Cybersecurity is the main concern for every company. It doesn’t require an enterprise to be big to be a potential target for a cyber-attack. Data shows that most of the attacks happen as a result of an end-user vulnerability or wrong actions. For example, 83 percent of global organisations experienced phishing attacks during 2018, according to Proofpoint, which analysed end-user responses to more than 130 million questions administered during email-security training over 14 months from January 2018.
According to our Cybersafe instructor, Edith Byrne, there are some steps which can be learned to help end-users to avoid the most common traps. Edith covers this content in the Cybersafe training, a 1-day course that aims to train users to identify potential risks. We gathered below some important topics and tips on how to be Cybersafe from the end-user perspective.
Two important rules for passwords:
- It shouldn’t be the same for all accounts (even one different character, for example, a “#” instead of a “!” can make a difference).
- Don’t write passwords down, if you need to do it to remember, you should store it somewhere safe, e.g. lockbox.
Social Engineering it's when the attacker tries to trick the victim by presenting themselves as someone who is trustable to get access to the network and steal sensitive information. That’s is an important topic which should be discussed in all companies to prevent attacks.
Some Types of Social Engineering:
- Phishing (misrepresenting themselves via e-mail)
- Spear Phishing (targeting specific individual group or person, for example, Finance/IT department)
- Whaling (researched and directed phishing attack targeting c-level executive or high-profile individual)
- Vishing (attack performed by phone (voice) rather than e-mail)
Social Engineering Tips
Even though is quite tricky to identify a social engineer attack, it’s possible to perform some actions to avoid becoming a victim of it.
- Double-check email addresses and phone numbers
- Don’t click on external links displayed in emails if you haven’t changed emails with that contact before. Some of these attacks can happen from senders that you trust, for example, Microsoft, Apple, Google.
- Be extra careful with your social media accounts, phishing attacks are more likely to happen on LinkedIn.
Click here to read a recent example from Windows 10 snake phishing attack.
Some social engineering naming that you should get familiar with
- Impersonation (pretending to be someone else)
- Shoulder serving (watching/ recording someone while they type in their password)
- Pharming (redirecting web traffic)
- Dumpster diving (literally searching the trash for written down passwords)
- Pretexting (fabricating a fictional scenario in order to gain someone’s trust)
Secure your Devices
Make sure to physically secure your devices, for example, don’t leave your laptop anywhere insecure and unlocked. You should always keep your antivirus active and updated and follow the organisational security requirements, for example, don’t use the company’s mobile phone for private searches.
- Turn off your wi-fi and Bluetooth when you are not using it.
- Use the private surf mode when you are using public wi-fi.
- When you finish it, make sure to disconnect from the public wi-fi and click to forget the network.
*The article above was written in collaboration with Alexandra Mack, our Marketing intern who attended our CyberSafe training recently.
In a fast-paced environment, investing in technical training is the best way to overcome the Cybersecurity challenges. At New Horizons Ireland we provide a wide range of Cybersecurity courses from different vendors and covering all paths that you might want to follow.
In the link below, you can check all our Cybersecurity paths and choose the best option for your career.
Talk to one of our Account Managers to check all your options and possibilities. New Horizons Ireland courses are available in a variety of modalities to attend your needs, such as online live, instructor-led in our Dublin classroom and Mentored Learning, which is a convenient way to attend your course at your own pace and availability.
True or false? A wireless device is immune to traditional wire-based attacks?
Take our FREE cybersecurity assessment to see how prepared your organisation is for cyber threats. The test is made up of 15 questions and will determine if you can recognise and avoid common issues like phishing, malware and nonsecure website.
Take the quiz