Cyber Security Advice for Members
30th September 2020
Due to the ongoing health emergency, staff are working from home for longer than anticipated. Our increasing reliance on cloud services and remote working presents a cyber security risk, and a challenge for many organisations.
To support staff, and protect your business, a number of simple measures to enhance good practice are recommended. Cyber security is not just the responsibility of IT professionals. Anyone who uses social media, a smart phone, landline or an email address can be a target of cybercrime. Attackers no longer require a high level of technical expertise or a detailed understanding of malware. Instead, viruses and malware can be easily embedded in emails that can look legitimate.
Cybercrime can have a detrimental impact on business, reputation, and productivity. Information security is therefore a key governance issue and should be part of an organisation’s risk management. The LQ BID has compiled some tips from various organisations so that members can take simple, cost-effective steps to minimise risk to their businesses.
Sometimes it can be obvious that an email is fraudulent due to its language and content. However, if a fraudster has done their research, they can impersonate individuals and make emails appear legitimate. For busy professionals working their way through countless emails, it can be easy to open a dangerous attachment if it is presented in a certain way. Here are some things to look out for:
- Watch for a sense of urgency, particularly if the email is of a financial nature. If the message is from your director instructing you to process a financial transaction immediately, question it.
- Check the tone, spelling, and grammar. These may suggest the email could be suspicious.
- Check the email address. Often this will be a key sign that emails have been intercepted.
- Never respond if you think an email is suspicious.
- Never click on a link directly from the email or text. Search directly from a secure browser.
- Genuine organisations will never make contact via email or text asking for personal information.
Take 5: Think about what you are being asked to do.
- When adding a new supplier to your system, contact them directly and confirm the bank details on the invoice.
- If a supplier makes contact to tell you they have changed their bank details, again contact them directly to confirm this.
- Again, be aware of changes in tone or a sense of urgency, language, and grammar.
NI Cyber Security Centre sets out five low-cost steps businesses should take to help protect their data and avoid attacks.
It may sound obvious, but you need to know what data to back up, where to store it, and make it part of your everyday routine. The 3-2-1 rule was established by photographer Peter Krogh:
- Have at least three copies of your data.
- Store said copies on at least two separate media.
- Keep IT safe with at least one copy offsite.
Protect your business from malware:
Ensure your antivirus software is up to date, prevent users from downloading certain apps, control the use of USBs and make sure there is a process for saving information, switch on firewall and ensure they are configured properly.
Keeping smartphones and tablets safe:
Ensure users connect to public Wi-Fi safely, and keep apps and software up to date. Have a plan for lost or stolen devices.
Switch on password protection and two-factor authentication, ensure users avoid predictable passwords and change all default passwords. Staff members should not be sharing logins.
Configure accounts properly, think about how you operate, know the obvious signs and check for a digital footprint.
These tips were covered by Joe Dolan from NI Cyber Security Centre in BITC’s recent webinar. If you missed it, you can watch it here:
Remember, cybercrime is not only a tech issue. Staff at all levels should be informed and involved in this to minimise risks to the business!
Stay up to date and find a wealth of information and advice through NI Cyber Security Centre’s hub.