IT Security

Cyber Security Do's & Don'ts

IT security is not as simple as it used to be.

Nowadays, we see cyber security threats every day.

IT security is not as simple as it used to be.

Nowadays, we see cyber security threats every day.

The cyber threats and number of cyber attacks on businesses are rapidly growing year-on-year. And they are becoming more sophisticated. The risk for businesses is very real. Have you built your cyber resilience?

The changing landscape of cyber-attacks

Gone are the days when a virus writer was creating viruses for “fun", political or anti-establishment reasons – nowadays, it is a big business; whether people are paying to decrypt their data or if they have sent money to a fraudster – and this happens every day.

Technology and software can be used to minimise the risk – but the risk can never be eradicated, mainly due to human behaviours and social engineering. This is how the majority of the bigger frauds are instigated.

Frauds are instigated by criminals, but normally the victim helps them. Before acting, think about what someone is asking you to do.

 

If you are being asked to click on a link, open a file, send money, verify information... STOP AND THINK.

Below is a video that was released by Cifas (the UKs leading fraud prevention service). The video highlights how much information we share online – all of which can be used to steal our identity or defraud us.

 

Our Cyber Security Advice

To help stop you from becoming a victim of cybercrime/ fraud;

 

Office 365 security

office 365 logoOffice 365 is an amazing tool for businesses. The majority of our clients are using it to deliver email services, alongside collaborative working, unified communications and file management. It has become the de-facto standard for email provision.

The popularity of Office 365 has made it a large target for online fraudsters.

The bad news is that ‘out of the box’ Office 365 has some known vulnerabilities. The good news is that it can be ‘hardened’ to make it much more difficult for a fraudster to take advantage of.

Do not click on links

email received with suspicious links includedIf you are not expecting an email from someone with a link... do not click on it. 

Clicking on a link can trigger all sorts of unwanted events from ransomware (encryption of all data) through to viruses. This can give a criminal back door access to your environment.

Be wary of emotive sounding emails, such as “Letter of Resignation” or “Notice of Redundancy”, these are designed to get you to act before thinking.

Received one? Check the links first by hovering your mouse over a link (WITHOUT CLICKING IT); it will display the actual website address that it is going to take you to. If that link address does not match – DO NOT CLICK IT.

 

 

Never issue a payment based on an email

Everyone needs strict financial controls online.

Your email address is most likely on a database on the dark web somewhere. If you have ever filled out an online form (which we're confident that you have) then your details - such as name, email address, and sometimes passwords, are available to scammers. 

If you are registered with an online service that has had a security breach (such as LinkedIn, Adobe, Dropbox... the list goes on) then the details you provided to those sites, including your password is available to scammers.

Financial scams are becoming more and more advanced. It is not just about malware or viruses. Before paying a new supplier, changing bank details or making an unusual payment, speak to the person you are paying first. 

NEVER TRUST AN EMAIL ASKING YOU TO MAKE A PAYMENT. 

 

Passwords

Never have a local file that contains all of your passwords stored on your PC or in your email - if you do get compromised then you have just given a criminal direct access to everything. Use a secure password manager instead.

You also shouldn’t write password down in a notebook and leave them on your desk or inside a top draw and left unlocked. A password is valuable to a criminal, no matter how it was found.

Tip: Your password should be long. Try a sentence; they are easier to remember and very secure (e.g. "MyfirstcarregistrationwasKY60RXY")

Also, don’t use the same password for everything... and ideally use Multi-Factor Authentication (MFA) if you can.

 

Check the email address

phishing email with suspicious email domain name that doesn't correlate with the email senderYou can usually tell whether the email sender's address is real because of the domain name they use.

Some scams use email addresses that are similar – so take the time to double-check this if the email is asking you to do something - like click on a link or open a file attachment. 

Look at this domain name; www.bigofficecompany.co.uk and now read this one www.bigofflcecompany.co.uk  You may have noticed they are different. The “i” in office has been replaced with a lowercase “L”… at first glance however, they appear to be the same.

 

Beware of external devices

Don’t plug in personal devices like USB flash drives, MP3 players and smartphones to your desktop computer without having the personal device checked first. 

These devices can be compromised with code. The code waits to launch, and as soon as you plug the device into a computer it activates – if you are bringing in an external device from a home computer that may not be as protected as your work computer. Always check first.

 

Don't ignore warnings on your PC

Installed antivirus solutions and Windows will, on occasion, prompt you when there is a problem. If in doubt, contact us regarding the message, but don’t ignore them, they are there to warn you of issues.

MS Office, for instance, will warn if a file has a Macro embedded. Do not enable Macro’s unless you trust the source of the document as Macro’s can contain viruses.

Antivirus prompts should only warn you of detected threats. If you do not recognise the prompt or security product or if it is attempting to send you to a link then do not proceed and contact Bluecube.

 

Are you concerned about your business's IT Security?

We have a team dedicated to remedy and fix your IT security issues, and to help you get back up and running, when things have gone wrong.

Latest