David Morris, technology assurance director at RSM
The majority of cyber-attacks rely on human vulnerability to succeed, so on National Computer Security Day today (30 November) RSM is urging employees and businesses to stay alert to suspicious activity.
Whether it’s carelessly clicking through on a phishing link, using unprotected data sticks or viewing unsafe websites on work devices, employee activity can inadvertently play a fundamental role in a cyber-attack and is one of the main risks to any organisation.
With the current increase in cybercrime and more targeted activity, such as hacking and phishing attacks, individuals and businesses in the North East need to ensure they have the right IT control systems in place. The involves key IT procedures, such as security policies, firewalls and virus protection, which can filter out dubious activity, but the first line of defence is a vigilant workforce.
Educating employees to be risk aware through training and robust corporate procedures will help to reduce the number of successful cyber-attacks and mitigate financial, operational and reputational risk for North East businesses.
To be cyber safe individuals and businesses should ensure:
Physical security – that all IT equipment is encrypted and protected at all times. This means locking equipment away effectively in and out of the office; ensuring company data is not saved on a personal or public computer; and being vigilant of people around you when working in the office and on the move and reporting any suspicious activity.
Password best practice – a level of complexity on password management is implemented; passwords are changed regularly; and the business has a policy of non-disclosure on all passwords.
Phishing and emails – staff always verifying a sender before clinking links; they never giving out personal information; and don’t sign-up to subscription lists. The basic rule of thumb, is ‘does this email feel right?’ If not, check whether there are spelling mistakes; is the subject relevant to you; check the email address; and hover over links before clicking to ensure the links correlate to the sender.
Safe surfing – that employees don’t visit suspicious websites; if a website’s security certification has expired avoid it; if a website is blocked do not attempt to go around it; and always look out for the symbol that denotes a website is secure.