As we develop our Employee Information Security (EIS) Awareness program, we thought we would share some of our insights for our viewers as they prepare for 2016.
In an effort to keep this post short, its high-level and there is so much more you need to be aware of – so keep an eye out for EIS arriving in April.
Malware (Malicious Software), Password breaking and Identify theft are high on the agenda for cyber-criminals. In 2015 Australia Post Parcel service was attacked which is a great example of the sophisication around Malware emails/attacks. A couple of years ago, we could easily identify these emails by the poor grammar and spelling errors (as the majority of criminals come from non-English speaking backgrounds). However, they are improving and getting more sophisticated – so we need to be on our guard!
If you receive an email which asks you to click on something to verify your ID or to avoid penalties (all malware attempts need you to click on something in order to infect your computer, and will all have a THREAT – e.g. “You have 30 days to prevent x” – x being monetary penalties, or having your account locked etc… NEVER click on these!! In fact, if you run your mouse over the hyperlink (do not click!) you will notice the URL (hyperlink) is completely bogus – a good give-away that this is a Malware attack.
Best defense is:
- Ensure you have a reputable Anti-virus and Malware program running on your computer AND ensure it is ALWAYS up to date.
- Never click on an email asking you to verify unless you are 100% sure its part of a sign up process.
- Delete the email! and ensure your mail system has SPAM filters activated
Most of us have a hard time remembering passwords. As a result, we tend to use the same password on all our important systems (banking, subscription services and so forth). Most of us probably haven’t changed our password in some time. The most common cyber-threat is breaking passwords, so you should ensure:
Your password is complex (containing upper, lower case letters, numbers and character combinations). Most sites include a password-strength indicator – your password should be STRONG.
Most organisations enforce a 90 day password change request for accessing the company network. We should adapt a similar process for our personal passwords. 90 days may not be achievable for some, but at least every 6 months you should change your passwords.
Try to NOT use the same password for everything
Create something memorable. Interchange letters with characters or create acronyms representing something you can remember.
It takes a little practice – but its quite easy after a few changes..
I generally avoid using public internet computers (e.g. in shopping districts). In my opinion the risk for those computers being affected by Malware is high. I just avoid them.
Turn off your mobile blue-tooth discovery services (unless you need it, but turn off when not using).
I hope this helps to get you thinking. Its a REAL issue and NOT GOING AWAY. The cyber-criminals are getting more sophisticated and they will keep going whilst the rest of us try to keep up…
Finally if you are unlucky enough to become affected, get your computer or device OFF the internet immediately and stay offline until you clean the device. Avoid further spreading of the problem.
Best of luck and remember you are the first line of defense when combating cyber-criminals.