Renatta Siewert is a Content Manager at Mimecast. She edits and writes for Cyber Resilience Insight based on her experience leading communications and thought leadership programs for global technology companies. She graduated from Salem State University with a B.S. in communications.
We live in a world where sharing too much data – or the wrong data – is like asking to be hacked. Leaving data unguarded is just bad online security practice, given how phishing attacks have grown by nearly 41% in 2018 alone. But data sharing, whether it’s with social media companies or unsecured Wi-Fi networks, is usually the result of a negotiation where you, the owner of valuable data, receive something for free, like a convenient login process or a free internet connection.
If you’re an employee, the risk is even greater because you are potentially putting company data at stake. So before you hit ‘save my password’ on your web browser, make sure you do your due diligence to check if sharing your data is worth it. Here are four places to start:
Stay up to date on phishing news and cyber awareness training.
Staying compliant with corporate policies and procedures will go a long way towards maintaining information integrity within your organisation and is critical to overall security. When trained employees become a human firewall, they create an additional line of defence which can tip the balance between being an impenetrable business or losing $92 million in data breach costs, according to IBM research.
Avoid using too many file-sharing services.
Cybercriminals are adept at social engineering (aka manipulating people) and use these services to collect sensitive credentials and spread malicious attachments. Unfortunately, file-sharing services are an easy target – most cybersecurity tools don’t examine the files themselves, so they can’t always provide adequate threat detection. Those files you’re downloading can just as easily be carrying malware or viruses.
Since these platforms and their companies are trusted and well-known, users tend to lower their guard when using them. Criminals are skilled at hiding in these giants’ shadows, leveraging well-known domains and credible logos. This allows them to bypass scanners and spam-blockers, successfully infiltrating inboxes, engaging with employees, and seriously compromising security. This is why cyber awareness training is such a big help. According to Security Research Engineer Sevtap Duman, users need to be able to“identify and flag fraudulent URLs and malicious attachments before they do harm.”
Delete all unsecured Wi-Fi hotspots stored on your devices.
Make sure you avoid unwanted connections. Wi-Fi security is another opening attackers like to exploit, something that’s becoming more prevalent as more and more employees work remotely.
According to Spiceworks, 61% of organisations report employee use of public Wi-Fi networks on company devices, and many of these connections are completely unprotected.
Though convenient, these networks are very popular with hackers, with easy-to-intercept credentials and plenty of space to distribute malware. To combat this, don’t connect to any Wi-Fi hotspots unless you know they’re viable and trustworthy and make sure your Wi-Fi is off when the device is not in use.
Most importantly, employ a solid VPN, or Virtual Private Network. Its encryption allows you to securely access the internet from the VPN’s network, essentially forming a connection via a secondary server.
Stay alert for social engineering attempts.
Social media also offers a wide variety of opportunities for criminals to take advantage. According to Security Boulevard, around 42% of the global population, or 3.2 billion people, use some form of social media. Phishing in particular is a high-frequency threat vector – small screens allow URL stuffing, people trust the platforms they’re using (much like with file-sharing services), and social accounts are commonly linked to monetary apps, such as for online shopping and gift cards. Scams like impersonation, creating dummy web pages and posting sensitive information are all easy for hackers to perform and replicate.
Cyber awareness is the keystone to staying alert and vigilant against these threats as criminals continue to prowl the ever-growing social media landscape. Though threat vectors are continuously evolving, it’s not out of employees’ hands to establish a safe-haven within a corporation.
Cyber awareness training serves as a guide to understand the various players, risks and weapons involved in the digital landscape. Limiting your use of file-sharing platforms, unsecured Wi-Fi, and social media creates a barrier that protects not only you but your entire organisation.