Keeping your business safe from cybercrime doesn’t just revolve around installing the latest anti-virus software, a big part of keeping your assets protected comes down to your employees, making sure they’re aware and educated.
Here’s our guide to your security awareness training for your business.
Of all phishing emails sent, 30% are opened, with 12% of those targeted opening attachments and links. Many phishing emails are easy to suss out, but they are becoming more sophisticated and harder to identify. As soon as you open the attachment or follow a link and plug in your login credentials it opens the gates for a cyber-attack, putting your business at risk.
The advice from Nettitude is; don’t open them, or click on any links or attachments. Go straight to your IT security team and get someone to assess whether it is safe or not.
Your social media accounts can give away a lot about yourself and your family. Be wary of what personal data you have on your profile, cyber criminals can use this to guess passwords, find out where you work and more. So be sure to review your privacy settings and keep personal data to a minimum. An attacker is able to put a story that will sound too familiar to get you to click on a link or open an attachment.
Be aware of who is in the building and don’t be afraid to challenge someone who you don’t know. Cyber-attacks can happen when someone gains access to a building. The attacker can install rogue devices such as keyloggers to record everything that is typed on the keyboard. This takes us onto the next point, keeping your computer and phone locked. If you step away from your desk for just a minute, make sure you lock your devices. Many companies have a clear desk policy, this is important to ensure that you don’t leave any confidential documents laying around. If you have got any confidential documents either shred them before the end of each day, or store them safely in a locked cupboard or drawer.
Keep them safe, keep them hidden. Password managers remain a good solution to handle different passwords. It is not advisable to send any sensitive information like a password via email without adequate protection. When possible use a password manager to share your password within the business. It is not a recommended practice to share your password over the phone. People who listen in will know your password.
Using a password manager will solve at least three common problems: trying to remember passwords, trying to create long and complex passwords, and having to manage too many platforms that require passwords.
When creating a password by hand, the longer it is the better. We recommend using at least 11 characters without using a common phrase or a simple alteration of a common phrase.
Only website links that come from reputable and known sources should be visited. There are no apparent differences between a website that serve malicious content and one that does not. In some cases, it only takes one click for a computer to be compromised and be controlled by the attacker.
It is advisable to be suspicious of any website that asks for personal information.
Do not reset your password using links sent to your email. Please ask your IT team the best way to reset your passwords. Do not visit websites that could put your computer or business assets at risk.
Whilst it is true that malicious or fake websites look similar, there are few things that can give away malicious websites. If a website is requesting any information and does not have HTTPS enabled, stop! If the website is displaying a non-valid SSL stop! If you think the link looks suspicious, stop!
Do not ignore security warnings
Security warnings are there for a reason. In many cases, security warnings will prevent the attackers being successful in their attacks. Web browsers generally give security warnings; Microsoft office documents generally give security warnings that we tend to ignore. Reading messages display on the screen before saying YES or NO can prevent an attacker to be successful.
In any doubt, use your phone
At any point of time, if you suspect something is wrong with your email or your computer, please use your phone! In such cases, disconnect from the Internet and stop using your computer.
What you can do
Share this blog with your employees and colleagues, educate them on the best practices that will help reduce the likelihood of your business becoming affected by cyber-attacks. Nettitude workshops are a great opportunity to find out more about what you can do to keep your business safe.