There are different types of cyber-attacks, from phishing, Man in the Middle, SQL Injection, Cross Scripting and Distributed Denial of Service to Ransomware and Eavesdropping Attacks. When it comes to protecting your business from attacks or data breaches, you should be on the lookout for cybercriminals who are tough to spot. But you can recognise a few of these common cybercrime threats and save your organisation from costly losses.
The Social-Engineer– These criminals fake an identity and request data-rich information like filling out KYC forms in a time-pressured scenario
Spear Phisher – Send malicious emails altered to appear legitimate containing links that unlock access to banking credentials, trade secrets and personal information
Malware, Spyware and Trojans have been found implanted within the free applications – APK & DMZ Files that downloaded from non-legitimate websites
The Hacker – Most confirmed data breaches are results of hackers leveraging weak, default or stolen passwords
The Rogue Employee – Current or former disgruntled employee can abuse their insider access and knowledge
The Ransom Artist – The growth of ransomware as a service makes it easier for bad actors to seize control of data and force businesses to pay them
What can cybercriminals do?
Risks: Disclosure of confidential information, loss of trust, system failure
Cause: Cybercrimes like hacking, phishing, scamming and ransomware
Consequences: Financial loss (client suing replenish trust account, recovery costs)
Severity: Monetary loss, loss of reputation, loss of business and intellectual property loss
Likelihood: Almost certain if you don’t have adequate security protection processes in place
Developing information security awareness strategy
When you decide that you want to create information security awareness within your organization, your goal is to make sure that everyone understands potential cyber threats and risks. They need knowledge and skills to help prevent cyber-attacks.
Information security awareness strategy tips
Create special sections on your website/intranet devoted to information security policies and awareness content
Use official social media handle to deliver messages at regular intervals
Posters with information security best practices in cafeteria and other places where employees visit
Have a column in newsletter/blog on the company’s information security initiatives
Develop and explain your company’s information security policies and present them during Induction programmes and annual appraisals
Automate and change employee desktop wallpapers daily to convey information security awareness messages
Promote information security awareness quiz (mandatory participation) and include in an annual appraisal system
Exercises for employees with internal fake social engineering use cases (Phishing Tests)
Identify, reward adoption of best practices by employees
Involve employees of all levels, keep them informed about internet ethics and digital wellbeing as a policy
Safety tips
Do not click unknown emails / attachments / links
Back up important files; store independently from a system in cloud or external drive
Always verify you are on a legitimate website before entering login details or other sensitive information
Use multi-factor authentication for remote access to organization’s network
Office Administrators must be advised to apply strict application whitelisting, blocking unused ports, turning off unused services, and monitoring outgoing traffic to prevent infections from occurring.
Use latest anti-virus/malware software on computer and mobile devices
Office Administrators must consider Mobile Device Management (MDM) and Mobile Application Management (MAM) to remotely implement security measures
Check availability and duration of remote login user actions. Ensure that remote sessions automatically time out and require re-authentication to gain access
Download mobile applications or any other software from trusted platforms only (App Store/Play Store)
Perform regular health scans on computers/mobile devices
Regularly check and update privacy settings on social media accounts
Ensure dual authentication for emails and banking platforms
Update passwords and ensure they are strong
Stay Tuned to Cyber Talk for more on internet ethics and digital wellness brought to you by Anil Rachamalla, End Now Foundation, www.endnowfoundation.org
Now you can get handpicked stories from Telangana Today onTelegrameveryday. Click the link to subscribe.