Key Security Risks
People - A large proportion of cyber attacks are targeted at exploiting individuals, and therefore people are the biggest security risk for companies and families. Education and awareness of potential risks and cyber threats is an important step to reducing the risk of somebody falling foul of a phishing attempt or introducing malware through another means.
Passwords - Protecting your online accounts and profiles is an important aspect of preventing cyber crime, with passwords being a key aspect. Ensuring passwords are complex and unique to each account is a great step towards protecting your digital accounts. Using a password management tool like LastPass or 1Password can be a big help and save you having to remember or write down login details.
Email - Many phishing scams start with an email or messenger contact. They often look official and carry the branding of a trusted organisation but will have links to malware or cleverly disguised landing pages aimed at collecting sensitive data. Being alert to potential email scams and verifying sender identity will prevent you clicking on links to malicious content.
Networks - Securing routers and home networks, making use of firewalls and access security features will help protect you whilst connecting to the internet at home. Connecting to the internet in public areas can be more risky. Routers may not be secure, traffic may not be encrypted and hackers can exploit these vulnerabilities to intercept communications and collect important details. If you connect to open WiFi networks consider using a Virtual Private Network (VPN) to protect your connection and avoid connecting to highly sensitive content like bank accounts when in these areas.
Software - We’re all familiar with our computers or phones telling you to update your software. this may be frustrating at time but it is a critical part of staying safe online. Latest updates regularly include important security fixes and patches and software and applications should be kept up to date.
3rd parties - If you’re in business, the chances are you’ll be connected to 3rd party services, whether that’s for payment processing, customer relationships or marketing. We’d recommend keeping a log of all 3rd party connections and reviewing these frequently. Ensure they are up to date and following best practice. Look at reviews and make sure there have been no data breaches on their systems.
Remote working and bring your own device (BYOD) policies - Where your business operates remote working or bring your own device to work policies you need to consider the potential risks. Helping ensure staff and contractors are suitably aware of the risks and responsibilities of connecting devices to the network is a critical step. Reviewing security practices and software with remote and BYOD users is also an important step to minimising the risk to the business of malware unwillingly being introduced to the network.