teiss Cyber Brief - Example 2

“Security Can Be Simple”

Latest scams: There is no such thing as a small data breach

Minor data breaches will often not provide an attacker or criminal with enough information to go on and do real damage. After all, just having an email address doesn’t get them access to your account (unless your password is “Password123” of course…”), and security teams have layered approaches to getting access to your account, like two-factor authentication.

However, with a little more digging on the open internet criminals will probably find more information like your full name and other personal details (maybe even your dog’s name) for instance. After this careful harvesting of information (it will be done on a large scale), they will often have enough to start to attack your account, be it personal or business. A recent attack on Twitter targeted Twitter engineers who had access to back-end systems as a way of negating all of the security measures in place, including two factor authentication.

Once that is done, it is a very short step to gaining access to your account, your boss’s account, or even a vendor account, and then start to scam you into shipping goods, transferring money or even sharing company sensitive data.

Any breach of data, no matter how small, should be reported immediately to the IT security/Helpdesk so that measures can be taken to minimise the fallout. A false alarm is far more preferable to finding out an account has been compromised months later.

Salutary tales: The basics are important

The Cybersecurity and Infrastructure Security Agency (CISA) released a Telework Essentials Toolkit to help companies improve their cybersecurity when the majority of staff are working from home.

The CISA is a US based governmental agency charged with working with the public and government to help build more security into the country, now and for the future. With such a vision you would expect the advice it issues to be very substantial and potentially ground-breaking. Not so actually; here are their top three tips for homeworkers, all of which are completely relevant to everyone reading this:

1. Follow your company policies for handling sensitive data, up to and including its destruction.
2. Use caution when opening email attachments and clicking links.
3. Report any suspicious activities or any scams you may have fallen for to the IT security department/Helpdesk.

Sound advice for us all to live our homeworking lives by.

https://www.cisa.gov/about-cisa

Secrets

Top tips and Insider secrets

Stepping away from your computer for a brew? Then you know you need to lock your computer screen to stop prying eyes and nosy fingers from wreaking havoc in your absence. Did you know there are shortcuts to locking your screen? As usual with computers there is more than one way of doing this, but there are the simplest and easiest.

Windows

Press the Windows Logo + L Keys at the same time on the keyboard of your computer to immediately lock the current screen and take you to the Login screen.

Mac

If you’re using a Mac that’s running macOS Catalina, go to the Apple menu, click Lock Screen or press Command+Control+Q. This will lock your Mac and return you to the Login screen.

If you are on an older version of the operating system, press Control+Shift+Power button (or Control+Shift+Eject if your Mac has a DVD drive).

The simple things in life can often be the most satisfying!