Get the strength of a Human firewall around your business
In this brief series on human factors in cyber security, we have seen that security can often be taken out of your hands – and into your staff’s. Building the Human Firewall is essential to keeping your – and your customers’ – data secure. Educating and briefing your team is now a business “must”
In this the second part of our blog on Social Engineering hacks, we’re going to look at the ways cybercriminals attack, and how you can help your teams to understand the vital role that they play in keeping both themselves and your business secure.
We’ve seen how attacks vary from the complex scams that play on curiosity and pride to the simple phone calls “ from tech support”. Enlisting the support of your staff means showing them how to identify threats and attacks, and what to do when they spot them.
It’s important to avoid too much jargon or techspeak. However, your staff need to be aware that the threat is real, as Vircom have found that most successful current attacks are targeting the uninformed. In other words, protecting them protects you.
Hackers reach your staff through indirect contact, and there is no better one than email. So teach your staff to go Phishing ! This applies to personal and to professional email. Phishing is the term used for emails that seem to be from real people and real organisations – like your bank for instance. So some regular examples circulated around the business will help enormously. Simple thinks like checking the names on the email and any odd spelling – or particularly grammar, as these mails are often translated. The key word is vigilance. That and giving your team the tools for the job. You would scarcely believe the content of some phishing and spoofing emails. Yet in the moments of stress or carelessness, they get opened or clicked on.
Why – am I getting this email.
If I’m suspicious – send it to IT
NEVER click on an embedded link in an email
NEVER, NEVER open an attachment on an email you think is a bit fishy.
DO NOT REPLY – ever to any email you feel uncomfortable about.
The same goes for phone calls. Last year Talk Talk lost a significant number of customer account details in a hack. This enabled the criminals to call people on their mobiles with legitimate details. What happened next wasn’t legitimate: they got people to open accounts and enter passwords with the inevitable conclusions. Moral of the story – no legitimate business will ask you to enter passwords on a screen sharing app.
Passwords obtained in any fraudulent way can impact on your business. As creatures of habit, people tend to use the same password everywhere. Enabling your login to change passwords monthly is a basic requirement, still overlooked by many companies. But it won’t protect you from passwords used to access other websites once in. Password managers have come in in leaps and bounds recently – a recommendation to your team might not go amiss.
And of course external drives and “working from home”:
These are choppy waters, and unfortunately it is often senior people who are the culprits, switching from office to home laptops, and inserting discs and drives that have no provenance. And shared email clients that further muddy the waters. As home working becomes more and more prevalent, it is unsurprising that this is where social engineering is being seen more frequently.
Supporting your Human Firewall and building in safety
Humans being humans, you need to plan for every eventuality. Having the next line of defence ready means that your firewall has to work in parallel with your teams should the worst happen. With an up to date firewall and planned security programme you can defend and support by monitoring activity, block accesses, setting triggers and alarms and setting safeguards on business critical systems.
Next week, in our third and last blog in this series we’ll look at what sort of protections are available, how they work, and what options there are for your business.
KubeNet can help you get your Human Firewall started. Contact us now here to see how Kube can work with you to ensure your team is prepared for the threats of today and tomorrow – and don’t forget to make sure that your business is protected by the latest threat detection and protection software like KubeNet’s own Managed Firewall.