Know how to keep cybercriminals at bay

Develop awareness strategies to stop them to steal data, say experts

By Anil Rachamalla

There are different types of cyber-attacks, from phishing, Man in the Middle, SQL Injection, Cross Scripting and Distributed Denial of Service to Ransomware and Eavesdropping Attacks. When it comes to protecting your business from attacks or data breaches, you should be on the lookout for cybercriminals who are tough to spot. But you can recognise a few of these common cybercrime threats and save your organisation from costly losses.

---

The Social-Engineer– These criminals fake an identity and request data-rich information like filling out KYC forms in a time-pressured scenario

Spear Phisher – Send malicious emails altered to appear legitimate containing links that unlock access to banking credentials, trade secrets and personal information

Malware, Spyware and Trojans have been found implanted within the free applications – APK & DMZ Files that downloaded from non-legitimate websites

The Hacker – Most confirmed data breaches are results of hackers leveraging weak, default or stolen passwords

The Rogue Employee – Current or former disgruntled employee can abuse their insider access and knowledge

The Ransom Artist – The growth of ransomware as a service makes it easier for bad actors to seize control of data and force businesses to pay them

What can cybercriminals do?

Risks: Disclosure of confidential information, loss of trust, system failure

Cause: Cybercrimes like hacking, phishing, scamming and ransomware

Consequences: Financial loss (client suing replenish trust account, recovery costs)

Severity: Monetary loss, loss of reputation, loss of business and intellectual property loss

Likelihood: Almost certain if you don’t have adequate security protection processes in place

Developing information security awareness strategy

When you decide that you want to create information security awareness within your organization, your goal is to make sure that everyone understands potential cyber threats and risks. They need knowledge and skills to help prevent cyber-attacks.

Information security awareness strategy tips

Create special sections on your website/intranet devoted to information security policies and awareness content

Use official social media handle to deliver messages at regular intervals

Posters with information security best practices in cafeteria and other places where employees visit

Have a column in newsletter/blog on the company’s information security initiatives

Develop and explain your company’s information security policies and present them during Induction programmes and annual appraisals

Automate and change employee desktop wallpapers daily to convey information security awareness messages

Promote information security awareness quiz (mandatory participation) and include in an annual appraisal system

Exercises for employees with internal fake social engineering use cases (Phishing Tests)

Identify, reward adoption of best practices by employees

Involve employees of all levels, keep them informed about internet ethics and digital wellbeing as a policy

Safety tips

Do not click unknown emails / attachments / links

Back up important files; store independently from a system in cloud or external drive

Always verify you are on a legitimate website before entering login details or other sensitive information

Use multi-factor authentication for remote access to organization’s network

Office Administrators must be advised to apply strict application whitelisting, blocking unused ports, turning off unused services, and monitoring outgoing traffic to prevent infections from occurring.

Use latest anti-virus/malware software on computer and mobile devices

Office Administrators must consider Mobile Device Management (MDM) and Mobile Application Management (MAM) to remotely implement security measures

Check availability and duration of remote login user actions. Ensure that remote sessions automatically time out and require re-authentication to gain access

Download mobile applications or any other software from trusted platforms only (App Store/Play Store)

Perform regular health scans on computers/mobile devices

Regularly check and update privacy settings on social media accounts

Ensure dual authentication for emails and banking platforms

Update passwords and ensure they are strong

Stay Tuned to Cyber Talk for more on internet ethics and digital wellness brought to you by Anil Rachamalla, End Now Foundation, www.endnowfoundation.org

---

Now you can get handpicked stories from Telangana Today on Telegram everyday. Click the link to subscribe.

Click to follow Telangana Today Facebook page and Twitter .

---