Without proper protocol and security measures in place, a targeted attack could spell disaster for your organisation. With the holiday season approaching fast, this would be far from ideal.
Here are our 4 steps to help you stay safer this winter and keep you and your organisation breach-free.
Four steps to fight spear phishers
1 – Be mindful of your online footprint
- When browsing the web and (especially) social media sites, be very mindful of how much personal information you and your colleagues leave for others to see.
- Try to think outside the box here:
- Check uploaded photos for accidental inclusion of identification documents, home addresses, credit cards or anything that could be used to build a profile of you.
- Don’t enter personal details into websites that don’t appear genuine.
- Always check if a website uses HTTPS before entering payment or personal details. This won’t be a guarantee the site is genuine, but at least, you can be sure the data is encrypted whilst travelling between you and the destination web server.
- Avoid entering more detail than is necessary on online forms, if it isn’t absolutely required why give it up?
2 – Always use different passwords
- Remember that if you re-use a password across many sites, it only takes one site getting hacked for the malicious actor to have access to all your other accounts.
- Use a password manager or random-phrase passwordsof significant length, these are easy to remember and hard to guess, as was illustrated many years ago by the XKCD comic below:
3 – Implement a strong data protection program
Data protection programs are essential for any organisation, regardless of size. They help your organisation minimise its sensitive data footprint and a security-first mindset among your colleagues. Data security specialist Spirion has simple yet effective guidelines which are still relevant today.
4 – Security Awareness Training & Simulated Phishing
We invest immense figures into complex security hardware which takes even more complex and well-trained staff to correctly configure. Yet, even with all this technology, approximately 15% of phishing emails, and especially spear-phishing attacks, find their way into a user’s inbox.
At this stage, your organisation’s security is entirely dependent on the training and ability this user has to spot a malicious email.
A well-trained user will simply report or delete the email as per the organisation’s security policy.
A less-than-well-trained employee may not notice anything is wrong with the message, then click it, respond to it, or open a small attachment within, a simple mistake which cost mid-size firms an average of £1.3 million per breach in 2019.
Security Awareness Training is by far the most cost-effective and efficient method of strengthening your human firewall and reducing your cyber threat surface. Check out our cost calculator and compare that to the price of a successful data breach…
Your staff are your first and last line of defence, it is up to you to make sure they know how to defend themselves and your organisation.