired. Garmin reportedly handed over the US$10 million the hackers demanded to unlock its systems.

Earlier this year Travelex was reported to have paid US$2.3 million to hackers to bring its systems back online. Cloud service provider Blackbaud also revealed it had succumbed to demands from hackers who unleashed ransomware on its network.

And in August travel management firm CWT reportedly paid US$4.5 million to restore 2TB of stolen data and 30,000 computers (side note, if you’ve ever wondered how ransomware negotiations actually go down, check out this Reuters reporter’s Twitter thread).

The problem is – there’s no guarantee your data will be returned or your systems restored. Paying the ransom also encourages this lucrative criminal industry and spurs other hackers to get in on the game, resulting in larger numbers of victims.

It also identifies you as someone willing to pay the ransom, increasing the risk you’ll be targeted again.

Expert advice has long been not to give in to the demands. However, as the FBI noted in updated ransomware guidance last year, the problem has become more nuanced for many organisations.

While it still doesn’t advocate paying up, the FBI says it understands that crippled businesses will need to evaluate all options “to protect their shareholders, employees and customers”.

(For an insight into how a business recovers without paying a ransom, read about how Norsk Hydro got back on its feet after a painful 2019 brush with ransomware).

Tips to avoid a ransomware attack

Ransomware attacks are often perpetrated through vulnerabilities in web-facing systems, email phishing campaigns, and by breaking into remote access systems.

The best way to protect your organisation is to ensure it is strong at the basics:

  • Applying software and security updates as soon as possible,
  • Using multi-factor authentication wherever possible, but especially on critical systems,
  • Ensuring you have current off-site back-ups and a business continuity plan, and
  • An educated workforce able to spot things like phishing and social engineering attacks.

A reputable endpoint security solution will also help to identify and block any malware attempting to infect your systems via the devices on your network. Having these important foundations in place lowers your chance of ever having to face the question of whether or not to pay the ransom.

Teenagers looking at mobile phone in school corridor
Consumer | Cyber Security | Smartphone Safety Hub | Telstra Foundation |

Safer Internet Day: tips for how to keep your kids safe online

By Jackie Coates February 11, 2020

Today marks Safer Internet Day, a worldwide event that raises awareness about online safety and encourages everyone to help create a better internet. This year the theme is ‘Together for a better internet,’ with the aim to encourage all Australians to start the conversation about online safety issues and inspire positive change.

We’re proud to play our part in the cyber safety space, particularly when it comes to digital parenting. Recent research we conducted indicated that more than six out of ten parents are concerned about online bullying or their kids being exposed to inappropriate content and more than half are worried about stranger danger on the internet. So, as today marks Safer Internet Day, we thought we would offer some tips for keeping your kids smart and safe online.

https://youtu.be/M03BJFjBM3w

Do some eLearning

Before giving your kids a phone, it’s important to do some research and familiarise yourself with your child’s favourite sites or apps and take the time to understand how they work. This not only means you can more confidently chat to them about their online activities, but it also gives you some insight into how they might be interacting with other people.

The Office of the eSafety Commissioner is dedicated to keeping kids safe online and identify the key issues as cyberbullying, online pornography, time spent online, gaming and unwanted contact.

Each of these issues carry their own risks and dangers, and it’s important to familiarise yourself with the advice from the eSafety Commissioner. There’s never a one-size-fits-all safety net for your kids when they use the internet.

Be present

It almost goes without saying that the most effective way to make sure your kids aren’t interacting with content on the internet that could cause harm is to stay involved. There’s no need to be overbearing, but encourage kids to use their devices in communal areas of the home. That way, if they do come across something they weren’t looking for, they can let an adult know straight away.

Stay involved

Learning to browse the internet safely is like learning to walk or drive: it’s a process that needs careful supervision. Kids will learn best from your own understanding of online risks – scams, inappropriate content or predatory behaviour.

It is also important to set healthy boundaries with your kids. Using a guide like My First Mobile Agreement can be a great way to guide the discussion and get on the same page, while creating a safe space for them to learn. In this way you can help them make the most of their digital future.

Of course, with mobiles and tablets (and the reality of everyday life), you can’t always be there with your kids when they are online. There are a range of parental control tools to help families become more mindful about screen-time habits.

One of these is Telstra Mobile Protect – a free service with controls including time restrictions, which stop kids using their phones when they should be sleeping. Plus, with Telstra Broadband Protect, you’re able to set device usage levels across our home network, which make sure the whole family powers down even if they don’t have the willpower to do it themselves.

Apple – On Device Settings

Apple’s on device parental controls have a variety of options for parents. When it comes to managing screen time for example, you can remotely set “downtime” to lock your kids out of their phone for specific time periods – a good way to keep your family dinner phone-free (works for mum and dad as well!). You can also set time restrictions on specific apps as well in case you are happy with your kids spending time with educational ones but just want to limit games.

Apple’s latest parental controls also allow you to set up content restrictions for books, TV shows, movies and apps or choose whether your child may install new apps, delete apps or make in-app purchases. And all of these settings are flexible so as you kids get more and more responsible you can hand over more and more control – as appropriate.

You can find Apple’s own instructions for how to set this up on iPhone, iPad or iPod touch here.

Android + Family Link

You can find parental controls in most other phones as well but for Android-powered phones (including Samsung, Google Pixel, Huawei etc) Google has also produced a free app called Family Link.

The app is about setting “digital ground rules” to help your kids understand their boundaries while getting to know life online.

It gives parents full transparency over the sites being browsed and the apps being used. Like Apple’s tools, it also tells parents how long apps are being used for and allows for limits to be set. Moreover, parents have to approve new apps being installed on the device to ensure they’re not being hoodwinked.

Family Link isn’t just about restricting kids. It’s about educating them as well. Family Link can recommend apps that their teachers have given the thumbs up to, and they can be added directly to their device with a single click.

Breaks can also be mandated with the device locking features that force kids to take a break to run around outside, do homework or sleep. And when your kids are out of the house, Family Link also has a feature that allows you to keep a watchful eye on them with location tracking on the go.

Check out the features of Family Link and how to get it for yourself.

Third-party apps

Outside of Apple and Google there are other trusted names in security like Norton that have whole platforms dedicated to the task of keeping your kids safe online.

Norton’s Family Premier software not only sets time limits, but it also provides insights into how they’re using the internet they’ve been given. The software keeps you informed of the sites your kids are trying to access, keeping them away from harmful or inappropriate sites, and provides insights into search terms they’re using to keep track of potentially unsafe behaviour.

Family Premier from Norton also allows you to look at all of their behaviours in a detailed report sent to your inbox, so you can conveniently monitor the behaviour at a glance.

Getting your kid their first phone can be daunting, but being informed is the best way to stay on top of emerging threats that could be harmful. Sticking with them to learn and share information while they browse is key, along with a variety of tools at your disposal. You can also refer to our Smartphone Safety Hub for the latest tips and advice around kids and smartphone usage.

Entertainment | Tech and Innovation |

How to set up parental controls for safer Xbox gaming

By Luke Hopewell December 17, 2019

We’ve recently partnered exclusively with Microsoft to offer Xbox All Access to our customers, and we’re thrilled to be able to have gaming available as an add-on to our plans for the first time. Here we round up some tips on how you can ensure your family has a safe and fun gaming experience with Xbox with Parental Controls.

We spoke to Microsoft’s Corporate Vice President of Xbox Operations, Dave McCarthy, to find out how you can create a dialogue with your kids about their online habits, and how you can ensure safe guardrails are in place on your household Xbox.

Gaming for all

Microsoft’s Head of Xbox, Phil Spencer, recently penned his thoughts on what gaming should be as more and more families take up controllers everywhere. He recognised that gaming as a subculture shouldn’t belong to one particularly vocal group. Instead, communities like Xbox should strive to create a safe space where all players can come together harmoniously.

As part of this “gaming for all” mission, Spencer outlined that Xbox would work to be “vigilant, proactive and swift” in combating abuse on their platform. Furthermore, he committed Xbox and Microsoft to work across the gaming industry on safety measures such as robust parental controls and AI-backed applications.

We’re a huge advocate of this mission. Together, our values align perfectly with Microsoft’s around gaming, especially when it comes to keeping families safe online to create spaces where everyone can thrive.

Here are a few tips and tricks you can use to set up your new Xbox to be a safe and inclusive space with flexible and friendly parental controls.

Activate Smart Content Filtering (now with smart AI)

Learn how to enable new Message Safety Settings on your Xbox One All Access console

Dave McCarthy told us he understands that “competitive banter” is the by-product of online gaming, and filtering out potentially offensive messages is one step that the product team could take immediately to keep kids safer online.

“We’ve been moderating on Xbox Live now for almost 20 years. The way it has worked up until now is that you could retroactively go and report a user to our moderation team that works 24/7 around the globe to investigate,” McCarthy explains.

“What we’ve realised now is that in order to really be effective at size and scale, we need to augment our human intelligence and our moderators with artificial intelligence and machine learning models that run in the background.”

Microsoft has taken clever AI techniques and implemented them to work alongside human moderators, helping to create safe spaces online for all, starting with automated filtering of potentially offensive messages and Gamertag pictures.

Smart Content Filtering enforces these guidelines by helping to automatically filter out potentially offensive messages before their damage can be done. The AI-powered, human moderator-backed feature can be customised based on four levels of filtration: Friendly, Medium, Mature and Unfiltered. These filtration levels work across all aspects of the Xbox ecosystem, starting with private messages and expanding over time to tools that help players find other likeminded gamers. That includes LFG, Clubs and the Xbox Activity Feed.

On your console, you can configure your message safety by going to Settings > General > Online safety & family > Message safety. Whenever you receive a message that’s beyond your safety setting, it’ll be replaced with a [Potentially offensive message hidden] placeholder. You can click on that placeholder to learn more about the settings, and there’s a handy shortcut to change those settings. Adult accounts will have the ability to choose whether to see what content has been filtered based on the filter they choose.

McCarthy referenced Microsoft’s extremely rigorous Community Standards document that acts as the North Star for all things moderation on Xbox Live, saying that “they were really an effort to make sure people understood in plain words what our value system is”.

“It gives players specific examples of what good looks like and what crossing the line is overall,” he added.

Dave McCarthy’s team is now working hard to expand the AI moderation and auto-filtration features across other aspects of the ecosystem.

“Ultimately…we want to try and make sure that we’re getting into all areas of content and communication types on Xbox Live. We’re starting with text because it is one of the biggest communication formats on Xbox Live and there’s a lot that we can learn from that,” says McCarthy.

McCarthy adds that the human Moderation Team is also constantly working to ensure that it sticks with the times. “We’re constantly updating, and our model is trainable as well. Say all of a sudden we wanted to ban the word ‘Luke’ from friendly conversations because it’s now sensitive and offensive. We could put that in our tool and within 10 seconds around the world, ‘Luke’ would be a word filtered out of our Friendly message settings in 21 languages around the world,” McCarthy explains.

Enable Smart Parental Controls

App and game limits to cap how much time your children can use specific apps or games.

Smart filtration automates the process of removing potentially harmful messages from being sent to your kids before they have a chance to see them. For everything else, there’s parental controls that can allow you to manage healthy habits in the home as a parent.

Making sure kids spend the right amount of time on the Xbox is also important, and with the most recent update, Microsoft allows you to filter play time on a per game or app basis. That means you can give your child 1 hour on Minecraft, for example, while allowing 2 hours of Netflix streaming on their Kids profile.

All this data is also recorded into a dashboard you can view, digest and edit from anywhere in the world via an iOS or Android smartphone or Windows computer.

And the Family Group settings for the Xbox One include the essentials, like controlling access to content based on its rating; web filtering and whitelisting, as well as cross-platform privacy and matchmaking safety.

By creating a Family Group with your Microsoft account, you can add your children’s Xbox Accounts and set effective boundaries for their use of your new Xbox One.

Family settings on Xbox empowers parents and guardians to enable or block their child’s access to play or communicate with players on other networks.

Creating a Family Group allows you to first and foremost control the games and apps that your children are purchasing for use on the console. Instead of allowing them free reign to purchase potentially inappropriate material, this control sends you an email when your kids want to buy a game or an app so you can have a discussion on whether it’s appropriate.

Having the talk

It used to be that you could sit your kids in front of prescribed, child-friendly programming for the hours between when school ended and bedtime. But with the advent of smart devices and kids who are highly technically literate, parents can no longer be laissez-faire about their digital habits.

With almost every device in the home now connected to the Internet, along with the breadth and depth of potentially inappropriate content now accessible, parental controls are essential to helping you to make sure that kids are being kept safe online.

With a Microsoft Family Account, you can receive a report each week of how your child used the Xbox One, providing you with transparency on how it was used. This report can be sent to just the parent/s or the parent/s and the child/ren.

Dave McCarthy believes that – while parental control systems are vital for protecting kids online – being able to have a conversation with your kids about their habits is essential.

“[These features are] a conversation starter for our family. It’s not about saying to your kids, ‘Hey, did you follow the hard and fast rules or not?’ It’s: ‘Hey, we talked about not going onto YouTube and you still tried to do it. Can I assume you have a good reason? What was it?’. And then you get into the conversation on why they needed YouTube for that school project. Awesome! Cool. Let’s go change that setting specifically and go there together.

“It’s about having these conversations with your kids. I think, honestly, we need involvement on both sides. We need parents to lean in and understand what the digital activities of their kids look like, and we need kids to be able to be comfortable with all of these different tools and to have a conversation with you as a parent about how you’re using it,” McCarthy says.

Xbox gaming and 5G low latency

Before setting up a console with parental control features, it’s important to sit down with your kids and talk about what they want to use the device for, why and for how long. That way you can come to a compromise with your kids about how long they should spend gaming and watching other content.

It’s also a good opportunity to educate children about engaging with the potentially harmful discourse they may encounter online and arming the whole family with tools to identify and filter it.

“You know what’s best for your family; no technology can ever replace that. The right tools can help make parenting easier and family settings on Xbox does this by putting parents in control of what your children can access across the platform,” McCarthy adds.

We’re excited to bring gaming to our customers via Xbox All Access, and we’re confident that with the right tools available on the console via Microsoft that all parents and kids can game together safely.

To learn more about enabling safety features on your new Xbox All Access device, learn about the core safety features here.

Devices | Smartphone Safety Hub | Technology For Kids | Telstra Foundation |

Smartphones on Santa’s hit list this Christmas

By Jackie Coates December 13, 2019

It’s that time of the year again where kids make their wish lists and stay on their best behaviour, and it comes as no surprise that smartphones top the list for many.

In fact, our latest research shows that almost one quarter (23%) of parents are planning to gift their child a smartphone this Christmas, with the majority of surveyed parents believing 12 to be the appropriate age to purchase their child’s first phone.

As a mother of two myself, I understand how difficult the decision is when weighing up whether to give a child their first phone. The truth is there is no ‘right’ age for a smartphone – it really comes down to whether a child is able to demonstrate trust and responsibility by following agreed rules and handling the phone sensibly.

We sat down with three parent and child duos to discuss some of the reasons for and against bringing a phone into their life, in our new ‘Tween Talk’ series:

Olivia and Adriana

Jen and Jess

Beaudy and Andi

Before handing over a child’s first phone, it’s important to use the opportunity wisely to have the discussion with your child and lay out expectations on how your family uses mobiles and technology. Using a guide like My First Mobile Agreement can be a great way to guide the discussion and get on the same page.

Here are our top smartphone safety tips for parents:

  1. Set the bar: One of the simplest ways to make sure children have a healthy relationship with their digital devices is to involve them in setting boundaries around acceptable screen time, and deciding together.
  2. Thrive or skive: Not all screen time is created equal. Allocate screen time with your kids, where an activity is more valuable for their development, the more time they can spend doing it.
  3. Be a good role model: Lead by example, if you want the dinner table to be a device-free zone. That means the same rules apply to you too. Children are happier to follow rules if they feel like everyone is playing by them.
  4. Clock off: You can’t be looking over your children’s shoulders at all hours of the day. There are a range of parental control tools to help families become more mindful about screen-time habits. One of these is Telstra Mobile Protect – a free service with controls including time restrictions.
  5. Do some eLearning: It’s important for parents to do some research and familiarise themselves with their child’s favourite sites or apps and take the time to understand how they work.
  6. Lock it down: It’s worth teaching kids from a young age not to share passwords with others or across different sites and accounts, and get them in the habit of using passphrases so they’re hard to guess but easy to remember.
  7. Stay involved: There’s no need to be overbearing, but encourage kids to use their devices in communal areas of the home. That way if they do come across something they weren’t looking for, they can let an adult know straight away.
Hackathon with the Australian Federal Police
Cyber Security | Enterprise |

We’re hosting a Hackathon with the Australian Federal Police

By Berin Lautenbach October 11, 2019

We want touse our world class skills tohelp find missing people in Australia.

Police here receive reports of more than 38,000 missing persons every year. While most are found within a short period of time, approximately 2,600 remain long-term missing persons.

We’ve joined forces with the Australian Federal Police and AustCyber Canberra Innovation Node to see if our cyber security team can help, using their world-class skills.

As part of Cyber Week 2019, the Telstra office foyer in Canberra has been taken over for an Australian-first hackathon. 354 ethical hackers, including members of our very own Open Source Intelligence (OSINT) team, will be using their cyber skills to find information on 12 national missing people, identified by AFP’s National Missing Persons Coordination Centre.

Searching and analysing publicly available information, the ultimate goal is to solve a missing persons case.

We are hosting the main site, but official hacking locations have also been set up in Sydney, Brisbane, Gold Coast, Sunshine Coast, Darwin, Adelaide, Melbourne and Perth.

It’s the first-time simultaneous events like this have been run across an entire country. We want to use the incredible skills of our OSINT experts and apply it to a real-life challenge that can deliver very tangible results for families. Hopefully, we’ll see some actionable leads found, which will be handed to the AFP and National Missing Persons Coordination Centre to follow up.

It really is a great opportunity for Telstra to demonstrate our world-class security talent and strengthen our partnership with the AFP, AustCyber and the cyber security community in Australia.

Cyber security capabilities are a core part of our vision for Telstra’s future, and our people are excited to take part because they could help change someone’s life.

We are proud to use our technical capabilities and cyber security expertise to help make an innovative event like this possible.