While Synergy’s robust cyber security strategies will help stop businesses from falling victim to online criminals, we also educate teams on best practices. Your employees are the ones on the frontline when it comes to cybersecurity, and with a little bit of coaching, they can prevent attacks before they happen.
Pass these tips to your team to begin a proactive rather than reactive online strategy.
Understanding the Dark Web
It sounds like something out of a sci-fi movie, but the Dark Web is where your credentials are bought and sold by cybercriminals. They get more money for selling your credentials when tested on more platforms – the better the access, the more dollars.
While accessing your employee’s social media account might not seem like a big problem, many devices also have business-related software or apps. If the company’s email is on the same device (or home PC because they’re remote workers), then that platform is common to all, and there is a big chink in your armour. Use multi-factor authentication to build a barrier.
Patch those holes
Like a fence around a building that develops holes, so does software over time, and unwanted access is made all too easy. Thankfully, there is a simple fix, and every employee should regularly make sure their patches are up to date. As the names suggest, patches are updates that the software companies release to avoid security breaches, which only take a few clicks.
By hitting the ‘menu’ and then ‘update’, you can see the status and which ones need implementation. Windows will give you a status of what all your patches are doing. So your team can update manually, and it’ll work.
Don’t forget about other devices on the network that maybe aren’t patched. We can run a vulnerability scan on the network and give a status update and recommendations on what to do next.
Email phishing attacks are incredibly sophisticated and can be difficult to spot as the communication seems to be from a legitimate source. The attack is carried out either through a malicious file attachment or links connecting to malicious websites. In either case, the objective is to install malware on the user’s device or direct the victim to a fake website to grab personal and financial information, such as passwords, account IDs or credit card details.
Prevention here is around vigilance and education. Email addresses are the biggest giveaway (e.g. firstname.lastname@example.org), and it’s a good idea to contact the organisation directly if there is any doubt.
To make the training more effective, our team can organise bogus phishing attacks, which equip staff with the skills and positively impact your cyber insurance.
From WhatsApp scams to bogus friend requests, social engineering is about getting as many of your login details and information as possible. Victims often click on links that extract a password, and then the scammers can run that password across everything from Microsoft, Gmail and your work login. As we mentioned, the bigger the hit, the bigger the bounty on the Dark Web.
There is a high level of sophistication in these scams, with vulnerable people sought out and targeted. For example, they can tell from your social media that you are single, so they might send fake dating sites or bogus friend requests from people you might find attractive.
The fix here is simple: ask your team to regularly change their passwords and don’t use the same password on each platform – especially not the same password for your company access!
- If you’d like to know more about securing your business, please contact the Synergy IT team.