In a previous blog entitled “How Can You Protect Yourself and Your Business from Potentially Costly Ransomware Attacks?” I discussed three ways in which you can protect your organisation. I broke it down into 3 steps that need to be taken to mitigate against the risk of being attacked and infected and suffering data or financial loss;
Step 1 – Create a human firewall.
Step 2 – Have up to date IT systems.
Step 3 – Have good backups.
In this blog I’m going to focus on how you create a human firewall in your organisation because remember, it’s the users who are being targeted by the cyber criminals. These criminals are using a variety of digital deceptions to trick users into opening email attachments or click on compromised links on websites. Today’s computer users, Employers and Employee’s, need to wise up fast and get with the program before your business pays a hefty price!
The Human Firewall?
When we talk about the human firewall we’re talking about computer users within your organisation and their levels of awareness and understanding about the cybercrime threats they face today. The digital world we live in now is vastly different from years ago. No longer can we curiously and carelessly click on things presuming that everything is safe on the internet. The new reality is that there is danger around every corner and as a computer user you need to take responsibility for your actions and be very clear that you know and understand what you are doing when using email and internet! Users must condition their minds to be much more security aware and continually be asking questions;
Who is this email from, do I know the sender? Why have I just received this particular email? Is this website safe, how do I know it’s safe? Why is someone asking me to download something, how do I know that this download is what it says it is? Is it really my boss asking me to transfer money into a bank account? Should I really be doing personal stuff on my company’s IT system and putting my employer’s business at risk?
The first line of defence that the cybercriminal needs to penetrate is the user, it’s the user’s interaction with the email or a link that allows a network intrusion. Only after the initial intrusion will the secondary layers of protection like a firewall and AV software come into play. Organisations must strengthen their first line of defence and this is achieved through security awareness training with the key objective to condition the user’s minds to the new security threats and realities.
Security awareness training
Users do not come to work with the intention of contracting a horrible crippling virus at their place of work and so will naturally be predisposed to being receptive to training in this area. Acquiring basic knowledge of the main cyber threats and an understanding of how social engineering works can make a huge difference in the awareness and ability of the user to be alerted to suspicious activity and to act on it!
Cyber criminals constantly innovate!
It is vitally important that users are kept up to date with the latest threats. Criminals are constantly coming up with new ways to hack your systems either through social engineering or other means. We all know about the Nigerian prince who wants to pay us an exorbitant sum of money for doing very little but next week it will be something different and the week after that something new again.
We’ve touched on social engineering already however its worth considering this point, there is often a huge amount of data in the public domain, on the web, about our organisation and on us as individuals, through social media. It’s not that difficult for a cybercriminal to carry out basic desk research on your company and employees and then use that information, in what is a premeditated and customised attack on your organisation. Information gathered from the web will make the trick even more convincing than usual to get you to open an email attachment or even transfer money to an account.
- Give your staff “Be Alert to Cybercrime” Security Awareness Training.
- Get users to sign off on the training they received.
- Ensure your staff regularly receive the latest cybercrime threat information.
- Provide users with an easy way to report suspect emails.
- Carry out simulated attacks to test your human firewall and record the results.
DON’T BE A VICTIM OF CYBERCRIME! TOP 5 X TIPS FOR USERS!
- Develop a 6th “Security” sense when it comes to email, attachments, website links and confidential data.
- Slow down! Think first, Act second, not the other way around. Criminals want you to act quickly without thinking about your actions.
- Delete requests for personal or financial information or passwords.
- Be highly suspicious of unsolicited email! If an email appears to be from someone you know, treat requests made with suspicion and verify authenticity independently.
- Shut down your computer at night! You’ll save power and cut off the criminal’s opportunity to have unfettered access to your machine!
For additional information or help with Cybercrime protection please get it touch