Kapiti Cyber
Kapiti Cyber Security Audit
If you've recently been hacked, defrauded or the victim of an online scam, your bank such as ASB, ANZ, Westpac or BNZ may ask you to get a comprehensive check done on your phone, tablet or computer by an authorised IT professional to prove the threat has been eliminated before re-activating your access.
Our cyber security audit will give you peace of mind and provide a certificate of work you can provide to your banking provider.
Our steps to get you back on your feet after a cyber incident at home
Identify
Discussion and checking alerts or screenshots, information provided from your bank and yourself.
Contain
Disconnecting infected devices, turning on MFA, changing passwords, backup information.
Recover
Full antivirus scan, malware removal, ransomware assistance, restoring files or reformatting a drive.
Review
Review what happened, educate, updates, install reputable software, backups and protect.
Our on site service gives you confidence that your devices are again safe & secure.
We offer a 6 stage process with an experienced cyber security expert.
Recount/Walkthrough: We'll ask questions to better understand what type of attack occurred. Our team are specialists in asking questions to help progress and build a picture of the type of hack or scam that took place.
Type of Attack: Once determined we have a better idea of how your device/s have been affected. For example, Anydesk is often used for social engineering scams vs a malicious program downloaded off the internet that may be tracking key strokes on your computer.
Device Audit: We'll perform an audit on your device including running antivirus checks. Where threats are identified we'll remove them. If we can locate the source of the attack, we'll provide written clarification on what this was and how it occurred for your bank.
Hard Drive Recovery: Where you've been the victim of extreme malware or ransomware, your hard drive may be badly damaged or corrupt and either re-formating or swapping to a new one is the safest option. Our IT team can assist in doing that for you.
Certificate/Review: Once we've eliminated any future threats or malicious software we'll write up and provide a certificate of approval you can issue your bank. Our services are relevant to the day of the work and future prevention and best practices should be enforced to ensure no further attacks take place.
Cyber Security Shakeup: We recommend all clients undergo further cyber security improvements. Our team will point these out to you - this is not a sales pitch - just a way to improve your digital security for future. Remember, your bank is never going to call you to remote on to your computer or phone - if you hear the name Anydesk, hang up and call your bank back on their 0800 number.
How to improve your cyber security?
Turn on multi-factor authentication for banking: Login to your banking and under settings you can turn this on. You'll need your mobile number to confirm a one time code anytime you login to your banking in future. If you don't recognise the code, or someone other than yourself is asking for it, it's a scam!
Turn on multi-factor authentication for all websites: This includes email - the most popular method for stealing someones identity. Go further and turn it on for Facebook, Instagram, Snapchat and TikTok.
Secure your devices with Defender or Antivirus: If you've got an older computer you need Antivirus from a company such as Bitdefender or Trend Micro. Newer Windows computers come with Microsoft Defender which is great for most users but an antivirus program offers another layer of protection.
Keep your devices security updated: If you've got a Windows 7 or 8 machine, now is the time to get an upgrade. It's no longer supported and missing out on critical security updates thwarted by cyber criminals. If you're using Windows 10, 11 or Apple Mac, ensure these are up to date. While updates can appear annoying or take time to install, they are critical to ensuring your safety online.
Avoid using free software or games: Ever heard the expression, no such thing as free? On the computer it couldn't be more true. Free software and games is laced with adware, spyware and sometimes malware which can destroy your data and devices. Use paid versions which are supported by a financial incentive and ensure your kids aren't playing free games - unless they are from a reputable source such as Steam or GOG.com
Avoid installing unofficial drivers: Got a new printer and need the driver, be careful which website you download it from. Are you on the official HP.com website or some sponsored link at the top of Google - if the latter it's often a driver riddled with malware and viruses to hijack your computer.
Backup your data: Ransomware that encrypts your files or a malicious hacker determined to cause misery can be overcome with good, reliable and remote backups. Setup a backup routine or if possible an automated backup to Google Drive, Onedrive or Wasabi Cloud. If sensitive data then another location on your home network with ransomware protection.
Turn on email filtering: Free email offers a basic level of filtering but it's not very sophisticated. An email filtering service by an antivirus company or a paid 3rd party for small businesses is a much better way of managing emails. Dodgy and malicious emails are the most common way people get hacked.
how to protect yourself online
If the phone call sounds off, hang up: If you receive a call from an unknown, blocked or overseas number and they are calling about a virus on your phone or computer, or a missing payment at your bank - now is the time to hang up. Call your bank directly on the 0800 number and clarify what is going on.
Never let an unknown person control your screen: The most common scam is when you're asked to install Anydesk, Teamviewer or Splashtop onto your phone or computer for someone else to control or "do it for you." The hacker will ask for a pin code to take over your screen, before blacking out the screen and having free reign on your personal accounts while appearing to be doing nothing. Never, ever give someone access to your device using these methods - unless trusted, i.e. local IT guy.
Clarify an invoice payment request via phone: If it's your first time paying someone new, or you've been asked to change an account number on an existing payee, before paying into their bank account, pick up the phone and confirm the bank number with them. Hackers could have infiltrated the company you're trying to pay and changed the bank number on their invoices to intercept it.
Never give anyone a one time code from the bank: Unless you've just bought something or are yourself trying to login to banking, never give anyone a 6 digital OTP code. Even when speaking to the bank, exercise caution as to why they would need that. You could be, being tricked into it and they are actually logging into your banking or already inside and trying to transfer a large payment.
Never use the same password for multiple sites: Never use the same password for your email and banking, or other social media websites. Databases are hacked or leaked all the time and your password and email could be bought by criminals. If you're using one password for everything, you will get hacked in those other places too. Turning on multi-factor authentication will stop unfamiliar sign-ins, and the ability to change your password without this.
Avoid clicking on malicious email links: Check the sender by hovering over and check it's legitimate and not a fake or deceptive sender impersonating a friend or business. Likewise hover over the link, is it going to the right place or a badly spelt version of Microsoft.com?
Avoid running software or opening random files: Running or opening files is the easiest way to get ransomware, a keylogger or a virus on your machine. If you've got good antivirus this should be blocked but not always the case. If you are unsure on the authenticity of the file, do not open it. If you're expecting an invoice, but it comes from a different person or location, clarify with a phone call first.
If in doubt, get a second or third opinion: Before responding, clicking, actioning - we recommend getting a 2nd or 3rd opinion. This could be a family member, a friend or someone you trust. There are caveats though, the new business opportunity or get rich investment scheme you are your partner are both keen to buy into, please ask a 3rd person. Is it a legitimate opportunity or is it a scam?
Types of Incidents We Help With
Social engineering
Ransomware
Keyloggers
Phishing
Account takeovers
Wi-Fi intrusions
Data breaches
Denial of Service
Remote Access
Unsure what yours was? Give us a ring for a confidential discussion.
Kapiti Cyber
Defending your digital security and personal data from threats, 24/7. Simple, secure, and stress-free cybersecurity for all.
Get security tips direct to your inbox
© Copyright Kapiti Cyber. All Rights Reserved. We are locally owned and operated.