What was once a couple of physical doors that kept your office safe, is now a multitude of virtual doors that you can’t control. For example, in the case of Spear Phishing emails, criminals are targeting you as an individual, as opposed to a general attack on an organisation, and hackers might target you in exactly the same way.
A hacker might want to target you because they are trying to steal money, information, or because they have a grudge against you or your organisation.
They will usually have done some homework on who you are and what your job involves, and could start by hacking into your PC and installing spyware that gathers technical information on your PC (Anti-virus, operating system, IP address, user ID).
On average it takes 229 days to detect a security breach. In this time the hacker can input false information, change information, delete information or steal information. Let's say you created a document on a Friday and then you came back into work on the Monday. Would you notice a small change made at the weekend, such as a decimal point out of place or a change in bank details? Once you start thinking about it, it's not hard to imagine how even the smallest of changes could end up damaging your reputation or costing you a lot of money!
The hackers can also turn on a webcam without you knowing and can watch and listen in to boardroom discussions. If you have a webcam in your boardroom, it's worth checking if there is a security risk. Here are some steps you should be taking:
- You should have a cyber security policy
- You should review staff permissions and appoint a cyber security officer
- You need training to understand the importance of certain actions. Training doesn’t have to be expensive and it will probably save you time and money in the future
- You need to understand, across your business, that most breaches are as a result of human lack of awareness; criminals rely on this
- You need specialist advice from a company that is up to date with the latest threats
- There will be revisions to data protection laws soon that include cyber security and you will need to comply
- You should also be aware of hackers when using devices in your personal time
You may feel you have more to lose here, because your own money is at stake not your company's money! Hopefully good cyber awareness in our personal lives will transfer to our work lives and vice versa, so here are some tips to help you:
1. Be cautious when using public WiFi: There are simple ways to prevent data loss via public WiFi. Check it’s legitimate; it’s easy for hackers to set up a fake WiFi network that looks like an official one. Before signing on to any WiFi, the best way to check if the network name is legitimate is by asking an employee of the place you’re in.
2. Forget the network: Once you have finished browsing on a WiFi, log off all services you were using and then ask the device to forget the network so it doesn’t automatically join next time you’re in range.
3. Turn that WiFi off!: Make sure you disable WiFi when you’re not using it. This prevents your device joining any other networks automatically without you noticing.
4. Use a VPN: VPNs act as an intermediary between your device and the internet server, routing all your activity through your own little loop of the internet that is encrypted, meaning a would-be intruder will find it impossible to sniff your information out or know what you’re doing, whether this is on a mobile, tablet or computer.
5. Keep your passwords strong: It’s good practice to change all passwords regularly and not use the same passwords across many different services. There are password managers available online that help manage them all. There are also services that support two-factor authentication, allowing you to add two levels of password protection on services such as Gmail, Twitter and Facebook.
6. Check websites for 'the lock’: You wouldn’t leave your front door open, so why leave yourself vulnerable online? If a website is secure it displays the green lock sign by it. This is otherwise known as HTTPS, and it encrypts the data that passes from your device to the internet server, meaning any hackers can’t decipher your private information.
7. Watch out for Apps: Always check permissions on the apps before installing and make sure they aren’t accessing unnecessary information. For example, a drawing app should not have access to your contacts list or your network info.
Simon Williams, Pro Drive IT
Image source: Shutterstock/igor.stevanovic