During October, BH Consulting has been sharing daily advice about digital security and privacy on its social media channels as part of EU Cyber Security Month. This blog gathers together all of these tips into a single place. As each week goes by, we will keep adding to the content, in descending order. By the end of October, it will be a single resource for security advice you can share with colleagues or friends and family.
For week four of our campaign, we looked at ways to improve online security and privacy in our personal lives. With recent social media breaches still fresh in the memory – or at least they ought to be – it’s worth reviewing privacy settings on these sites. We shared a link to Europol’s page with excellent tips for adjusting the settings on some of the most popular social channels like Snapchat, Instagram, Twitter and Facebook.
Staying with social media, our following tip covered the risk of sharing misinformation. Sometimes we do it with good intentions, but it’s always worth checking the truth with a reliable source. As Brian blogged earlier this year, the internet is a breeding ground for urban myths and untruths. “Every time we unthinkingly share false news, we’re helping them to grow and spread.”
Our Wednesday warning covered the phenomenon of scam calls, which are still very prevalent. Apart from the nuisance value, they could be criminals tricking you into divulging bank details, or stealing your money. For this tip, we shared a link to the Office for Internet Safety, which has a range of guides on ensuring a safer online environment.
Our Thursday tip urged people to watch for suspicious web addresses and scam offers. Visiting fake websites could infect your tablet, mobile or laptop with malware – or steal your data. The consumer magazine Which has some excellent advice on how to spot fraudulent websites.
Continuing the theme from our previous message, our Friday post warned of face shopping websites. That’s a year-round risk but it’s especially true in the runup to the holiday season. As our blog from last year shows, if you plan to part with your money online, make sure you only visit safe, verified websites.
Week three of EU Cyber Security Month began with a reminder about the importance of reading. Well researched, highly regarded reports like Europol’s IOCTA (internet organised crime threat assessment) and the Verizon Data Breach Investigations Report are valuable sources of intel.
Improving security culture is often a matter of taking some simple steps to improve readiness. The UK’s National Cyber Security Centre looks at 10 of these areas with a series of free guides. The advice includes making security a board-level responsibility, through to implementing secure configuration and managing user privileges to stop threats.
With threats and risks changing all the time – while your organisation also adapts and grows – it’s essential to stay on top of current best practice. Our Thursday tip reminded that it’s always worth refreshing your knowledge of network and information security. We linked to a quick-fire quiz from the organisers of EU Cyber Security Awareness Month. Taking the quiz might identify areas where you can up your game.
Our fourth tip of the week was aimed at organisations with mature security controls. For those with confidence in their defences but wanting to improve, a red team exercise can identify possible weak points. Here’s our blog about the benefits of red teaming.
Now that we accept that security incidents can lead to business downtime, what can we do about it? We start by making the organisation resilient. This happens through agreed processes and careful preparation so that if the worst happens, the business can keep operating. BH Consulting CEO Brian Honan has spoken about this very topic, and that was our link for the final tip of the week.
We kicked off week two of EU Cyber Security Month with a reminder that information security covers more than just data. Having a clean desk policy at work can protect important information in physical documents, as well as computers. Here’s a good sample policy developed by SANS Institute.
Our second tip of week two covers a key starting point for any good security plan. Knowing what data you hold helps in making choices about what level of protection it will need. (This is also an important part of privacy and data protection strategy, too.) We recently blogged about classifying data in this way, referring to IBM’s recent decision to ban USB storage keys.
Day three was a reminder that data breaches and security incidents are crimes. By reporting these cases to police, victims not only help with the investigation of their own incident, they also contribute valuable information to help law enforcement tackle cybercrime.
Next, we explained how digital forensics capability can help in tracing internal security incidents. Companies with the security resources in place can set up their own digital forensics lab without needing a large investment. Having an in-house lab allows security teams to carry out inquiries into everything from a security breach to HR issues.
Rounding out our advice for the week, we focused on the importance of risk assessment. This is where security and business goals meet. The key to developing solid risk assessment is to have a repeatable approach that guides your decisions. For this tip, we linked to David Prendergast’s excellent blog with advice on developing just such a risk assessment framework.
Our first tip raised awareness of the need to prevent CEO fraud and fake invoice scams in your business. This is easy to do and doesn’t need technical fix; it’s just a matter of changing your business processes. Anyone with access to payment systems should check with a colleague before paying money to unfamiliar accounts. Here’s a link to a recent blog we posted about this.
Tip number two covers ransomware, which is one of the most widespread security threats today. Regularly backing up your data can help you recover from a ransomware infection. You’ll find more details here.
For our third tip of the week, we looked at phishing: one of the most effective tactics in an attacker’s arsenal. One of the best investments you can make is in security awareness: train company staff to spot fake emails.
We use so many different online services and invariably, they all ask us for a password. It’s vital to use different pass phrases a password manager when logging in to these services as securely as possible. Here are our tips on what to do – and not to do – when choosing a password.
For our last tip of week one, we covered data breaches. Unfortunately, they’re all too common and there seems to be a new incident on an almost weekly basis. Planning and preparation in advance of a possible breach means you’ll be ready to react if the worst happens. In today’s climate, you’ll be judged not on having suffered a breach but how well you respond to it. Here’s our advice for putting that plan in place.