Loading...

Cyber Awareness & Best Practices

How to protect & prevent from cyber threaths

Cybersecurity essentials

based on data collected by CASES Diagnostics and Fit4Cybersecurity


Password

Passwords provide the first line of defence against unauthorized access to your computer or other IT infrastructure.

Password

Passwords provide the first line of defence against unauthorized access to your computer or other IT infrastructure.

To make it even more secure, use a combination of numbers, capital and lower-case letters, as well as punctuation marks.

The password you choose should be easy for you to remember but hard for others to guess. One method can be to use a passphrase: pick a phrase that you can remember and take the first letters, numbers and punctuation to generate a seemingly random character combination:

  • For example: My friend Matt ate six doughnuts at the bakery café and it cost him £10 -> MfMa6d@tbc&ich£10

Each password must be used for a specific access: use separate passwords for different logins. Make sure you submit your password to the right system.

Change your passwords immediately if you think they might have been compromised.

To manage your passwords, use a password manager. Also, avoid saving your passwords in the browser.

Passwords should not be shared with others, and you should never disclose them to anyone, regardless of the circumstances.

Two-factor authentication provides an extra layer of security: the user should provide an additional factor for authentication: security token, code sent by SMS (one-time password), etc.


Wireless network

A Wi-Fi network is a wireless network that connects to your Internet router and wireless-enabled devices using a wireless radio signal.

Wireless network

  • Do not connect the Wi-Fi network to the fixed network of the entity
  • Wireless networks should be split for internal and external users
  • Install a web filter within the Wi-Fi network to prevent any access to malicious websites
  • Block all non-web access to the Internet, except certain exceptions such as VPN access
  • Passwords of the network should be really strong
  • Printers should not be accessible easily by wireless networks
  • Encrypt the network and make physical access to the Wi-Fi router difficult
  • Visitors should have separate, dedicated access to the Wi-Fi network


Procedures, rules and user charter

Existence and adherence to clear safety policies and rules are essential for the continuity of an organization’s activities.

Procedures, rules and user charter

Existence and adherence to clear safety policies and rules are essential for the continuity of an organization’s activities.

  • Rules should be known, explained and signed by everyone
  • Rules should be as short and kept simple as possible
  • Advice and best practices should be given
  • Everyone should be aware of both the risks and the security measures and procedures
  • Each employee should be aware of their responsibilities and roles in case of an incident


Training on daily work, software, and security

People are often the weakest link in cybersecurity, therefore, knowledge share, awareness-raising is key to fight against the never-ending flow of threats and attacks.

Training on daily work, software, and security

People are often the weakest link in cybersecurity, therefore, knowledge share, awareness-raising is key to fight against the never-ending flow of cybersecurity threats and attacks.

  • Awareness-raising, communication and training are the key pillars of a successful defence against cyber attacks
  • Users should know the sensibility of the data they have access to
  • Users should be aware of common attack types, so they can more easily identify them
  • Users should know how to use software to avoid any data loss or manipulation mistakes


Backup Management

One of the biggest risks of cyber threats is that our data can be lost. Only appropriate backup management can provide acceptable solution to this threat.

Backup Management

One of the biggest risks of cyber threats is that our data can be lost. Only appropriate backup management can provide acceptable solution to this threat.

  • Design and implement an appropriate backup cycle (daily, weekly, monthly)
  • It should be defined what should be backed up and how often
  • Weekly and monthly backups must be stored in a specific location but with the same security conditions
  • Weekly and monthly backups should be stored at least for a month outside of the premises and disconnected from the network
  • Backups should be tested from time to time and encrypted
  • All critical data should be included in these backups
  • Data recovery procedure should be introduced, and recovery procedures should be tested annually
  • Protect the backups against accidental, deliberate or environmental destruction


Social Engineering

Subtle psychological techniques to obtain access to confidential data or systems by attacking users of an IT system and get them to share useful information.

Social Engineering

Social engineering is based on subtle psychological techniques to obtain access to confidential data or systems by attacking users of an IT system and get them to share useful information.

How to recognise social engineering?

  • Indirect attacks may take place in the form of phising and spam emails.
  • Direct attacks may take place during a telephone conversation and do not need to be particularly complex. They may be nothing more than a plain and simple request for information. An attack may seek to obtain information to be used for an attack on a completely different target. Generally, any request for information made by an unknown person about professional activity, personal details and habits, is suspect.

How to protect against it?

  • Any information, even seemingly insignificant, must be considered important and therefore protected.
  • Do not click on unsolicited or suspicious-looking links in emails or on social networks.
  • Never open an email attachment from an unknown or suspect sender. The same goes for suspicious files on websites.
  • Be vigilant regarding seemingly harmless Internet surveys and quizzes.
  • Always log off web sites and other pages online using the button provided for this purpose.
  • Alarm bells should ring if a person you don’t know becomes very curious.
  • Never share your Internet or computer login details or password with anyone, even if the request seems very credible.
  • Never carry out orders for a stranger, whether by telephone, email or direct contact if these orders concern sensitive information.
  • If in doubt, check the identity of your phone or computer contact.
  • If in doubt, do not make impulsive decisions. Take some time to reflect, so that you free yourself from the aggressor’s pressure.
  • Never leave paper documents containing sensitive information in plain view. Make any documents you no longer need illegible.

Work from home: DO's and DONT's

Work from home has become the new norm to many of us. Below are the do's and don'ts you need to keep in mind while working from home.


DO’S

DO’S

  • Keep your operating system and applications up-to-date.
  • Install antivirus software and update it regularly.
  • Secure your home network, change your router’s password (the network must be encrypted and accessible only with a password).
  • Separate work and personal devices: use a computer dedicated for work.
  • Avoid connecting interfaces (USB keys, memory cards or other) with uncertain origin.
  • Watch out for phishing scams, be careful when checking your emails and social networks.
  • Follow the recommendations described about passwords (link)
  • Enable ‘find my device’ and ‘remote wipe’.
  • Use a virtual private network (VPN).
  • Follow special security rules while videoconferencing


DON’TS

DON’TS

  • Do not delay updates
  • Do not turn off the VPN
  • Do not connect to any public, unknown or insecure network
  • Do not share your company laptop or devices with other family members