Cyber Talk: Secure yourself from cyber criminals

Cyber criminals target both individuals and companies. Knowing some cybersecurity tips and putting them into place will help you protect yourself and your business and reduce the risk of a cyber-attack. Teach your staff on how to avoid phishing scams and keep them informed on common ways fraudsters can infect computers and devices with malware. […]

Cyber criminals target both individuals and companies. Knowing some cybersecurity tips and putting them into place will help you protect yourself and your business and reduce the risk of a cyber-attack. Teach your staff on how to avoid phishing scams and keep them informed on common ways fraudsters can infect computers and devices with malware. Include tips for identifying and protecting against cyber-attacks in your regular employee trainings and communications.

Cyber security approach for individuals

* Software update: Set your installed Windows and applications to automatic software update and they will notify you as soon as they become available, which will safeguard you from vulnerabilities.

* Use multi-factor authentication: It is an authentication method that requires the user to provide two or more verification factors to gain access to an application or an online account, like a temporary code on a smartphone or a key that’s inserted into a computer.

* Back up: Backup all important files offline to an external hard drive, or to a secure cloud service.

* Require passwords: Don’t leave these devices unattended in public places. Always use complex passwords for all laptops, tablets and smartphones to login.

* Encrypt: Encrypt devices (i.e. laptops, smartphones, removable drives, and cloud storage solutions) and other documents containing sensitive personal information.

* Secure your router: Change the default name and password and ensure you turn off remote management feature and remember to log out of the router. Its recommended to set up router with WPA2 or WPA3 encryption.

* Use licensed software: Use legitimate/licensed software and use antivirus and anti-malware protection applications on your electronic devices.

* Losing PII: Personal Identifiable Information might be lost while you are revealing phone numbers and emails on social media or purchasing platforms where data brokers will steal that information to exploit for financial gains.

Cyber security approach for organisations

* Identify: (a) IT department should make an assets list and create a cyber security policy that has roles and responsibilities for employees and vendors who all are having access to companies data.

(b) Steps to take to protect against a cyber attack and limit the damage if one occurs

* Protect: (a) Someone responsible for who logs on to your network and uses your electronic gadgets.

(b) Use security software to protect data.

(c) Encrypt sensitive data (both while in in-transit and rest.

(d) Regular backups of data to be taken.

(e) Set software’s to automatic update.

(f) Have a published policy on how to safely disposing of old data and old devices.

* Detect: (a) Train all employees who uses your computers and devices on how to be self-protected.

(b) Monitor unauthorised personnel access to network and devices.

(c) Analyse all unusual activities identified on your network or by your member staff.

* Respond: (a) Notifying everyone in the office on whose data may be at risk.

(b) Report the attack to cyber-crime police authorities.

(c) Analyse and update your cybersecurity approach along with lessons learned.

* Recover: Repair and restore the network and systems to normalcy that were affected.

Most common cyber security threats

(a) Phishing: Phishing is a method of trying to gather personal/sensitive information using deceptive phone calls, SMS, e-mails, blogs, and website and then steal data or money from the victims.

(b) Ransomware: If you click on a short link asking for an organisations survey or a feedback or online ads that contain malicious code or infected website can also automatically download malicious software, etc. They will install ransomware and spread to the entire company network. The attackers ask for cryptocurrency, but even if we are ready to pay, we are not sure they will provide us back the data in as is condition.

(c) Spoof e-mails: A scammer sets up an email address that looks like it’s from your company. The e-mail looks legitimate with an advice asking you to transfer funds to an account on an emergency basis, not knowing about the spoof e-mail and spoof SMS, you may transfer the amounts to fraudsters account. It is suggested that companies enable e-mail authentication technology, which makes it difficult for a scammer to send spoof e-mails.

Raising a complaint against cyber attack

Register at https://cybercrime.gov.in/. You will be required to use register via OTP from a valid Indian number. select the category ‘Report Crime related to Women or Children’ (a) Upload the screenshots of the conversation from social media & messaging platforms.

(b) Copy the URLs of the social media channels.

(c) Screenshots/statements having financial transactions.