Simple human error and a lack of security awareness are often the root causes of cyber security breaches in the workplace, with statistics showing 38 per cent of breaches are internal.
Believe it or not, top passwords for 2013 included ‘123456’, ‘Password’, ‘Admin’ and ‘Letmein’. It may seem obvious but you’d be surprised at how many staff simply use the easiest password which leaves the business wide open to vulnerabilities. Passwords should be set up to have minimum characters, and should be at least 12 alphanumeric characters in length. It’s also important to change passwords frequently, around every three months, and use password protection to lock confidential documents.
Only keep documents you really need in physical format. If they are confidential, ensure they are kept in locked drawers and are shredded once they are no longer needed. It’s also wise to archive online documents that you don’t regularly need to keep them hidden.
Firstly, be wary of the actual source of emails which you receive. Treat each message cautiously and double check with the sender if you are in doubt. Do not open any attachments that seem odd or out of context as it could contain malware such as a virus or keystroke logger which could be monitored by hackers.
Only keep messages you need in your inbox. I’d advise to move valuable emails to subfolders and set permissions for only the owner to access them. Also, delete emails that aren’t needed – especially ones with any sensitive data. You should extract sensitive data and store it in locked documents, deleting the email.
4. Phone and email enquiries
Try to avoid giving out sensitive information over the phone such as client details, bank details or phone numbers – unless you are fully satisfied that the caller is genuine. Verify the identity of callers requesting information. If you can’t immediately identify them, insist on calling them back. You should make sure that they are legitimately entitled to receive any information being requested. Never under any circumstances give out your password to anyone, no matter how urgent the request.
Read emails thoroughly and check links before you click them- if you feel you have clicked something that might not be genuine, inform your IT department immediately.
5. Working out of the office
Never access your network remotely whilst using public WiFi. Instead, take the documents you need and store them on your device or an encrypted USB to work from. Another note is – don’t leave your laptop, computer, tablet, phone, USB or paper documents unattended in a public place. It’s also wise not to access secure sites such as online banking whilst using public or shared WiFi.
Pop-ups are a common trick for installing spyware, viruses and other infections. If you get a pop-up message on your screen whilst using a public hotspot, read the pop-up carefully before you click ok. Unless you are absolutely sure about the authenticity, close the pop-up down straight away.
Stephen Robinson is managing director of Xyone Cyber Security.