For example, genuine-looking messages can be laden with hidden traps, like documents or PDFs containing malicious payloads or links to infected websites a technique commonly known as phishing or, when someone like the CEO or CFO is targeted, whaling. Users should be told that if they receive an email from the finance department asking to "double check this invoice", for example, they shouldn't be afraid to ask for more details about the contents before opening it.
Even better, if your company uses an instant message platform, such as Skype for Business , Slack or Yammer, users should be encouraged to contact the sender directly there to double check. Similarly, the entire organisation must be trained to be receptive to this "belt and braces" approach and not become irritated with colleagues who are doing the best thing for the security of the business.
Similarly, if the email comes from a supplier or customer and includes an attachment or link, it's better for the recipient to call them up for clarification or details than to blindly click the link out of a sense of typical British "don't make a fuss" sentiment. Users should also be aware of potential phone scams , particularly if the caller claims to be from "Microsoft Support" or similar, or the bank. The IT department, perhaps in collaboration with HR , should be responsible keeping users up to date with the latest policies and best practices and encouraging individuals to come forward with any questions or concerns.
The widescale shift to remote working as a result of COVID has favoured those organisations with the ability to be flexible with ready-to-go remote working strategies, including stellar cyber security. Ensure you have a contingency plan for disruptions to normal working arrangements.
Adapting staff training is key, too. By now, most people are aware that you should be cautious of an email promising big things from a strange email address , but are your employees trained to spot new threats as they emerge? Do they know that accessing information on their personal devices can be a major security risk, or that they should take steps to secure their home network? Everyone is confident in their own ability to create an infallible system, but there's really only one way to be sure your defences hold up under stress get someone to attack them.
This will test any technical measures you've put in place, like security software, fire breaks and so on, as well as the efficacy of any training that's been put in place. There are businesses and individuals that specialise in penetration testing who can be brought in as independent consultants. Alternatively, many security vendors also offer this service, but it may be more useful to use them before you roll out their software than after.
This kind of activity shouldn't be a one-off, however. The security landscape is ever-evolving, with new threats and methods of attack appearing all the time. This kind of drill should be carried out at least once a year to identify any areas of weakness you need to improve upon.
Hopefully this guide has made you aware of what those risks are and the steps that both you and your community should be taking to avoid becoming a target of cyber attacks.
We also recommend that you read Comparitech's Internet Security guide to help you stay safe online. Guides covering some tips and techniques for providing remote support to learners, an increasingly important service in times of social isolation.
Could your workplace do with developing its digital skills? With funded membership opportunities currently available, now is the perfect time for organisations to join our Digital Champions Network. Copyright Digital Unite. Our clients News and views Guides Get in touch. A guide to internet security. Common targets of hackers are websites, email accounts and large commercial or public databases.
Phishing scams : One of the most common and easy to fall for form of online scam, this is where an individual usually a hacker masquerading as an established company such as a bank or well-known retailer, emails individuals asking them to hand over private data such as their email login or bank details.
Viruses : computer viruses are one of the longest and well-known of computer pests. How to stay safe: top internet security tips Always use antivirus software : This is an absolute essential if you want to avoid having your devices compromised.
There are actually quite a few cheaper or even free antivirus programs out there that are rated highly, and these days both Microsoft and Apple offer built-in protection with many of their devices. Mobile security shouldn't be overlooked either. Apps such as Lookout , can help protect your phone. Never trust unfamiliar email addresses or links : If you receive an email address out of the blue from a bank or retailer that asks for any personal details, treat it with extreme caution.
If you suspect malicious intent, report the address to your email provider and delete. These security suites provide protection against many dangers, not just viruses and malware. They also have firewalls to shield your computer from harmful websites that you visit or emails that seem to be legitimate.
There are also browser-based tools which can stop hackers from sending phishing emails, such as soliciting neurotransmitters for bank account numbers. Phishing and hacking are focused on the money. There are many issues including ransomware and Trojans that can take your information and make a profit but it pays off in the event that you have enough money on hand because those types have no other motive than to gain access to our bank accounts.
This is essential in the event that patches stop working because of flaws in the software code. Security software are increasingly using the use of behavior-based identification to differentiate between malicious software and also good ones. Your antivirus software should be able to differentiate between legitimate software and malicious programs.
What happens if you accidentally install an untrustworthy program? Sandboxing is a technique that companies now use to help secure their systems while giving them full access to system resources in all cases. This allows for unknown applications or processes to access the computer without having to completely control all aspects of the operating system.
0コメント