So this month we’ll be focusing on helping you make sure that everyone in your business understands not just why, but how cyber-criminals look to target a business - and their role in preventing an attack.
Why cyber-security awareness matters
Last month, our blog focused on the role of software in the fight against cyber-crime. When it comes to awareness, however, it is very much down to the people employed within a business to know what to look out for, what they can and can’t do and how they should and shouldn’t react if they become aware of something suspicious.
Even at our most sleep deprived, most of us will be aware of some of the most prolific tactics cyber-criminals use. Sending emails with attachments that contain ransomware or links to spoof websites for recipients to click may be old hat nowadays, but criminals are always on the lookout for new ways to exploit the people within a business to get what they want.
Even the most seemingly innocuous actions can give cyber-criminals valuable information. Most of us will have set an out of office message from time to time. But have you ever stopped to think that including the dates of your trip and a contact phone number could lead to a call to your receptionist from someone who says they’ve spoken to you on your mobile while you’re away and you’ve asked them to get in touch with the accounts department? Right away your receptionist’s guard will probably be down, as a degree of trust has been established.
Your out of office email has effectively advertised a ready-made way for criminals to try and gain access to your business. We’re not suggesting that you ban out of office messages, but we are recommending that your company puts a policy in place that would make it impossible for the receptionist to take that enquiry further without authentication.
Understanding the implications of your actions
Hand in hand with this comes the thorny issue of digital and social media. Almost every business has some level of social media presence. Most have policies relating to content that can and can’t be shared to ensure the business is presented in a professional light but, when it comes to cybercrime awareness, even the most seemingly innocent posts or comments can give away key information.
Likewise, your company website is a mine of useful information. It may seem innocent enough, but a staff profile with contact details linked to a story on your news page can provide enough information for a criminal to use. Awareness is about understanding how your actions can affect the bigger picture.
Anything you post online that gives a would-be cyber-criminal information about the whereabouts of people within your business at any given time can help them come up with a story that appears accurate and plausible. In today’s digital age, where information about businesses and the people within them is more readily accessible than ever before, it’s vital that your internal policies keep pace with your social media activity to stop your business becoming vulnerable.
Looking at things differently
Many companies like ourselves offer cyber security awareness training that will help you understand how and why criminals target businesses. We encourage businesses to take things a step further by looking closely at their policies for giving out information, and making sure those policies aren’t making them more vulnerable to cyber-attack.
To find out more about our holistic approach to keeping business networks safe and secure, contact us.