The time to make not only yourself but also your employees aware of some of the risks that pertain specifically to cyber-crime and cyber-security is now!
One of the most accessible platforms that cybercriminals use to access the company’s data is in fact the employees own personal devices.
According to a Fortinet Threat Landscape Report “Android-based malware now represents 14% of all cyber-threats.” If that is not bad enough, how about this? “Direct attacks, the number of comprised websites, email phishing campaigns and malicious access points continue to grow exponentially, infecting unsuspecting users – regardless of their devices – with spyware, malware, compromised applications and even ransomware.”
How scary is that?
Wherever you go today you see people on their phones – we feel completely lost without access to our phones. Yet the reality is that when (not if) any of your employees’ personal devices become infected, they are in fact, a risk to your organization.
“And that’s not all . . . “
What about your clients and service providers who are also on their personal devices, on your premises, using your Wi-Fi?
Clearly, it is critical to the well-being of your company, that you and your employees receive training on cybersecurity awareness.
Here are some of the elements that need to be looked at.
1. Public Wi-Fi
Whilst we all may think that public Wi-Fi is perfectly safe, the reality is that it isn’t.
Here’s the thing, most smartphones nowadays automatically connect to the Wi-Fi at “Public Access Points.” Criminals lurk in many of these spaces and when you connect to the internet through them, they intercept and gain access to all of your data, especially if you access online shopping or your personal banking.
Many smartphones and devices will also automatically search for “known” connection points, like your home router and when found will automatically connect. Nowadays criminals sit outside of your homes and offices and “watch” for this behaviour and then simply “ask” the device what SSID they are looking for. When the phone tells them that it is “looking for its home router” the criminals use their devices to say “I am your home router.” Their phones then connect automatically and they gain access to all of your devices. Blue tooth connections work in the same way!
You can combat this by naming your Wi-Fi access point before connecting. Do not allow anyone to connect automatically. Taking the situation one step further you can also install VPN software so that your connections are encrypted and therefore more secure to its known services!
2. Recognize Phishing and Related Scams
Be careful what you “click on.” Don’t click on e-mail links or attachments that come from people or e-mail addresses that you don’t know. Don’t click on links in advertisements unless you’ve checked them out first!
Don’t click on anything that, at face value, you think (from the way it’s been worded), comes from your own team or even service providers. Check the e-mail address that it has come from as well as who it’s been sent to. For example, if you get an e-mail from your bank instructing you to “click on” something because you are entitled to a refund, or you’ve won something, but the e-mail has been sent to “recipients”, understand there is a problem!
The problem is YOU because you tell yourself that it is a plausible issue and you click on what you shouldn’t. Don’t “click” on anything like this. Rather report it to your IT Department, your Risk Manager or your Service Provider.
This is why it is important to have an effective e-mail security gateway and web applications firewall solutions, that will also detect spam, phishing and malware. This will also validate links as well as run executable files for both sandbox and personal mail. This will ensure that malicious traps simply do not get through to any of the end-users.
Next time we will continue with point # 3 of the 5 Tips on Cyber Security.