The world depends on fast and reliable communication to put businesses in touch with their employees, suppliers and, perhaps most importantly, their customers. As more business’ become digitised, their channels of work and communications become more susceptible to being affected by Cyber attacks.
Completely avoiding the risks posed by Cyber attacks is not plausible, however, it is possible to reduce your chances of being attacked by implementing Risk Management strategies.
Some Key Risk Management aspects for Cyber Security
Social Engineering is the art of accessing information, physical places, systems, data, property or money by psychological methods, rather than technical methods.
In simple terms, this means rather than attacking a secure system or database, cybercriminals will use social engineering tactics to trick people into giving them access.
What is a social engineering tactic?
There are a number of different social engineering tactics which could affect you. However, there are four basic psychological tactics that are almost always evident in social engineering scams.
- Fear of conflict– In general, people dislike conflict and will use almost any excuse to avoid it. Social engineers exploit this by exuding confidence when they ask for information or access they have no right to. When this confidence is displayed, most people prefer to comply with requests rather than challenge them.
- Getting a deal– Con artists have always relied upon the greed of their victims, social engineers are no different. Social engineers tend to use gifts and giveaways to get victims to let down their guard. More often than not, the giveaway item will be used to masquerade a piece of malicious code which the victim uploads to his or her computer.
- Sympathy-Occasionally, social engineers try and use charisma or humor to gain people’s sympathy. By establishing rapport and building positive feelings, victims are too distracted to realise they are being scammed.
- Need for closure-A well documented psychological need, the need for closure is one of the most popular with social engineers. In any event that they are ever questioned or confronted, social engineers who have done their homework will have an answer to any question which comes their way.
Risk Management and combating Social Engineering:
Social engineering really depends upon psychological weaknesses and blind spots. However, this does not mean you are defenseless.
Effective Risk Management training.
This is as basic as simply understanding that these blind spots exist and knowing how to recognise that you or anybody else could easily be tricked by them. Training like this is often the best defence. This is because it teaches you how to recognise specific tactics and scams and then shows you the necessary tactics to respond.
Emails offer people a fast way to reach out to others anywhere in the world. That’s why email has become an indispensable form of communication for most businesses. However, as a result of its popularity, Cybercriminals see email as the perfect tool for launching cyber attacks.
Spam is essentially the electronic equivalent of junk mail and is defined as bulk, unwanted and unsolicited emails. A lot of the spam which you receive is just nuisance clogging up your inbox- however, some spam emails may contain attachments or links that launch malware, spyware or other malicious code onto your device.
As a result of this, we recommend taking the following steps to reduce spam;
- Use your spam filter
- Flag spam when you see it
- Be careful about who you give your email address away to
Spearfishing is often disguised as a message from a close friend or business partner and tends to be more convincing than a normal phishing attempt. This is because the messages contain personal information and are therefore more difficult to indentify as malicious.
How to avoid becoming a victim?
- Never volunteer sensitive information
- Be suspicious of links asking for information
- Double check the websites’ address
- Verify who you are communicating with
- Trust your suspicions
These form of phishing attacks tend to pray upon use habit. Users read emails they would expect to get every day and do not even think twice about it. The Risk management strategy, in this case, is as simple as taking your time. Double check those emails you aren’t quite sure about. Do the extra checks and change your habits.
On the face of things, social media is an online metric to help you stay in touch with friends and family from anywhere in the world, at any time. It allows you to read the news, make new business contacts or even become #Instagram famous.
However, the popularity of social media has made it one of the top avenues of attack for cybercriminals.
So how are your social accounts putting you at risk?
- Careless posts revealing sensitive information- Taking pictures with friends or colleagues can seem innocent enough, but is there something in the background which hackers could use? Personal or proprietary information could be visible which could allow competitors or cybercriminals unintended access to your data.
- Sharing information about your identity– A few seconds on your public profile could give anyone information about your personal life. A cybercriminal can use these clues about your life to access your accounts or even steal your identity.
- Infecting your computer with malware– As the case with emails, criminals are now able to embed malicious code within social media posts. Once the malware is on your system, criminals can use it to access your system and steal sensitive information.
The same kind of common-sense actions that you can employ elsewhere on the internet can help keep you safe on social media. We have put together a few simple tips to help you on your way:
- Manage privacy settings: Use these to filter who can see your profile and what they can see you do. Make sure your only sharing personal information with people you know and trust.
- Never click on suspicious links: The same rules as email and phishing, if you are unsure about the source of the link, DON’T click on it!
- Think twice before posting: Once you post to social media the information is going to be out there forever. Before you post- make sure you are not sharing information which could be harmful.
Cyber Risk Management- What does it come down to?
It can be easy to forget that Cybercriminals can do plenty of damage using even old-fashioned technologies. In fact, phone calls and face to face communications are often the tools criminals use to gain access to your systems.
When you’re at work, keep the follows tips in mind:
Firstly, it is essential to follow company procedures.
Your company has rules about access rights. Even if you feel it is not necessary, follow these rules. They are in place to ensure you and your company are protecting sensitive information. Risk Management strategies are not always popular!
Secondly, make sure you are checking EVERYONE’s credentials. Criminals can gain access to computers, servers and locked offices by simply showing up with a uniform and clipboard. If someone shows up claiming to be a supplier or repair person, do not be afraid to ask for identification. If they are there for legitimate reasons, they won’t mind verifying who they are.
Finally, be careful about what you leave around your workspace. Given the number of passwords we need to remember, it is not uncommon for employees to have them scribbled on a note beside their workstations. If you do have to write down sensitive information, keep it safe!