One of the biggest liabilities to a company’s security starts at the frontline – surprisingly not with your IT, but your employees. It is reported that 99 percent of cloud security failures will be caused by human error or behavior. It is vital to recognize the importance of protecting company data by educating your frontline.
As a Managed Services provider, we are here to help you along your path of learning to be security conscious. It is important for us today to cover key tips for known issues should you run into them.
User Access & Device Security
The ability to work remotely has increased more and more due to COVID-19 and the flexible culture shift, providing even more points of access that need to be protected. Hackers do not solely target desktops, laptops and PCs, they can also access your data via your tablet, smartphones as well as other mobile devices. Companies can no longer rely upon an employee being physically on the same network as a security factor.
- Secure non-domain joined devices connecting to your company network and data by using MFA Authentication and VPN Settings. As businesses move their data to a cloud environment that can be accessed anytime and from any place, MFA can ensure your personal and financial information has a second layer of defence outside of your company network. Employees also need to be wary of network connections they decide to use working remotely. At public places with WIFI or hotspot access, there is always a risk of tapped networks. Control the data exchange over your network by encouraging employees to use only trusted network connections. If in doubt, have a VPN installed for your remote uses to connect to your network.
- Never approve a MFA Authorization Request that you did not prompt for. Treat your Microsoft or Google Authentication App as the gateway to all your personal and company data. If a ‘MFA Approval Request’ has been prompted and you did not request it, MFA is doing its job and someone else is trying to access your data. Deny or decline the request!
- Lock your device before you leave your desk. Sadly, security threats are not confined to just cyber attacks. Stop people accessing your information when you’re away from you desk.
- Windows: Hold the Windows key and press the ‘L’ key.
- Mac: Press Control + Shift + Eject (or Power key) at the same time.
- Never use obvious information to set up passwords, use a ‘passphrase’ instead. Please read our article ‘What are Passphrase Passwords?‘ for more information.
Social Engineering Attacks and Phishing
Social engineering attacks rely on unsuspecting users to bypass security protocols in order to access valuable data and resources. Firewalls, email filters and malware protection software are some of the key tools used to help secure data being transferred over network. These tools however won’t fix user-caused security issues, that’s where user training comes in.
7 signs to check if you’re being ‘phished’:
- “From” line – Ever seen an email from someone you thought you knew and then was like “Oh, you’re not my friend Mandy…”. Hackers know you’re more likely to trust an email from someone you know. Always pay close attention to the sender email address.
- Example: firstname.lastname@example.org vs email@example.com. The second email address is missing the “i” to appear legitimate.
- “To” line – Check if the email you’ve received has additional unknown people also attached. Hackers try to target as many people as they can.
- Hyperlinks – Check if the embedded link matches what the text relays by hovering over it before you click. Only click links from a trusted sources.
- Time – Do you usually receive an invoice from an accounts department around 2am? Always pay attention to what time you have received emails, especially around the holiday season. Hackers are out to get your financial information increasingly during these times.
- Attachments – In addition to checking the time of emails, do not open attachments that you’re not expecting. These may contain some sort of virus or malware to compromise your system’s security.
- Subject – Have you won a $1 million dollars recently? Or possibly an invoice that needs urgent payment now? Hackers try to real you in with various tactics that alert you to take action immediately. If ever in doubt, validate the source of the email with a phone call before you take any action further.
- Content – Again, hackers try to real you in with various tactics that alert you to take action immediately. Never provide personal details without validating the source first.
Don’t click! If you believe that you’re being phished, inform your MSP or IT Team via our support channels!