Its European Cyber Security Month (ECSM) and to kick off the first week the theme is Cyber Security in the Workplace.
This theme is inextricably linked with what we do at MetaCompliance. In the past cyber security, related matters would have been left at the feet of the IT department to deal with but modern day cyber security is a matter for everyone. From the boardroom to the shop floor everyone in your organisation must now be cyber savvy or calamity awaits.
That’s backed up by IBM, who revealed in its latest Cyber Security Intelligence Index that a mind boggling 95% of all security incidents involve human error – and that ranges from phishing scams to visiting bad websites, enabling viruses and falling victim to other advanced cyber threats.
Creating a culture of cyber security is a business imperative for all organisations. Whether you are a large or small business, academic institution, not for profit or a Government agency the time to engrain a cyber security culture with shared responsibility amongst all employees is now.
Socially engineered threats are able to bypass cyber security systems by taking advantage of human error. It works through pushing the psychological buttons of the email recipient to convince them into clicking a nefarious link or providing valuable information that a hacker can take advantage of. With email based attacks, such as phishing, this will often involve clicking on an embedded link, which in turn will download malware or ransomware onto the user’s device.
You may be one of the many thinking ‘but I’d never get caught out with that?’ however, it is becoming an increasingly sophisticated problem that is fooling even the most security conscious amongst us. For example, Business Email Compromise (BEC) is when a hacker targets a corporate executive through a convincing mixture of crafty copy and design to appear as if it’s from a trusted source. The attacker then asks for a wire transfer of money. According to the FBI these attacks have cost organisations more than $2.3 billion since 2013, with a 270 percent increase since January 2015 alone.
Pretty scary, huh? Well, fear not! As its National Cyber Security Month, we have come up with a list of tips for cyber safety at work.
At MetaCompliance, we often say passwords are like toothbrushes:
- Don’t share them with anyone
- Don’t leave them laying around
- Change them regularly
Alongside this, you should create strong passwords using a mixture of UPPER and lower case letters, numb3rs and $ymb0!$. Read this blog for some handy tips on how to create strong passwords and keep them safe. http://www.metacompliance.com/blog/have-you-changed-your-password-recently/
Letting unauthorised personnel into a place of business can easy happen, especially if you work in a co-working space or a building with other company offices. Don’t let anyone tailgate you at your office entrance or at any other point throughout the building. If you aren’t sure, it’s OK to ask someone where they’re going and if they have any ID. Any unknown persons should be escorted to a reception area to sign in. If you don’t, you could potentially be allowing a fraudster access to your work space.
It may be tempting to leave your computer open to the world in work as you nip off for a cup of tea for a bathroom break, after all you’re surrounded by work friends, what’s the worst that could happen? Well, all your documents, files, confidential information and company collateral are on there so it’s important to get into the habit of CTRL ALT DEL before you leave your seat.
You can read the rest of our tips for cyber safety at work here. So, as part of European Cyber Security Week we urge you and your organisation to get into the habit of good cyber security at work, a responsibility we all share. If you’d like further information on European Cyber Security Week, visit here.