This year, the theme of Cybersecurity Awareness Month is “Do your part. #BeCyberSmart”. More and more of us are working remotely giving destructive hackers more opportunities to catch us off guard. But organisations such as National Cyber Security Centre (NCSC) and KnowBe4 are raising security awareness and providing training solutions to empower us all so we don’t succumb to a scam or cyber-attack.
So how can you “do your part” for cybersecurity awareness?
It’s much easier for hackers to “trick” their way into your organisation than break through your defences. You’re on the front line so making sure you can identify suspicious interactions is vital. Cyber-attacks can be carried out through digital media, in-person or phone calls.
Cybercriminals use digital attacks most frequently; depending on whether the attack is targeting an organisation or individual, these are referred to as phishing or spear phishing respectively. I’m pretty sure we’ve all received emails from a “distant relative” about some inheritance, but they need you to send money before the funds will be released. Hopefully you would spot these as phishing immediately. You should also keep your eyes peeled for:
- Emails coming from an unknown address
- An email that is unexpected or out or character, but you know the sender (or company)
- You don’t know any of the other recipients on an email you’ve been copied in on
- An email that’s been sent unusually outside of working hours
- The email subject is irrelevant or doesn’t match the message content
- An email about something you never requested or is a receipt for something you haven’t purchased
- An email asking you to click a link or open an attachment of a compromising/embarrassing picture of you or someone you know
- Links containing spelling mistakes
- An email creating some urgency, asking you to click a link, e.g. your account has been suspended
- Hovering your cursor over a link displays a URL for a different website
- An attachment that you aren’t expecting
- You have an uncomfortable feeling or it just seems strange or illogical – trust your gut feeling.
You may also find this article on dealing with suspicious emails and text messages useful.
Tip: Stop, look and think before you click that link or open that attachment.
These can involve someone trying to plug in a USB to your machine to install malware or tailgating (following) you into your office. They can make out that they have left their ID at home or lost it, playing on your empathy to let them in. Similarly, if you haven’t reported an issue or been informed by your IT department, be wary of “someone from IT” needing to install an update on your machine. Look out for:
- People slipping in the door behind you
- Suspicious activities by unknown individuals
- Any entrance/exit doors that don’t close or shut properly – tell someone.
Do your part by:
- Locking your computer when leaving your desk, no matter how long you intend to be
- Not sharing your network password with anyone – IT will have ways of accessing your systems if they need to
- Not leaving confidential documents on your desk
- Disposing of confidential documents in shredding bins, such as those provided by Restore Datashred
- Not lending your ID badge to anyone.
You may also find this article on Tailgating – How to Avoid Physical Security Breaches useful.
Tip: Stop, look and think before allowing someone in that you don’t recognise or allowing them to plug external media into your computer.
Text-based scams are referred to as “smishing” and over the phone attacks are called “vishing”.
It’s a numbers game for cybercriminals. All it takes is to catch someone when their mind is on other things or use scaremongering to create a sense of urgency, and before you know it, they have cost you dearly. There is no shame if the worst does happen to you, but there are some common scams to be aware of:
- Bank scams – your bank will NEVER ask for your bank account details or ask you to “move your money into a safe account”
- Computer repair scams – they tell you your computer has a virus and ask you to download a fix, sometimes for a fee
- Compensation calls – you know, the one where you’ve been in an accident. You should be dealing directly with your insurance company
- HMRC scams – an issue with your tax refund or unpaid tax bill can sound legitimate but HMRC will write to you
- Number spoofing – these clever tricksters can mimic an official telephone number, but listen to your gut. If in doubt, hang up and call the company directly – preferably from another phone as they can keep the line open
- Pensions and investment scams – an “unmissable” opportunity that sounds too good to be true, usually is!
- “Anti-scam” scams – ironically claiming to support scam victims through a chargeable service or asking you to renew your Telephone Preference Service registration (which is actually free).
Tip: Stop, look and think before you surrender confidential information or take action on an urgent request.
We’re in this together
To sum things up, Cybersecurity Awareness is extremely important. Cybercriminals can be very sneaky and will know plenty of ways to cyber-attack people. It’s our job to keep ourselves and our organisations safe. All it takes is for an attacker to catch us in a moment where our mind is on something else, or for us to trust people more than we should because emotion takes over, and we could find ourselves in a bit of trouble. But the more we share this knowledge of how to prevent cyber-attacks, the stronger the defence we have.
We are not cybersecurity experts but if you have any questions about the information in this cybersecurity awareness blog, feel free to contact us via one of the following: