The 10 things you must NOT do on Company’s computer.

Sadly, we live in a world where people are preyed on by hackers for simply being human.

Our online behavior determines the risk and exposure of privacy invaded or even getting hacked. This, in turn, requires an understanding of why people fall victim to any sorts of attacks and exactly how attacks take advantage of the weaknesses in people’s online behaviors. It’s called the Suspicion, Cognition, Automaticity Model (SCAM). (will discuss this in the next blog post)

Another often-ignored factor involves the habitual ways people use technology. Many individuals use email, social media and texting so often that they eventually do so largely without thinking. And in turn media use becomes routine, people become less and less conscious of which emails they opened and what links or attachments they clicked on, ultimately becoming barely aware at all. It can happen to anyone, even the president.

Work computers are for work, though sometimes the lines blur just a little bit, so let us take a moment to help clarify what you should never be doing on a work computer.

10 Things You Should Never Do on Your Work Computer

  1. Don’t Use Your Personal Email

Personal email is risky when it comes to company’s computers. Do your best to keep your personal activities innocuous, as a mail could contain something inappropriate for work or a virus that could infect the entire office.

  1. Don’t apply for Jobs at Other Companies

This is very common in our “working-class society” nowadays whereby we spend half the expected working time to search for other jobs online. If you’re restless at work, job search on your own time on a personal computer. I urge you to respect the company and its policies as this is not only a breach of contract but also a data protection breach.

  1. Don’t check or update your social media accounts

Your social status is personal and therefore at all times avoid using any public device to access them as most of the ae very vulnerable and therefore upsetting the security protocols for your company.

Protect your personal information by being careful what websites you leave your personal details and ensure your social networking profiles are set to private (Facebook, Twitter, LinkedIn etc.)

  1. Never Save Personal Files to Your Desktop

It may seem harmless to keep a few documents of your own saved to your work desktop but just don’t do it. At the end of the day, the company owns the content that’s on the computer, this means that legally, you may come across serious issues if any security-related issues are connected to your files.

  1. Don’t visit any Sites that against company Policies or watch disapproved content.

This seems obvious, especially since people are fired all the time for inappropriate searches, but there’s one thing you may not realize. It doesn’t take insane software to have websites flagged to HR with your name saying that you’re looking at this and it’s inappropriate.

Also, often than not there are valid reasons why companies deem some sites unworthy of their time as some possess a threat or breach of security (e.g. pornography sites).

  1. Suppress the Urge to Shop Online

Shopping online might seem as the most convenient modern technology has offered us. But while you may enjoy scouring the Web for cheap deals in the comfort of your office, your shopping accounts, and financial transactions could be compromised by countless prying eyes.

Now that data breaches, incidents of hacking and identity theft etc. are becoming more common, I, therefore, urge you to not use the company’s computer as this possess as a huge threat to it Information privacy.

  1. Don’t Have Personal Conversations Over Office Chat

We all love a good “hangout” channel office gossip or dishing on what’s going on with those two love-birds in accounts, but make sure to remember that everything you type is logged—so keep it all professional always.

  1. Lend it to a friend or family member.

Remember when you got the job you agreed to adhere to the company policies, this includes IT security policies. By sharing your work device, you are exposing the company to the potential risk of attack.

  1. Never download any software’s without IT admin approval

Keep your computer configuration current with the latest patches and updates and report suspicious activity to your  IT  administrator.

     10. Never open any suspicious email.

Emails and online deals that look too good to be true, usually are! If you receive emails from unknown sources, then do not open them especially if they have attachments.

 

 

 

 

Make employees care about cyber security with this 10 tips

Did you know your employees are your best assets, and you need to invest in them continually? If you did not know, now you know. Get them patched frequently, else you’re always going to have vulnerabilities. Even in a company with one employee or thousands, it’s worth training them as opposed to taking on the risk of a breach and this is because they represent a large potential attack surface in every organization. Take it from Techinnovar.

Here are 10 tips for best cyber risk practice for all employers.

  1. Perform “baptism by fire” training exercises

The best training today is “baptism by fire” training, in which the users undergo a simulated attack specific to their job, I would say.

Let them become a victim to an attack that’s arranged by a security department or an outside cybersecurity company, and then they’re asked to understand the lessons they’ve learned from that attack, and the implications on the business, on their personal lives and how they could have prevented it. And then they’re asked to share that experience with their peer group through a report.

By performing regular phishing tests, in which the IT team sends out a fake phishing email to all employees across the organization, and gauge how many people click on it. Then, they can break that data down by departments and types of messages, to tailor training to problem areas. It also allows the company to show progression.

  1. Top management involvement.

The IT team need to make the rest of the team aware of the ramifications of a potential breach. Typically, to have a good cyber plan, you have to have a lined item in the budget for people, hardware, or software, year after year. That means getting the CFO, and CEO of the company involved.

  1. Start cyber awareness training for every new employee

Every first-time employee joins the company, start building the mindset as all new hires go through security training from day one. That way they learn from day 1 that cybersecurity is important and that they are going to get continuous training.

  1. Frequent system evaluations

Make a timetabled plan for performance evaluations of both employees and systems to find out how vulnerable your organization is to attack. Until you do that, you won’t know how bad or good your security posture may be. Like we say here at Techinnovar, we detect to protect!

  1. Communication flow

Create a good communication culture for cybersecurity information to all employees, to get all departments on board with training and learning best practices. This will help break down the topic creating alignment, and this helps people work on it together.

  1. Have a handy formal plan

IT teams should develop a formal, documented plan for cybersecurity training that is reviewed and updated often with the latest information on attack vectors and other risks that are bound to occur.

  1. Appoint cybersecurity culture ambassadors.

Tech leaders should appoint a cybersecurity culture ambassador in every department at their organization. These representatives can act as an extension of the IT team and keep employees trained and motivated. That’s something that’s often overlooked—use the resources you already have in the company beyond the IT team.

  1. 8. Training, training and more training

Do not shy away from Cybersecurity training. You should make it a continuous process throughout the year, at all levels of the organization, specific to each employee. If you’re an end user, there must be training associated with the types of attacks you might receive—for example, attacks on your email or attacks that are oriented on the type of job you hold. If you’re in IT, the attacks may be more technical in nature in terms of the attacks you might be seeing.

  1. Insist on the importance of security both at work and at home.

IT teams should help employees appreciate the importance of cyber hygiene not just in the workplace, but also at home. Teach users about privacy, security, and how the lessons learned at work can apply at home and in their personal lives to give them a ‘what’s in it for me’ they can apply all the time, not just at work.

  1. Reward employees

Make it a fun-fair by rewarding employees that find malicious emails and share stories about how users helped thwart security issues. IT leaders should also empathize with employees who make mistakes: Many employees send or receive hundreds of emails per day, so asking them to avoid one of those can be difficult.

While these training tips can help, education is not a permanent solution but, just one aspect of defending the environment from advanced attacks.

Stay up to date on all the latest cybersecurity threats. Click here to subscribe to the Techinnovar newsletter.

 

 

 

SMEs Beware: Hackers Targeting Small Businesses

Many hackers are shifting their focus from large enterprises to small businesses.

Small business owners frequently assume that hackers have little interest in attacking their organizations – “after all,” they reason, “what data do I have that a hacker could consider valuable?”

They are terribly wrong.

In fact, today, about half of all cyberattacks target small businesses.

Information security often takes a backseat to other issues that small business owners face,business owners can likely dismiss information security concerns as applying only to larger organizations. That is because small business owners frequently hear news reports about huge data breaches like those that happened at Yahoo   they may incorrectly assume that hackers only pursue companies with huge volumes of valuable data; such a notion is simply not true.

When it comes to information security, no business is too small. Small businesses increasingly find themselves the focus of attacks directly targeted against them and designed to steal funds, information and customers.Furthermore, the trend towards targeting small businesses is likely to continue – small businesses have become, in the eyes of many hackers, more attractive targets than larger enterprises. Here are some of the reasons:

1. SME have valuable data.

Contrary to many people’s perceptions, the majority of small businesses store either financial information that can be used for fraud, or personal details that can be used for identity theft – i.e., they have data that criminals want.

2. SME can provide hackers access into many other small businesses.

Small businesses often use services from other small business – and those offerings may not be secure. In some cases, competing small businesses may even utilize the same service from the same provider – which, can lead to all sorts of security problems.

3. SME owners pay ransoms.

Nearly every small business has computer-based data that it needs in order to operate, and few have the capability to independently recover from a ransomware attack, so small business owners are likely to pay ransoms if hackers encrypt critical data and demand money to restore access to it.

4. SME often lack adequate cyber-defenses.

Small businesses rarely have the defenses that large businesses have – so while the reward to a hacker may be smaller if he or she breaches the “little guy” than if he/she hacked a major corporation, the odds of actually achieving a reward are often much greater. To put it simply, smaller businesses are frequently much easier to hack than larger enterprises.

5. SME provide hackers access into larger enterprises.

Small businesses supply larger enterprises with goods and services – information gradually collected from small business systems may be a hacker’s golden ticket into a larger enterprise. The massive Target breach of just a few years ago, for example, began when a hacker exploited the access that the retail giant provided to an HVAC contractor.

6. It is likely a lot easier to get away with hacking a SME than a large enterprise.

Small businesses are far less likely to have security personnel and technology in place to detect an attack as it occurs, and are less likely to have technology creating and protecting audit logs and other data needed to both perform forensic analysis and establish admissible evidence. As a result, someone attacking a small business is much less likely to get caught, arrested, and punished than someone who attacks a large business. Criminals know this – and some who would never risk trying to attack Amazon.com, for example, might have no qualms about trying to hack a mom-and-pop retail outlet. The likelihood-of-being-brought-to-justice imbalance is further exaggerated by larger firms having much greater political clout and access to law enforcement than smaller businesses, coupled with the fact that small businesses are far more likely to fail as the result of a breach – meaning that some folks who might otherwise have pursued legal action against hackers simply do not have the time and resources to do so, or may “move on” to other jobs and not “dwell on the past.”

TACKLING THE THREAT

  1. Knowledge is the most effective weapon any small business can wield against cybersecurity risks. In the great linen hack of our times, companies could easily  protect itself by as simple changing the vendor default password. That simple precaution might prevent the breach of more than 1,000 clients records and avoided a drawn-out legal battle with their competitor.
  2. Small businesses should complement education-training efforts with a strong array of technical controls designed to minimize risk.
  3. At a minimum, small businesses should ensure that they leverage strong passwords, automatic updates for applications and operating systems, hardware firewalls, and encryption for their wireless network. This simple array of controls will go a long way toward defending against many cybersecurity threats.
  4. Similarly, small business owners and employees must be aware of the risks posed by social engineers, who use highly targeted spear phishing attacks to fool employees into revealing sensitive information. Modern attacks are quite sophisticated and leverage internal information, branding, and industry knowledge to manipulate unwitting targets into believing the legitimacy of an attack message.