24 Oct Mitigate social cyber security threats
How to mitigate social cyber security threats
The threat from cyber hackers to small & large businesses alike is on the rise. There are many high impact attacks taking place through reasonably basic & unassuming means. Your users can therefore innocently, and very easily, expose your network without even realising it. Known as “social threats”, attacks through email phishing scams, illegitimate website links and virus riddled Microsoft Office documents, are all incredibly commonplace.
There are basic security controls you can put into place very quickly to help combat this threat. These controls can be divided into two categories.
The first is a need for individual users to adapt their online behaviour; altering their actions to think first before clicking on an unknown link or opening an email attachment.
It goes without saying that this is incredibly challenging – humans are creatures of habit and it takes some considerable re-training and support to change their way of working. It’s very natural for people to be blasé about such risks until they’re inevitably the root cause of an attack!
The second type of control is more of a technical one – ensuring you have the right security tools and structure to your network to reduce the level of exposure to any end-user-initiated hack from their local PC.
- Didn’t request it? Always be suspicious
If you receive an email, particularly one with embedded links or attachments, that you weren’t expecting or isn’t familiar – take caution! What looks like an innocent email with an invoice attachment might actually be an Office document programmed with a code to infect your network as soon as the file is opened. Watch out for things like invoices that are Word or Excel documents rather than PDF’s.
- Don’t download and run files you don’t trust
If you’re in a rush and are scouring the internet for a quick-fix to something, you might be tempted to download a program or file from a not so legitimate source. Just because something is in a zip file and it has been downloaded from what looks like a genuine website does not mean it’s to be completely trusted.
- Never enter personal information when following a link
Often phishing scam emails will use a trusted brand, like a bank for example, to trick users into clicking on links & entering their personal details. It may look like a trusted platform to the untrained eye, but actually be a scam to fuel identity fraud. Remember, banks, and in fact most institutions that hold your personal data, will not ask you to re-enter these details they already hold via emails or website forms.
- Validate links
Most of the time these attacks are conducted by relatively unskilled & under resourced hackers that are trying their luck. This can mean that they haven’t completely covered their tracks. Before clicking a link in an email, hover over it and see what the actual destination is. It’s easy to present a website address as a legitimate one within an email, but take you to an alternative place when you click the link.
- Minimise your disclosure
On more of a personal level, it can be very easy to publish personal information over the internet without realising it. Most social networks by default will present your full name, email address, home address and phone number on profiles that are completely searchable online; unless you lock them down or don’t enter the information in the first place.
Need some support for peace of mind?
We can help. We offer free initial cyber awareness sessions to businesses across Cambridgeshire from our three sites in St. Ives, St. Neots and Cambridge.
Our mission is to help SMEs across the county increase their level of cyber security, often through no or low-cost methods.
Please contact the team today on 01480 570339 or [email protected].