Welcome to the new age of the web. This seems to be the new tacit statement whenever a new app or service is launched.
Although these new services and apps are quite sophisticated and useful, security still remains an afterthought.
Even when security is natively included, it still remains the purview of the user or organisation to keep their systems and data secure.
In view of this, we present some top cyber security tips on keeping personal information and organisational systems secure.
Personal Cyber Security
- Have Endpoint Security (anti-virus) on your computers and mobile devices.
- Change passwords of your personal online accounts every 3 months. Where possible use multifactor authentication like texts or app confirmations in addition to passwords.
- Set bank account alerts for when money leaves and arrives in your bank account.
- Smart speakers and smart assistants can record everything you say and sends it off to public computers on the Internet so check the privacy settings before using.
- Be careful what you share on social media. You don’t know who is watching especially location information, boarding pass QR codes and financial information.
- Do not use the same password for all your online accounts. Use multifactor authentication (e.g. text, phone app) where possible.
- Be aware of what children under your care are doing online. Check app purchases come to a monitored email.
- Internet Provider Wi-Fi routers have malware and adult content filters. Turn these on to protect you and your kids.
- Links: Check before you click any links even if the name seems legitimate. How? Useful tip: Hover your mouse over a link to revel that real address.
- Do not open email attachments for unexpected emails especially in relation to time-pressure type requests.
- Social Media is a rich data field for scammers and hackers so enable privacy settings and share only non-sensitive info wisely.
- Special Holidays coming up? Beware of spam and phishing emails relating to these.
Other Social Engineering
- Do not respond to automated voice messages requiring you to enter confirmation information.
- Be wary of free electronic devices like USB sticks you receive at trade shows and public engagements.
- When contacting organisations make sure you are using their publicly available contact information not one you have been given by a potential scammer.
- Beware of financial scams like pension account changes; mobile account changes.
- Do not provide contact information about colleagues from unknown callers.
- Managers and Directors should be aware if their surrounding in public places like conferences. Is someone video recording your screen?
- Any devices used abroad or in public engagements should be encrypted and secured with multi-factor authentication.
- Key Employees in sensitive industries are always a target so encrypt everything and do not sure static passwords.
IT Operations Security
- System Administrators can be a major weak link. Make sure they are well trained and skilled to manage the equipment they manage.
- Change default passwords for new and existing IT equipment.
- Beware of shadow IT – Software and equipment on your network that is not sanctioned for use by the company policy.
- Cyber Security is a journey not a destination.
- Moving to the Cloud for email? Multi-factor authentication is a must!
- Using the public cloud for applications? Get your CSPM – Cloud Security Posture Management in shape with cloud native security.
Cyber Security in the workplace
- Perimeter and Endpoint Security tools must in place for on-premise and mobile workforce staff.
- Beware of tailgating when walking into your office buildings.
- Do not openly display your work ID and swipe cards on public transportation or public places. You never know who is watching.
- Especially for Marketing & Sales Department teams: take extreme care with electronic souvenirs like USB sticks, or collateral sent in by prospecting companies.
- Finance & Purchasing Departments: Accounts Payable changes should always be verified by phone before effecting changes.
Security should be considered holistically across systems and applications throughout an organisation or even when for personal use. Across all users and facets, from normal end-users to IT staff to contractors, cyber security should be part of the organisational fabric. It should be much a part of a company as the culture and policies. Only by protecting the perimeter, cloud, internal systems and training IT staff and end-users will an organisation realise the full benefits of data and systems protection. Cyber security should continue to be an ongoing enterprise rather than a single fix. Threat actors and the threats they pose continue to evolve and so must the approach employed by the users and defenders of the cyber world.