Written by Michael Aldrich, Onsite Support Engineer at Conosco
As the amount of data we produce expands year on year and cyber attacks become more sophisticated businesses are in the midst of a digital security transformation. New cyber security solutions that promise to stop ransomware, SIEM software that monitors and alerts users of breaches and accreditations such as ISO 27001 which aim to help businesses identify and remediate gaps in security, have gone a long way to mitigating risks. However, our strongest method of ensuring good cyber hygiene and protecting our systems remains with our users. Without the full commitment of your employees, your security strategy could fail at the first hurdle.
As IT professionals we are constantly exploring new avenues to stop data being manipulated and hackers gaining access to our systems. By ensuring your employees implement these 3 security measures you’ll be better prepared to stop the dreaded hackers in their tracks:
- Learn how to spot phishing emails
- Change your passwords regularly
- Implement Two Factor authentication
It really is that simple!
Learn how to spot phishing emails
What do you think of when you hear the word ‘hacker’? A mysterious figure wearing an ‘Anonymous’ mask, a matrix-style code breaker that can backflip through fire. Well, they’re out there, but usually, they are state-sponsored or ethical hackers. The most common type of hacker is the one in your inbox.
We’ve all seen those emails from an esteemed member of the royal family who wants to transfer you money or the ones telling you, you’ve missed payments on that credit card you don’t actually own. Whilst these ridiculous emails are usually easy to spot and quick to be deleted, you shouldn’t become too complacent. Hackers are getting smarter, disguising emails to look more like genuine communications. These are known as phishing emails. On the surface, it might appear that a colleague has invited you to collaborate on a document or perhaps you receive an email with a great offer that looks like it’s coming from a genuine brand. But dig a little deeper and you’ll spot the dodgy email address and fake branding.
Research this year by McAfee found that there were 375 new threats per minute and this rose in Q3 to 419. Yet, whilst 42% of consumers are aware of cyber risks, they have no plans to change their online habits. Surprising, given the consequences of clicking on these malicious emails could be dire for both your personal privacy and the safety of your business assets.
So how can you spot a Phishing email? Here’s some basic advice:
- Use common sense – if it looks too good to be true, it probably is.
- Always check the address of any link by hovering your mouse over it and checking that it is going to the website you expect (www.amazon.co.uk for example).
- Always use a secure network for doing your online shopping. Use a VPN connection and avoid public WiFi networks.
- If using a mobile phone or tablet, make sure you have some form of security software installed to protect the device from malware.
- Use Norton Safe Web to check the validity of a link before clicking on it.
- At the beginning of a URL, look for “https://” – the ‘s’ at the end is a signal that the site is secure.
- Search for visual cues that indicate a secure site, such as a lock symbol and green colour in the address bar, before you enter a credit card number or any confidential information.
“Even as security threats continue to become more advanced and prevalent, the basics of good cyber hygiene remain – the best initial defence for organisations is its employees”
Hylton Stewart, Head of Security
Change your passwords
Hackers will always look for simple ways to get their hands on your details and if they can guess your password then you’ve made it easy for them. It may seem obvious, but the amount of people that use the same password for all their accounts is staggering. It’s also not uncommon for employees to never change their default password, meaning you end up with a whole host of people with a password format that reads ‘Companyname123’.
Some people think that their account isn’t important enough to compromise an entire network but a hacker doesn’t discriminate. If your network isn’t managed and your account is compromised then the hacker can act as you via email and wreak havoc across your company.
On the other hand, there are things that aren’t always within our control and unfortunately, there have been some high profile cases whereby passwords have been leaked. For example in 2012, 170 million LinkedIn accounts (emails and passwords) were placed on the dark web and being sold to hackers. It wasn’t until May 16th 2016 that this became public knowledge by which time it was too late. However, it did teach us a valuable lesson about the importance, not only of using different passwords but of changing your passwords regularly.
So what can you do to ensure your passwords are hacker-proof?
- Never use the same password twice
- Change your passwords at least every 3 months
- Make sure passwords are at least 8 characters or more
- Use a mixture of characters, letters, numbers, uppercase and lowercase
- Use a password manager to help you manage them
- Never share your password even with members of your team
Implement Two Factor Authentication
This one is a real killer for hackers – Two Factor Authentication. This is where your accounts are linked with a mobile device meaning that in order to login you not only provide your password but you have to authenticate yourself using a code which is sent to you via text, received via a phone call or accessed via an app. This extra layer ensures that even if your password is guessed the hacker won’t be able to gain access.
You should apply Two Factor Authentication anywhere that gives you the option such as:
- Email Servers e.g. Microsoft O365 and Gmail
- Operating Systems e.g. MacOS and Windows
- Social Media e.g. Facebook, LinkedIn
- CRM applications e.g. HubSpot
Unfortunately, not every site has this feature. In this instance, the use of secure password managers (such as NordPass) can be a great alternative. It stores your multiple, strong passwords in a secure encrypted environment.
With cyber attacks on the rise and hacking techniques becoming more sophisticated, ensuring good cyber hygiene is a company-wide effort. The simple security measures outlined above will go some way to protecting your business assets, but should you need any additional help Conosco offers a variety of cyber security solutions including SIEM Services, Vulnerability Assessments, ISO 27001 and Cyber Essentials certification and vCISO services. We also operate a Security Operations Centre (SOC) run by our expert Security Analysts.
Get in touch with us to find out more about our cyber security solutions.