Cyber Security Month

European Cyber Security Month (ECSM) takes place each October across Europe.

Week 3- Recognise cyber scams 

Some common indicators of scams include:

  • A call for urgency such as, "You must act now!"
  • A promise of huge profits in a short time frame
  • Overuse of buzzwords and jargon
  • Claims of insider information or confidential data
  • Donation scams are common on the Internet. Be sure to research any request for donations before handing money over.

 7 signs of a scam

  1.  Contacted out of the blue?
  2. Is the deal too good to be true?
  3. Asked to share personal details?
  4. Pressurised to respond quickly?
  5. Are the contact details vague?
  6. Spelling or grammatical mistakes?
  7. Are you asked to keep it quiet?
  8. Sounds out of the ordinary - like you’ve won the lottery, or you’ve been invited to invest in an ‘amazing’ scheme and keep it a secret
  9. Asks you to phone an expensive number - these start with 070, 084, 087, 090, 091 or 098
  10. Ask yourself, what’s in it for them? Why are they doing this?

 

Sources: 

Week 2 - Expand your digital skills and education 

Increase in Cyber crime Demands Fresh Attention to Employee Training

Cyber security training should be treated as an ongoing process and include employees across the whole organisation.

Many high-profile cyber attacks have featured in the news lately, to name a few:

  • British Airways had approximately 380,000 of their customer credit card details compromised
  • T-Mobile had 2 million of their customer’s details stolen by hackers
  • NHS had 20,000 appointments cancelled due to the WannaCry virus
  • Under Armour's MyFitnessPal app had 150 million usernames, email addresses, and passwords compromised

Cyber attacks, hacking, data breaches and identity theft are terms that most people are familiar with, and the need to educate employees about how their actions impact company cyber security is greater than ever.

A study published this week has revealed that businesses are "dangerously" unprepared for cyber-attacks, with threats causing mayhem for IT management teams (source: Computing.co.uk)

While IT and cyber security professionals are experts at protecting networks and devices, and integrating security measures to anticipate a breach, that cannot be a businesses only line of defence. Employee education and training can help minimise cyber vulnerabilities and prepare employees for the event of a breach, in turn helping to protect the organisation and its customers.

Reducing the risk

Employees often are unaware of the potential consequences of their actions while working on a computer, laptop or mobile device and how those actions can make the company vulnerable to cyber-attacks.  

Providing training to your employees can raise awareness of the potential risks and ensure they understand how their actions can impact cyber security.

The onboarding process can also form part of the process by incorporating background checks on potential employees. As new employees join the workforce, organisations also need to be sure they have an effective training plan in place.

As part of the onboarding process, new employees should be warned to:

  • Exercise caution when opening email attachments, especially compressed or ZIP file attachments.
  • Avoid clicking directly on website links in emails. Instead, users should type the link directly in the browser’s search bar or attempt to verify web addresses.
  • Lock computers when away from your desk
  • Report any suspicious emails to the IT team
  • Avoid unsecure Wi-Fi hotspots
  • Try to avoid file sharing on USB drives, the drives potentially spread viruses
  • Avoid downloading software or apps from unknown sources. Or restrict downloads to administrators only
  • Maintain good password integrity
  • Be smart about laptops or mobile devices that float between systems and could therefore pick up viruses or compromise the system

Don’t be afraid to test your cyber security policy, send a mock-questionable link to employees to see if anyone clicks on it.

Cyber security training should not be a one-time event or something that only applies to the IT department. It should be treated as an ongoing process and include all employees.

Develop a specialist team

Build a team of cyber security experts within your business, including representatives from key areas within the business. Ensure they are aware of what types of threats are out there and how to be react should an attack take place to minimise any damage. Being prepared for if an attack does happen will ensure minimal damage to your business and help you get back to normal as quickly as possible.

Key areas to focus on should include:

  • Types of Attacks

Review the nature, probability and dangers of possible attack methods like hacks, breaches, and email phishing, texts or social media. Also review common entry points or data-rich targets within the company. Any system with data that can be monetised such as health care records, bank information, credit card numbers, emails – can pose a risk and should be part of the response planning process.

  •  Types of Motivation

Provide general background on the different categories of cyberattacks and how the scope, style and motivations of each play an important factor in developing the most appropriate response plan.

Cyber criminals are motivated by money and are typically responsible for hacks like retail data breaches and phishing attacks. There is high risk to individual customers in terms of compromised personal or financial data and identity theft.

Take the education a step further by displaying tip sheets and posters around office common areas or by participating in ongoing cyber safety events like National Cyber Security Awareness Month or Safer Internet Day. Keeping the issue top of mind for your team helps mitigate risk and build resiliency.

Further information

We can help you to train your employees, if you’re interested in training get in touch and we’d be delighted to help.

*** 

Week 1 - Practice basic cyber hygiene

Reducing your exposure to a cyber attack

Effective and affordable ways to reduce your organisation’s exposure to the more common types of cyber attack.

  1. Boundary firewalls and internet gateways - establish network perimeter defences, particularly web proxy, web filtering, content checking, and firewall policies to detect and block executable downloads, block access to known malicious domains and prevent users’ computers from communicating directly with the Internet
  2. Malware protection - establish and maintain malware defences to detect and respond to known attack code
  3. Patch management - patch known vulnerabilities with the latest version of the software, to prevent attacks which exploit software bugs
  4. Whitelisting and execution control - prevent unknown software from being able to run or install itself, including AutoRun on USB and CD drives
  5. Secure configuration - restrict the functionality of every device, operating system and application to the minimum needed for business to function
  6. Password policy - ensure that an appropriate password policy is in place and followed
  7. User access control - include limiting normal users’ execution permissions and enforcing the principle of least privilege

If your organisation is likely to be targeted by a more technically capable attacker, give yourself greater confidence by putting in place these additional controls set out in the 10 Steps to Cyber Security:

  • Security monitoring - to identify any unexpected or suspicious activity
  • User training education and awareness - staff should understand their role in keeping your organisation secure and report any unusual activity
  • Security incident management - put plans in place to deal with an attack as an effective response will reduce the impact on your business

More information 

Download small business action guide 

Download 'what you can do to combat cyber attacks' leaflet 

Download 'the cyber threat to the legal sector' 2018 report