Cyber security is currently front of mind. Socially engineered attacks, such as phishing emails, are the underlying cause of most breaches (80% according to recent cyber incident reports) as exploiting people is often far easier than technically penetrating a network.
Awareness of potential threats and ongoing vigilance plays a critical role in protecting your business from the possible severe impacts of a breach, including:
- Theft or deletion of information
- Loss of access to systems
- Being held to ransom
- Financial and reputational loss
Outlined below are important cyber security precautions for you to be mindful of.
What is phishing?
‘Phishing’ is used to trick people into thinking they have received an email or text from a reputable source or company.
What to look out for?
- Requests | Emails that ask for your personal information should be treated suspiciously. Your business, banks, and most other companies will never ask for your password via email.
- The sender’s email address | Is it the same as the company’s email address or just similar?
- The greeting | Phishing emails commonly use generic phrases such as “Valued Customer.”
- Poor spelling and grammar | Often seen in the body of a phishing email.
- The signature | Does it look legitimate and provide contact information?
- Attachments | Does it make sense for the email to have an attachment? Be wary of .exe attachment files.
How to avoid being phished
- Above all else, do not click links, open attachments, or fill out forms.
- Hover over links before clicking to make sure it’s taking you where it says it will.
- If you click the link and are unsure if it is real or fake, provide an incorrect password first. If it appears you have signed in, then you are probably on a phishing site.
- Never provide personal information through email.
- Reach out to the person/company that emailed you directly. Don’t be afraid to pick up the phone! They will tell you if the email is valid or not.
Further security considerations
- Passwords | Don’t reuse, share, or write down passwords.
- Updates | Ensure all devices and applications are kept up to date, including mobiles and mobile applications.
- USB’s | Only insert USBs into your computer from trusted sources.
- Multi-Factor Authentication (MFA) | Turn on MFA on all applications that it is available on.
- Safe Browsing | Avoid clicking on pop-up adverts or visiting untrustworthy sites (look for https).
In addition to providing frequent reminders to your team, regular end-user cyber security training and testing is a necessity when it comes to cyber security defence. If you require support in this area get in touch with the IT Partners team via email or phone 07 957 2650.