Projects

Going from A to E: Navigating the cyber security landscape.

Securit-00001-5_1400x875_acf_cropped-3

As cloud computing and the Internet of Things (IoT) grows, organisations are increasingly at risk, and regardless of the security measures put in place, there will always be something, or someone, that can slip through the cracks, so vigilance is key. But where do you start? Firstly, through awareness and knowledge; if you know what to look out, for it’s much easier to stop the hackers in their tracks. So here are our top tips to try and help you and your employees safely navigate the precarious world of cyber security.

A – Is for Authentication.

One of the most important words in the cyber security language – in it’s most basic form, authentication is simply proving the identity of a device user in order to access information. If you aren’t looking through rose tinted authentication glasses, you need to be – make sure all sensitive business data requires a login. So what type of authentication is best? Well generally there are three main types:

Type 1: Something you know, like a password, PIN or codeword. If you can remember it, you can use it.

Type 2: Verification by something you have, which includes physical objects, such as key cards and smart phones.

Type 3: Something personal, like a fingerprint or voice verification.

In the IT world, the term ‘multi-factor authentication’ is a security technique that involves two or three or these methods, and in business it’s imperative you use at least two of them! At Stripe, we recommend Microsoft’s Azure Multi-Factor Authentication (MFA), their two-step verification process lies in its layered approach, helping to safeguard access to your data and business applications by requiring a second form of authentication. Based on Microsoft’s research, your account is more than 99.9% less likely to be compromised if you use MFA!

Quick tip for employees: Even though your employer may have MFA installed, you should additionally download a password manager like LastPass. With an app like this, there’s a place to organise your logins, as well as generate extremely strong passwords, which ultimately makes it much harder for a hacker to access your data. There’s also no more clicking the dreaded ‘forgotten password’ button, you just have to save your details once, and it’s instantly available on all your devices.

B – Is for BYOD (Bring your own device).

Not being tied to the workplace in order to access data and do your job has obvious benefits. From reduced IT costs to employee flexibility, companies across the world are increasingly adopting this way of working. However, in the event of an accident, like a missing or stolen device, it’s not just personal data at risk, it’s also the employers.

Our solution? Microsoft’s InTune Device Manager. This application allows you to protect business confidential data, while granting employees permission on the devices and apps they choose. With this app you can track, monitor and even wipe devices remotely. A must for remote business security!

Quick tip for employees: If you’re already a participant in the BYOD culture, and you aren’t aware of your employers BYOD policy – ask. It may be that your employer already has a built-in Mobile Device Management (MDM) solution, so it’s likely you won’t have to worry, however if they don’t, you’ll need to know what to do when lightning strikes.

C –  Is for Click Jacking

Or what you may also know as a ‘Redress Attack’. In this type of cyber-attack, the user will come across a link that looks legitimate, but in reality, they’re being tricked into to clicking something malicious. These hazardous links are not necessarily visible and are usually hidden beneath the link or button you think you’re clicking – commonly these hidden links redirect to a malicious page and infect the user’s device with malware.

As Microsoft Gold experts, we can’t stress enough how important it is to use a solution like Advanced Threat Protection. Why? Because this service allows you a greater level of control over business threat management; ATP for example, allows you to install an option called ‘Safe Links’, which ultimately helps to protect your organisation by blocking malicious content, even when it’s clicked. If you already have Microsoft 365, Safe Links is super easy to activate, and they even have a helpful guide on how to install this on their website; find out how to turn this on here.

Helpful hint: Consider the browser you are using, Firefox for example, has add-ons that stops certain scripts from running on a webpage. It’s also worth noting that the URL bar contains lots of vital information about where you are and how secure a website is, so start checking this. Get into this habit and it could really help you out in the long run!

D – Is for Drive by Downloads

In it’s basic form, this is an unintentional download of a virus or malware which can occur simply by visiting a suspect website. This type of attack will usually exploit a browser, app, or operating system that’s out of date, especially those with any security flaws. Often, a malicious webpage contains multiple types of code in order to match at least one weakness on your computer, and this leaves you open to all kinds of trouble, including the theft of sensitive data and information!

An easy solution? Stay up to date. Google recently found that only 38 percent of users automatically update their software when a new version is available. So avoid the risk and ensure you always run your security software updates when prompted, and don’t postpone them for more than a few hours. We know it’s not always the best time to update in the middle of the working day, but by ensuring you run them before you log off, you could save yourself and your business a lot of time and money in the future!

E – Is for Emails

Phishing emails are one of the most effective ways for cyber criminals to gain access to your business network. According to Verizion, on average 4% of the targets in any given phishing campaign will click it, and incredibly, the more phishing emails someone has clicked, the more likely they are to do so again. All a user needs to do is open the email with dangerous link, input credentials or click a link, and a malware attack is launched.

Fortunately, many phishing emails are automatically filtered out by your spam filter, however, cybercriminals are using increasingly sophisticated methods to bypass these security checks and make their emails look extremely legitimate. The tricky thing is knowing what to look out for, and because this type of attack is founded upon user judgement, it’s imperative employees are given the right training and knowledge to prevent mistakes.

Helpful Hint: If the following traits are present, don’t risk opening the link!

  • Is the message sent from a public email domain? A public domain address is provided by a free email service provider, such as Outlook, Gmail and Yahoo. If Jenny123.456@outlook.com is sending you an email about an outstanding invoice, question it!
  • Does the message contain a mismatched URL? Suspect links don’t always match their hyperlink address, and to check this all you need to do is hover over the link… If they don’t match, don’t click!
  • Is the language suspect? Although we all make the odd spelling mistake, it’s easy to tell if the person writing the email knows what they’re talking about, so look out for out of place words, unnecessarily complex language and vague generic phrases.
  • Is the message seeking your personal information? If there’s a sense of urgency in the email, alongside a request for details, it should immediately ring some alarm bells – “Urgent action required” and “Your account has been compromised” are common place phrases used to create concern and action. Before giving away any of your personal information via an inbound link, ALWAYS question it!

At Stripe OLT, we believe that cyber security starts with knowledge and awareness and naturally as an IT and technology provider, we are accredited under the Cyber Essentials Plus scheme. So if your organisation’s cyber security is causing you concern, or you’d be interested in finding out more about how we support you with your Cyber Essentials accreditation, get in touch here.

Our Partners