Why is cyber security so important for your company?

A security breach can be a nightmare for any company holding confidential data. Today, even companies with robust security systems in place can be hacked, and to some extent, damage your company’s reputation and relationships with clients.

By understanding the basics of cyber security, you can better secure your company’s assets, and minimise the risk of an attack without spending a lot of time becoming an expert.

Our first instalment will focus on two very common routes to infection; social engineering and malware infected sites. 

Social Engineering (Manipulation)

Situation: You receive an unusual email from Mr X asking for money from a country you have no business in.

What not to do:  If the email hasn’t automatically filed into your junk folder, act cautiously. If you decide to trust the source, never open attachments, or, send anything personal, including money. If the proposition sounds too good to be true, it is most likely a trap.

Solution: If you are unsure of the authenticity of any email, hover over the email address or linked text to identify the sender or real URL. If it looks fake (for eg. mrx.hackme.com) then it is a scam, although, some email addresses are not as obvious. Virus Total is a great tool to verify the safety of any suspicious files, displaying a full analysis after the scan is complete.

Mitigating the risk: Antivirus software is your best option to detect malware and dangerous links in websites. It can also provide you with extensions that will warn you when you visit a fake site masquerading as a legitimate organisation. These websites, also known as phishing sites, will request that you update your personal details on the ‘fake site’ so that they can steal your information. 

I never visit those sites

Situation: So, you’ve ‘accidently’ landed on a risky page at work, and suddenly several popups appear. These sites are not only annoying, but they can contain malware which could harm your computer.

What not to do: Do not click on any of the pop-ups or links populating the website.

Solution: Visiting websites like the ones mentioned above is a common route to infection, and will most likely remain that way in the future. It is also very easy to prevent. Common sense should help you decipher whether a website is dangerous or not. If in doubt your best course of action is to click X and leave the site. 

Mitigating the risk: Adblocker is one tool to stop undesirable sites loading. Another effective defence method; updated software. When in doubt (over the safety of a website), check the URL. Sites that start with ‘https’ are encrypted and are verified by the company, additionally, a certificate should appear when you click the first part of the URL. However, some sites may not be verified but will still display ‘https’ at the start of the URL; your browser should flag these as ‘potentially dangerous sites’. Remember that legitimate sites can unknowingly spread viruses, so it is best to take the above steps to decrease the chance of infection.

Remember, this is just a basic overview on cyber security. The solutions you see here are not guaranteed to work. Each situation is different and if for any reason you believe your company could be a target of an attack, you should hire an information security firm to carry out a full risk assessment and help you mitigate any risks you uncover.  

This has been the first instalment in our series covering Cybersecurity. Next time we’ll examine how to minimise the risk of losing your data when your laptop is stolen, and what to do in the event of ransomware. The final instalment will cover how to protect yourself on social media.

Written on in Business Insights
Senior Devops Engineer & Junior Python Developer