How do I know what I need to know?
It’s not always easy to know what questions to ask yourself or your service providers. .auCheck is one important tool to help you ask the right questions to your domain registrar, hosting provider or managed service provider. But there is more to consider when reviewing your cybersecurity readiness. For instance, you could use the Cybersecurity Assessment Tool developed by the Australian government Department of Industry, Science, Energy and Resources. It is designed for small and medium businesses, but anyone can use the tool. You can also try Exercise in a Box, a tool offered by the UK National Cyber Security Centre to test your readiness in responding to an incident.
What can I do myself?
If you have some time to spare and are interested to immerse yourself in some technical settings, then there are a couple of handy guides and toolkits available. The Small Business Cybersecurity Guide from the Australian Cyber Security Centre offers you a couple of practical tips. While written for small and medium businesses, it’s a useful guide for anyone. Another one is the do-it-yourself Cybersecurity Toolkit for Small Businesses offered by the Global Cyber Alliance – an international non-for-profit organisation. The toolkit offers a range of verified third-party free and open source tools to help.
How have others improved their online security?
Changing things is never easy and often requires an external trigger. What motivated other organisations to prioritise some of the standards .auCheck is promoting and what did they do? The Guardian newspaper explains quite clearly why it forced a move to HTTPS. Australian government Digital Transformation Agency implemented DNSSEC for gov.au domains to meet the Digital Service Standard. And read here how Australian Parliament House was prompted to introduce DMARC to enhance email security. The Netherlands' government introduced the “comply or explain” scheme to the use of open internet standards.
What are basic steps of protection I can take?
Besides the many technical solutions, cybersafety starts with our own human behaviour. This Motherboard Guide to Not Getting Hacked gives you all the basic steps you should follow regardless of whether you own a business website or email account. In this ASPI videoclip Australia’s leading cybersecurity executives give some basic tips to work (from home) securely. Another (free) feature is this 18.104.22.168 domain name service that Cloudflare is offering in partnership with APNIC. It can be used on your smartphone devices as well as desktop computers and is claimed to be fast and privacy-secure.
Who should I contact to remedy any shortcomings?
We are not in a position to recommend individual companies or organisations. In fact any internet service provider operating in Australia should comply with the internet standards as advised by the Australian Cyber Security Centre and promoted by .auCheck. If you want to know who is your domain name registrar, please consult WHOIS and enter the domain name. If you want to find out who is your hosting provider, please consult Hosting Checker and enter the domain name. If you’re looking for an Australian cybersecurity provider, then have a scroll on AUCyberscape. It offers a database of registered Australian cybersecurity companies.