The most common threats include phishing attacks, ransomware, malware, insider threats, and Distributed Denial of Service (DDoS) attacks. Each can significantly impact a business's operations and reputation.

Cyber Security should be an ongoing process. We recommend continuous monitoring, monthly software updates and patch management, quarterly security assessments, and annual comprehensive security audits and penetration tests.

We offer a comprehensive range of Cyber Security services including Network Security Assessment, Penetration Testing, Intrusion Detection and Prevention, Firewall Management and Configuration, Server Security Hardening, and Security Incident Response and Forensics.

The duration varies depending on the size and complexity of your network. For small to medium-sized businesses, it typically takes 1-2 weeks. For larger enterprises, it may take 3-4 weeks or more.

Phishing is a type of cyber attack where criminals attempt to trick you into revealing sensitive information or clicking on malicious links by posing as a trustworthy entity. Here are some key signs to look out for:

• Unexpected or unsolicited emails, especially those creating a sense of urgency
• Emails asking for personal information, passwords, or financial details
• Suspicious or misspelled email addresses, especially in the domain name
• Generic greetings like "Dear Sir/Madam" instead of your name
• Poor grammar, spelling errors, or unusual formatting
• Suspicious attachments or links (hover over links to see the actual URL)
• Threats or unusual promises (e.g., threats of account closure or promises of money)

If you suspect an email might be a phishing attempt:

1. Do not click on any links or download any attachments
2. Do not reply to the email or provide any personal information
3. If it appears to be from a company you know, contact them directly using a known, trusted method (not the contact details in the suspicious email)
4. Report the email to your IT department or email provider
5. Delete the email from your inbox
6. If you've accidentally clicked a link or provided information, change your passwords immediately and monitor your accounts for suspicious activity

Remember, legitimate organizations will never ask for sensitive information via email. When in doubt, err on the side of caution.

SPF, DKIM, and DMARC are email authentication protocols that help protect against email spoofing and phishing attacks. Here's a simple breakdown:

SPF (Sender Policy Framework)

SPF specifies which mail servers are allowed to send emails on behalf of your domain. It's like a guest list for your domain's email.

Why it's needed: SPF helps prevent spammers from sending emails using your domain name.

DKIM (DomainKeys Identified Mail)

DKIM adds a digital signature to your emails. It's like a wax seal on a letter, proving the email hasn't been tampered with during transit.

Why it's needed: DKIM ensures email integrity and helps prove that the email actually came from your domain.

DMARC (Domain-based Message Authentication, Reporting & Conformance)

DMARC builds on SPF and DKIM. It tells receiving mail servers what to do if an email fails SPF or DKIM checks. It also provides reporting on email authentication results.

Why it's needed: DMARC provides clear instructions on how to handle suspicious emails, improving protection against phishing and spoofing.

Implementing these protocols significantly enhances your email security, protects your brand reputation, and improves email deliverability.

An Intrusion Detection System (IDS) monitors network traffic for suspicious activity and issues alerts when such activity is discovered. An Intrusion Prevention System (IPS) also monitors network traffic but can automatically take actions to prevent or block detected threats.

We use a multi-layered approach for both Windows and Linux servers. This includes regular patching, implementing strong access controls, configuring firewalls, using antivirus and anti-malware software, enabling logging and monitoring, and following industry-standard hardening guidelines specific to each operating system.

If your business relies on digital systems, stores sensitive data, or operates online in any capacity, you need Cyber Security services. In today's digital landscape, it's not a question of if you'll face a cyber threat, but when. Proactive Cyber Security measures are essential for all businesses, regardless of size or industry.

Our team includes professionals with industry-leading certifications such as Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), Cisco Certified Network Associate (CCNA), and Offensive Security Certified Professional (OSCP). We continuously invest in our team's education to stay ahead of evolving cyber threats.

The Australian Signals Directorate (ASD) Essential 8 is a prioritized list of mitigation strategies to assist organizations in protecting their systems against a range of cyber threats. The Essential 8 consists of:

1. Application control
2. Patch applications
3. Configure Microsoft Office macro settings
4. User application hardening
5. Restrict administrative privileges
6. Patch operating systems
7. Multi-factor authentication
8. Regular backups

Net Raptor can help businesses become compliant with the Essential 8 through:

• Conducting comprehensive assessments of your current security posture
• Implementing and configuring necessary security controls
• Providing ongoing monitoring and management of these controls
• Offering staff training on security best practices
• Assisting with policy development and documentation
• Performing regular audits to ensure continued compliance

Our team of experts can guide you through the implementation process, ensuring that your systems are protected according to these best practices.

The NSW Digital Information Security Policy is a framework that sets out the requirements for NSW Government agencies to manage their digital information securely. Key aspects of this policy include:

• Information security governance
• Information asset management
• Risk management
• Information security awareness and training
• Incident management
• Business continuity management
• Compliance with relevant standards (including ISO 27001)

Net Raptor can assist organizations in complying with this policy by:

• Conducting gap analysis against the policy requirements
• Developing and implementing information security management systems
• Providing risk assessment and management services
• Offering customized security awareness training programs
• Implementing robust incident response and business continuity plans
• Assisting with the attainment of relevant certifications (e.g., ISO 27001)
• Providing ongoing support and monitoring to ensure continued compliance

Our expertise in both Cyber Security and compliance frameworks positions us to help organizations navigate the complexities of the NSW Digital Information Security Policy effectively.

Password length is a crucial factor in password strength. Generally, longer passwords are stronger than shorter ones, even if the shorter password uses a mix of character types. Here's why:

• Each character added to a password exponentially increases the number of possible combinations.
• Longer passwords are more resistant to brute-force attacks and take significantly longer to crack.
• A long passphrase (e.g., "correct horse battery staple") can be both secure and easy to remember.

While complexity (using a mix of uppercase, lowercase, numbers, and symbols) is still important, length is the most critical factor in password strength.

Current Cyber Security guidelines have shifted away from mandatory regular password changes. The latest recommendations include:

• Change passwords only when there's a reason to believe they may have been compromised.
• Focus on creating strong, unique passwords for each account instead of changing them frequently.
• Use multi-factor authentication (MFA) wherever possible to add an extra layer of security.

This approach is based on research showing that frequent password changes often lead to weaker passwords and password reuse across multiple accounts.

Password managers are secure applications that store and manage your passwords. Here's why they're beneficial:

• They allow you to use strong, unique passwords for each account without having to remember them all.
• Many can generate complex passwords for you.
• They encrypt your password database, protecting it from unauthorized access.
• Some offer features like secure password sharing and breach monitoring.

Using a password manager significantly improves your overall online security by eliminating the need for password reuse and making it easy to use strong passwords everywhere.

There are several reputable free password managers available. Here are a few options:

• Bitwarden: Open-source, with free cross-platform syncing.
• KeePass: Open-source and completely free, but requires manual syncing.

While these password managers offer free tiers, they may also have paid versions with additional features. We recommend researching each option to find the one that best suits your needs.

Note: When choosing a password manager, consider factors like ease of use, device compatibility, and security features. It's crucial to use a strong, unique master password for your password manager account.

Here are some authoritative sources for further reading on the topics we've covered:

• Australian Signals Directorate Essential 8: ACSC Essential Eight
• NSW Digital Information Security Policy: NSW Cyber Security Policy
• Email Security (SPF, DKIM, DMARC):
  • SPF RFC 7208
  • DKIM RFC 6376
  • DMARC RFC 7489
• Password Security:
  • NIST Password Guidelines
  • UK NCSC Password Guidance
• Cyber Security Best Practices:
  • CISA Cyber Security Tips
  • ENISA Cyber Security Practices
• Phishing and Email Security:
  • ACSC - Phishing Threats
  • CISA - Report Phishing
  • UK NCSC - Phishing Attacks: Defending Your Organisation

These resources provide in-depth information and are regularly updated to reflect the latest in Cyber Security standards and best practices.