By Arthur Moses Opio and Kyomuhendo Esther Diana
As we continue to educate ourselves about Cybersecurity, it creates serious awareness. Awareness is not just the knowledge but rather knowledge combined with the attitudes and behaviors that serve to protect our information assets. Being cyber security alert means, you understand what the threats are and you take the right steps to prevent them.
According to the 2014 Cyber Security Intelligence Index, an astounding 95% of all security incidents involve human error. The most prevalent mistake? Double clicking on an infected attachment or unsafe URL and with this era of remote working, remote workers will continue to be a target for cybercriminals.
Rob Sobers of Varonis says and we quote, "To successfully fight against malicious intent, it's imperative that companies make cybersecurity awareness, prevention and security best practices a part of their culture". Create a risk-aware culture where employees are educated about the cybersecurity hazards faced and train them to take the right actions to defend against the cyber-attacks.
Cyber Security Awareness Best Practices
If CEOs, directors and managers want to keep their data safe, it is up to them to educate their colleagues and create a workplace culture surrounding cyber security awareness. Here are some cyber security best practices every organisation should be following:
- Implement Basic Cybersecurity Training
Conducting training sessions will ensure that employees use approved software, and have strong passwords. You could also look at implementing common sense practices surrounding technology access and consider adding further levels of protection for staff with multi-factor authentication. This could be something as simple as not letting employees take their laptops home at the weekend, or enforce a two-step verification process.
- Have a Data Recovery Strategy
A recent survey has shown that one in five businesses do not have a procedure or back-up plan, should their data get lost or damaged. With more and more businesses relying on the cloud, it’s crucial that you ensure your cloud-based data is adequately protected and compliant with new GDPR (General Data Protection Regulation) regulations. Alongside this, you need to make sure your employees are clear on the strategy, and exactly who is responsible for what.
- Detect and Plan For What You Cannot Prevent
Hackers will always try and find a vulnerability, and when they do, you need to make sure you have the resources and knowledge to detect their activities as quickly as possible. This way, you can contain the damage and get back to normal business without experiencing a massive loss event.
It is important to note that your business’s cybersecurity is only as strong as your weakest employee - it is your responsibility to create a risk aware workplace culture surrounding cyber security awareness.
The Types of Suspicious Emails Sent
1. DHL Express: Attached COA and shipping documents
Good day aopio, please find attached shipping documents and advise payment asap, so sorry about my late response. Kindly acknowledge mail receipt by return mail, Best Regards, Pham Thanh Hai,
2. Assistant Manager: Re: Urgent PO.
Good morning, please see below email and PO attached. Kindly advise as soon as possible.
Thanks best regards, Naheed Choi, Assistant Manager
3. Head of Finance: PHJ Automation-BV -Payment Swift Copy FYR
Good day Timothy, Based on your discussion and email communication with my colleagues regarding arranging payments. Find the attached swift copy payment receipt for the payment we arranged. The payment needs about three working days to reach your account based on the standard time of arrival for international swift transfer. Kindly update me on the shipment. We need to finalize this order before the end of August. We appreciate your kind assistance. Kindest regards.
The emails listed above are a classic example of socially engineered messages.
Three things about these emails;
1. They are socially engineered, they make it look like you have been dealing with them before - You always have to stop and think before rushing to download anything.
2. There is always an attachment (These attachments are not pdf or word documents; they are malicious executable files hiding behind the pdf and word docs.
3. There is an urgency of time running out.
Such emails can hurt individuals, your Network, Personnel working in Finance or anyone managing critical financial matters.
What To Do When You Receive A Suspicious Email
If you suspect that an email or text message you received is a phishing attempt:
- Do not open it. In some cases, the act of opening the phishing email may cause you to compromise the security of your company.
- Delete it immediately to prevent yourself from accidentally opening the message in the future.
- Do not download any attachments accompanying the message. Attachments may contain malware such as viruses, worms or spyware.
- Never click links that appear in the message. Links embedded within phishing messages direct you to fraudulent websites.
- Do not reply to the sender. Ignore any requests the sender may solicit and do not call phone numbers provided in the message.
- Report it. Help others avoid phishing attempts:
In conclusion, it’s clear that the weakest link in cyber security is the human factor, and if your employees are unable to make an informed and educated decision about something as simple as what network to connect to or which email attachment to open, you’re at risk of a potentially devastating cyber-attack.