GC Business Growth Hub's Cyber Security Best Practices

1. Create Strong Passwords

One person’s weak password has the potential to compromise not only an entire organisation’s data, but also the data of the company’s clients, suppliers, and partners. So, it’s amazing how many people use totally vulnerable passwords. Every year, cyber security firms publish a list of the top 100 worst passwords, and every year, passwords like 12345, 123456, 12345678, qwerty and “password” all top the list.

It is best practice that you use passwords that are at least eight characters long—the longer the better (fifteen charters long – which will take a hacker longer to break) . Try to choose passwords made up of words or phrases that are not interlinked and should not be specific to you (like name). Add numbers and at least one special character in the middle. Stay away from pet names, children’s birthdays, and other things that may be posted on social media profiles— cyber attackers will be looking for this.

2. Learn to Recognise Phishing Scams (cut the bait and run!)

Phishing is a type of online scam where criminals send an email that appears to be from a legitimate company asking users to provide sensitive information or asking to click on links to follow. If deceived, an employee could grant the attacker access to all sorts of valuable data—so it is essential you are aware of how to spot such an attack. The best approach on emails is that if you were not expecting the email, there is an attachment that is on the email that you are unsure of, or it doesn’t look right please contact IT immediately who will be able to advise the best course of action.

Here are a few things to be on the look-out for:

• The Displayed Name in the Email – a name displayed in the “from” box does not guarantee that this is the sender you can hover over this or hit reply to see what the email addresses really is.
• Suspicious Links (Don’t Click!) – If the web address you see when you hover over the link doesn’t seem to match the sender, be careful. And be wary if an email directs you to a website asking for a login, as this is the main way the cyber hackers will steal valid login credentials.
• Spelling or Grammar Mistakes – if it doesn’t look or sound right, it’s probably not legit.
• Odd Salutations – if the contact usually address you by your first name but the email greets you as “Valued Customer” or “Important Client”, send up a red flag.
• Request for Sensitive Information – if asked for information you wouldn’t be comfortable with sharing, pick up the phone and call a known number to verify the request.
• Implied Urgency – this scare tactic is designed to get you off-kilter and reply when you normally might not. If someone is threatening to stop a service without an immediate reply, stop and think about it and contact your tech nerd.
• Images that aren’t Quite Right – if the images or layout of an email seem a bit off, it’s likely an attempt to fool you.
• Suspicious Domains – many malicious emails use a domain that is close to the legitimate domain, but not spot-on. For instance, someone could use Capital0ne.com instead of capitalone.com to try and pull the wool over your eyes.
• Non-Standard Attachments – if the attached file is not one you recognise (like .doc for a word file, .xls for an Excel file, or .pdf for a PDF file), be suspicious.

3. Be Cautious of Software Downloads (always question a free lunch)

Most people naively believe that software downloads are safe if the software itself is from a trusted brand. In truth, these downloads can pose any number of security risks. What is important to understand is that where a program is downloaded from is just as important as what is downloaded. The internet is full of sites that offer free versions of many recognisable paid programs. But these downloads can contain trojans, spyware, worms, viruses, and other types of malwares which could have devastating effects. All users by design are unable to install software on corporate devices however to reduce the risk further please do not download anything from the internet and seek further advise from the IT department who will be able to run the necessary checks prior to accessing materials. 

4. Use Multiple Lines of Communication (it’s nice—and safe—to hear a voice)

Malicious emails don’t always come from strangers. They can appear to come from friends and trusted colleagues. If anyone sends a request for sensitive information like a routing number or login information, contact the sender on a separate platform to confirm the request. If the request comes by email, call the sender to make sure it’s valid.

5. Don’t Ignore Application Updates (they’re more important than you might think and yes, we do also feel the pain of being rebooted in inconvenient times) 

The constant reminder windows can be annoying, but they shouldn’t be ignored. These software updates are an important part of maintaining the security of your applications and software and the security of our network. Hackers know the vulnerabilities of out-of-date devices, so we need to keep up to date with all the latest patches. Many employees believe that application updates are optional or unnecessary. The truth is, they’re not. They are an important line of defence against new types of attacks.

6. Do not attach to unsecure Wi-Fi access

The work world is changing. Not all staff work from the office. Some work from home and some are spending time on the road. Restaurants and cafes have become meeting venues and workspaces. If you have a company mobile phone, we advise the saftest connection in this instance would be to tether to your company mobile (Details are available via our service desk). However, in the event of you not having a company issues mobile phone this means connecting to public Wi-Fi is not alternative. If in this instance always use Wi-Fi connections that are secured with a padlock which means that you would have to request the at the coffee shop, event meeting space of hotel their connection details. Never connect to a Wi-Fi access point that is unsecured as this could be a cyber hacker setting up a hotspot to carry out potentially attack and could be malicious.

 6. Beware Social Engineering (don’t let them in your head!)

Social engineering refers to a broad spectrum of malicious activities using psychological manipulation to trick users into giving away sensitive information. Perpetrators are particularly patient, waiting in the weeds, collecting data and background information on their intended victims. Then they gain the victim’s trust and provide seemingly harmless reasons for their victims to give up sensitive information. What makes social engineering so dangerous is that it preys on human error, much more of a wild card—and much harder to track—than taking advantage of vulnerabilities in software and operating systems. Social Engineering cyber hackers try to get at users through human psychology and preying on curiosity. It’s important to go into all cyber-situations with your eyes wide open

Here are several things can keep in mind to protect yourselves:

• Do not open any emails from untrusted sources. Sound advice under any circumstances.
• If an offer seems too good to be true, assume it is.
• Lock your laptop whenever you are away from your workstation.
• Do not click on any links you are unsure of
• Be vigilant about cyber security

Read our full Cyber Security guide for more tips on how to keep your business secure.