You are the biggest threat to your system security
You’ve got a firewall and anti-virus software, so your system is safe – right? Wrong! Criminals are becoming more sophisticated and can infiltrate a system without directly attacking it. How? They use the weakest part of the system… the human being operating it.
Hacking is no longer the domain of super-technical nerds. Also, criminals can now buy ready-made scams and lists of personal details. They rely on the ignorance of the average computer user to open the door for them. It looks like things are only going to get worse because there is an increasing use of wifi or mobile to control everyday objects, such as TVs, washing machines, and security systems. So, what can you do?
The best defence against cyber-crime is to be aware of potential threats. Just like you’re aware that doorstep fraudsters try to scam people, so you are cautious about who you invite into your home.
How to avoid basic mistakes that let the criminals into your system
- Train all users of your system in how to be safe online
- Have a written policy for personal email and social media accounts. Prevent access to these kinds of online accounts if they are not required for users to do their job.
- Ensure users have the appropriate level of security access. So, make sure they have only the level they need
- Have a policy for remote working. Set up a VPN (Virtual Private Network) access for remote workers. If they are likely to work on public networks (such as coffee shops, airports, hotels or conference centres), then don’t access the VPN or any sensitive data. Also, make sure their email is scanned for viruses before linking back on to the office network.
- Mobiles and tablets are not covered by your office firewall, so make sure they have anti-virus software installed. If you provide mobiles for your workers, have a policy about what they are permitted to install (or watch) on the device. After all, it would be easy for them to copy company confidential material into a personal Dropbox account!
- Be aware of any potential threats from
- Disgruntled employees
- Industrial espionage – this may be through vulnerable employees or people “planted” by competitors
- Careless employees – these are the biggest threat as this is usually an unintentional action (like clicking an email link)
- Keep all your software up to date with the latest updates, these often fix vulnerabilities that hackers can exploit
- Be vigilant for unusual activities on your system. For example, watch for someone accessing information that doesn’t relate to their job
- Change passwords regularly
- Watch for deliveries of unexpected items. Criminals who obtain personal data or bank details sometimes get items delivered to a valid address before changing it. They can then buy high value items because the account will pass validity checks on other websites
- NEVER, EVER, click on a link from a bank or supplier that was sent to you via email. Always go through your normal route or their main website link.
- Check with your customers if you haven’t been paid when expected. Not only have criminals sent spoof emails to customers saying bank details have changed, they have also been known to hack printers to change the bank details on printed invoices.
If you are concerned about how to deal with any of the above, contact Business IT Plus who will be happy to have an informal chat with you.
Cyber Security Conference November 2018