8 guidelines for avoiding a cyber attack
Just last month, Deloitte, one of the Big Four accountancy firms, endured a cyber attack which has since hit 350 of their clients. The victims included blue-chip companies, household names, and even the US government. Unfortunately, this kind of headline news is becoming more and more familiar as cybercrime continues to grow and evolve.
It is undeniable that cyber attacks are increasing in terms of scale, scope, and sophistication. Hackers, even the less sophisticated ones, are becoming more effective at breaching IT weak points. This is often as a result of crime kits, developed by experienced hackers and sold to other criminals.
Ultimately, this means that it has become easier for the average criminal to hack and, therefore, many more cybercrimes are being committed. At Unity, we’re very aware of the role every member of staff plays in keeping Unity systems, data, customer information and, ultimately, our business safe from hackers and fraudsters.
Defending your IT against a cyber attack with a collaborative approach
Instead of burying your head in the sand, it is important, now more than ever, to take a holistic view of your IT security. Most companies know by now to install the appropriate cybersecurity software, but what about educating users about how to recognise a potential cyber attack?
In the face of the increasing number of cyber attacks, and specifically, ransomware attacks, such as WannaCry and Petya, user vigilance in an ever-evolving digital world has never been more important. At Unity, we have implemented a number of technical safeguards, including firewalls, anti-virus software, email filters, etc., to defend our IT infrastructure.
But even these robust precautions cannot prevent human error. User awareness and vigilance is a major contributing factor to risk mitigation. For example, if an email looks odd, don’t take the chance of opening it. We always advise our employees to check an email with the Service Desk if they feel there is anything at all amiss, so they can make an informed decision as to whether it is legitimate or not.
When it comes to cyberattacks, prevention is better than cure! Successful social engineering attacks, such as those perpetrated through phishing emails, typically hit targets because users can at times make poor decisions. This is why keeping data and systems safe needs to be a collaborative approach.
8 guidelines to staying cyber safe – at work and at home
Across the globe, in every business, in every home, there are eight key things that can help you to stay cyber safe.
1) If you suspect deceit, hit delete
Phishing emails generally look for things like account information, they do not address you by name and often have contextual, spelling or grammatical errors. If you think you have received a phishing email, don’t respond, delete the message and report the incident to your IT department or provider.
2) If in doubt, don’t open it
Be careful when clicking on attachments or links in emails from unknown sources. If it’s unexpected or suspicious for any reason, don’t click on it!
3) Passwords always protect
Strong passwords are important in protecting information. Use a strong mix of alphanumeric and special characters and don’t share your passwords with others or write them down! You can use a password generator to create random passwords that will be hard to guess, and there are numerous secure password managers online so you can store them safely.
4) Minding your data
Do not store confidential or strictly confidential data on your computer. Any sensitive information should be held in secure, encrypted storage. At Unity, for example, we use Groupshare, SharePoint, and OneDrive.
5) Surfing safely
When submitting sensitive data on a website, you should ensure the connection is safe by checking for a digital certificate. This is indicated by a https rather than a http reference in the website address e.g. https://www.google.ie. Always look out for the ‘S’ – if it doesn’t exist, it’s not secure.
You’ll also see a little green lock with the word ‘secure’ in the address bar, next to the URL of the page. On some sites, the word ‘secure’ is replaced by the company name. Here are two examples:
6) Watch out for Wi-Fi
Personal browsing, such as banking or shopping, should only be carried out on a device that belongs to you and on a network that you trust. Whether it’s a friend’s phone, a public computer, or a free public WiFi—your data could be compromised, copied or stolen.
7) Control + Alt + Delete when you leave your seat
Never leave your devices unattended. If you need to leave your computer/phone/tablet device make sure to lock it so no one can use it while you’re away.
8) Don’t be afraid to say no
Be wary if someone unknown to you attempts to gain information from you through manipulation. If someone calls or emails you asking for sensitive information, it’s okay to say no!
Using your own discretion is a significant aspect of maintaining security on a day-to-day basis and should be practised continuously. However, being able to use correct judgment is largely based on your own education of cyber attacks and how to recognise them.
Keeping up to date with every new variation of cyberattack is not possible, but following guidelines such as those above greatly mitigates the risk of a cyber attack. And, of course, continue to arm yourself with expert advice from our IT security specialists!