We all have personal aspirations ahead of us in 2023 - eat healthier, exercise more, learn a language, write that book you keep telling yourself you have in you - but it’s also important to make Cyber Security a New Year’s resolution, too.
2022 was peppered with cyber threats, be it scams, fraud, phishing (which was particularly prevalent) to the darker end of the spectrum: ransomware.
This is why we constantly encourage businesses and organisations to keep their collective eyes on the ball and protect themselves from cybercrime, because one thing is for certain: the threat landscape in 2023 will not be any clearer.
It may seem like a bleak prediction, but the truth is threat actors and cyber criminals are becoming more skilled, more sophisticated in their approach, more dedicated and vehement, and therefore the threat levels in 2023 will be as high - if not higher - than 2022.
So it’s vital that SMEs - and businesses of all sizes for that matter - ramp up their cyber resilience, bolster their cyber hygiene and look to reduce the risk of falling victim to cybercrime whilst protecting themselves from the type of threats that have dominated the last 12 months.
We have put together some ideas that should be included in your Cyber Security New Year’s Resolutions this year. It’s not an exhaustive list, as there are bounteous threats out there. So to keep up with the latest risks and threats we recommend becoming a member of the centre. It’s free to join and this year we are expanding our team to help your business, offering a better customer service experience. That’s our very own cyber New Year resolution right there.
But for now, we have put together our top five tips based on recent trends that your Cyber New Year Resolutions should include. They are:
1. Phishing Attacks
Over the past two years, as the world has been gripped by a global virus, a huge surge in phishing attacks washed over us all, and it became hard to trust the multitude of texts and emails we received.
Criminals exploited the fear and chaos caused by the pandemic, and Covid-related phishing lures proved to be an extremely effective way to dupe unsuspecting individuals into clicking on malicious links.
Then came the cost of living crisis. As prices soared, criminals exploited the fear and uncertainty surrounding cashflow concerns and targeted vulnerable people with sophisticated phishing lures.
As this crisis continues, we can expect these types of attacks to continue well into 2023, so it’s vital that employers and employees alike are on their guard and can recognise all the signs of a coordinated phishing attack.
Whether it’s via email, text or a carefully crafted website, phishing attacks will typically pressurise you into taking immediate action. Other warning signs include threatening or urgent language, requests for personal or financial information, generic greetings, poor grammar, or a mismatched URL.
Want more information on phishing? See our blog entitled 'Let’s remind ourselves about phishing...'.
2. Create Strong Passwords
One of the easiest ways for hackers to gain access to sensitive company data is to guess passwords.
Bad password practice is more prevalent than you might think - for example, the UK’s National Cyber Security Centre carried out analysis of passwords leaked in data breaches and found that more than 23 million users worldwide used 123456 as a password!
And that's not all, a staggering number of people use the same username and password combination on all of their accounts, meaning that should hackers can gain access to one account, they can potentially access them all.
To protect sensitive company data, you should use strong and unique passwords on all your accounts. A strong password should be between 8-15 characters long, a mix of uppercase and lowercase letters and include numbers or symbols. For extra security, substitute letters with numbers and symbols to make it even more secure, or follow the Three Random Words rule, endorsed by the National Cyber Security Centre.
When choosing a password, avoid the use of:
Your name in any form or any abbreviations
The name of close relatives or pets
Your username
Birth dates or anniversaries
Famous quotes
3. Enable Multi-Factor Authentication
Multi-factor authentication, 2-step verification (2SV) or 2-Factor Authentication (2FA) provides an extra layer of protection that can significantly reduce the chance of your accounts being hacked.
In addition to a username and password, multi-factor authentication requires two or more forms of authenticating data to confirm your identity. This could be a pin, code, token, or even biometric data such as a fingerprint.
It’s one of the simplest ways to keep sensitive company information private and secure from interception. This could be for logging in, resetting a password, or to provide a stronger authentication process for the protection of sensitive data like personally identifiable or financial information.
As large numbers of employees continue to work remotely, multi-factor authentication can provide a secure way to access company data without compromising corporate networks.
4. Avoid Oversharing on Social Media
Social media sites can have cyber-criminals rubbing their hands in glee. They can find a wealth of information about potential victims before launching an attack. In fact, more than a third of social media users (39%) have experienced fraudulent activity due to oversharing on social media platforms.
Seemingly harmless posts, photos, and details in your profile could open you up to identity fraud, theft, and privacy invasion. By harvesting the information that is available across different social media platforms, attackers can then develop highly targeted attacks that will exploit your trust and establish entry points for future scams.
To stay safe on social media, be selective about what you share online and with whom; provide limited information on social profiles, don’t tag your location, and use enhanced privacy settings.
Also, keep your corporate social media accounts secure by ensuring you have a few practical measures firmly in place and be cautious of sharing data via public WI-FI.
5. Regularly Update Security Software
It can be tempting to click on the ‘remind me later’ button when a security software update pops up, but you should always install these updates as soon as they become available. New vulnerabilities are discovered all the time and unless patches are applied, hackers can exploit these vulnerabilities to gain access to corporate networks.
Many people find these updates annoying, a hindrance or a waste of their time. But what’s worse, taking a couple of minutes to ensure you’re up-to-date, or getting hacked as a result of a compromised vulnerability that could have easily been avoided?
There is also the ‘why would someone attack me?’ attitude, which, if this applies to you, you really ought to consider changing your stance this year! Hackers can and will attack any business, from window cleaners to multi-national conglomerates.
Remember: a patch is essentially a piece of code that is installed into an existing software program to correct a problem or ‘bug’. It’s also used to improve an application’s general stability or to fix a security vulnerability.
Patching is estimated to prevent up to 85% of all cyber attacks so it’s vital you regularly update your software to ensure you are running the most up to date versions released by the manufacturer.
If you want to find out more about the threats that your business may face, we offer Security Awareness Training as an affordable service. It covers all the above in great detail and we can tailor it to your business's needs. Read all about it and get in touch for more information or to chat to the team.
Reporting
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).
Comments