Cyber-attacks are becoming increasingly advanced. They continue to grow in sophistication, as attackers use an ever-expanding variety of tactics including social engineering, malware, and ransomware.
Cyber security is the adoption of technologies, processes and controls that protect systems, networks, programs, devices, and data from cyber-attacks. When delivered well and consistently it will reduce the risk of cyber-attacks and protect against the unauthorised exploitation of systems, networks, and technologies.
Effective cyber security can perhaps be described as an onion. The more layers of protection you have, the more difficult it can be for a cybercriminal to gain access to your information.
Whose job is cyber security?
Do we need to take responsibility for cyber security ourselves or it is enough to rely on our employer, software providers and government agencies protect us? The answer is that we all need to be vigilant when opening e-mails, text, or other chat messages.
Cyber criminals will use their expertise to take control of our data, using one simple line such as a hyper link in a text message, email, or messaging service such as WhatsApp. Relying on the business or organisation hosting the email isn’t advisable since the technology and methods used by the scammers is changing so rapidly.
To help us to protect your data from threats, businesses and individuals need to consider the following: –
Backing up data
Ask yourself the following questions:
- What data is critical to me or would be the most damaging should it fall into the wrong hands? Is it staff contact details, financial information, files or other business critical data?
- Where should I store the backup?
- How often is each backup undertaken?
- Who has access to the data, and are these the same people that can access the data backup?
- Is the backup procedure regularly tested to ensure that the data held is intact?
Hints and tips:
- Keep your backup offline e.g. a flash drive-external hard disk. This will ensure that the backup is stored well away from your computer/laptop and smartphone
- If you are using cloud-based backup system, be aware that most solutions provide a limited storage capacity
- When using cloud as backup, you must enable encryption while you are storing it
- Make the backup process part of your daily/weekly/monthly activity
- Ensure that the backup has been tested to ensure that the data held is safe and intact.
Be careful what you download Malware protection
Applications (or apps) can be downloaded for many different reasons and at times we can do this in haste.
- Always check the source of any software/application before downloading
- Always ensure that your anti-virus software is active and up to date on all relevant devices
- Do not use any USB flash drive that has come from an unfamiliar source
- Make sure your firewall software (or anti virus software for personal devices) is strong and up to date.
Keeping your smartphones (and tablets) safe
- Always use your password protection, and if available make use of biometric features on your phone such as facial or fingerprint recognition
- Set up tracking of your device through your own laptop or another smartphone
- Enable the ‘wipe your device’ remote feature in case your device is lost or stolen
- Keep your operating and app software up to date
- Do not connect your device to unknown wi-fi hotspots.
Keeping your pc safe
- Use two factor authentication when the facility is available
- Never use known information about you as a password, such as a birthday, pet name, family names
- Use a long password containing letters, numbers and other characters. Using three unconnected words is a good option, or perhaps the initial letters from a phrase that is familiar to you
- Change all default passwords which may have come with your device when you started using it
- Consider using a password management software
Avoid falling victim to a phishing attack
What are phishing attacks?
Typically, scammers will send fake emails to thousands of email addresses, asking for sensitive information (such as bank details), or containing links that pose a threat to your data. The email may try to illicit money, trick you into giving out your confidential details to use or sell on, or they may have political or ideological motives for accessing your organisation’s information. To help protect yourself from phishing attacks:
- Read emails from unknown senders slowly and carefully
- Always report phishing emails sent to your personal or business email account
- Remember that financial institutions in the UK will not ask you for your personal information. If you are unsure, call your bank using an independent telephone number (ie not the one associated with your bank details) to verify their request.
We all need to take responsibility for our own cyber security and to keep ourselves up to date with recent cyber-attack type and techniques. Our lives are full of challenges while adjusting to living with COVID-19, and business culture is changing as we adapt to more fluid ways of working. Cyber security is an essential discipline that all users of technology need to adopt. A good first step is to sign up to Sign-up for Action fraud alert | Action Fraud.
You should also ensure that your audit process includes robust cyber security checks from an independent auditor. Working with a professional independent auditor can highlight potential weak spots in your administrative and financial processes. For more information about cyber security within your audit please contact Ossama using the contact details on this page.