Loading...

Cyber Awareness & Best Practices

How to protect & prevent from cyber threaths

Cybersecurity essentials

based on data collected by CASES Diagnostics and Fit4Cybersecurity


Password

Passwords provide the first line of defence against unauthorized access to your computer or other IT infrastructure.

Password

Passwords provide the first line of defence against unauthorized access to your computer or other IT infrastructure.

To make it even more secure, use a combination of numbers, capital and lower-case letters, as well as punctuation marks.

The password you choose should be easy for you to remember but hard for others to guess. One method can be to use a passphrase: pick a phrase that you can remember and take the first letters, numbers and punctuation to generate a seemingly random character combination:

  • For example: My friend Matt ate six doughnuts at the bakery café and it cost him £10 -> MfMa6d@tbc&ich£10

Each password must be used for a specific access: use separate passwords for different logins. Make sure you submit your password to the right system.

Change your passwords immediately if you think they might have been compromised.

To manage your passwords, use a password manager. Also, avoid saving your passwords in the browser.

Passwords should not be shared with others, and you should never disclose them to anyone, regardless of the circumstances.

Two-factor authentication provides an extra layer of security: the user should provide an additional factor for authentication: security token, code sent by SMS (one-time password), etc.


Wireless network

A Wi-Fi network is a wireless network that connects to your Internet router and wireless-enabled devices using a wireless radio signal.

Wireless network

  • Do not connect the Wi-Fi network to the fixed network of the entity
  • Wireless networks should be split for internal and external users
  • Install a web filter within the Wi-Fi network to prevent any access to malicious websites
  • Block all non-web access to the Internet, except certain exceptions such as VPN access
  • Passwords of the network should be really strong
  • Printers should not be accessible easily by wireless networks
  • Encrypt the network and make physical access to the Wi-Fi router difficult
  • Visitors should have separate, dedicated access to the Wi-Fi network


Procedures, rules and user charter

Existence and adherence to clear safety policies and rules are essential for the continuity of an organization’s activities.

Procedures, rules and user charter

Existence and adherence to clear safety policies and rules are essential for the continuity of an organization’s activities.

  • Rules should be known, explained and signed by everyone
  • Rules should be as short and kept simple as possible
  • Advice and best practices should be given
  • Everyone should be aware of both the risks and the security measures and procedures
  • Each employee should be aware of their responsibilities and roles in case of an incident


Training on daily work, software, and security

People are often the weakest link in cybersecurity, therefore, knowledge share, awareness-raising is key to fight against the never-ending flow of threats and attacks.

Training on daily work, software, and security

People are often the weakest link in cybersecurity, therefore, knowledge share, awareness-raising is key to fight against the never-ending flow of cybersecurity threats and attacks.

  • Awareness-raising, communication and training are the key pillars of a successful defence against cyber attacks
  • Users should know the sensibility of the data they have access to
  • Users should be aware of common attack types, so they can more easily identify them
  • Users should know how to use software to avoid any data loss or manipulation mistakes


Backup Management

One of the biggest risks of cyber threats is that our data can be lost. Only appropriate backup management can provide acceptable solution to this threat.

Backup Management

One of the biggest risks of cyber threats is that our data can be lost. Only appropriate backup management can provide acceptable solution to this threat.

  • Design and implement an appropriate backup cycle (daily, weekly, monthly)
  • It should be defined what should be backed up and how often
  • Weekly and monthly backups must be stored in a specific location but with the same security conditions
  • Weekly and monthly backups should be stored at least for a month outside of the premises and disconnected from the network
  • Backups should be tested from time to time and encrypted
  • All critical data should be included in these backups
  • Data recovery procedure should be introduced, and recovery procedures should be tested annually
  • Protect the backups against accidental, deliberate or environmental destruction


Social Engineering

Subtle psychological techniques to obtain access to confidential data or systems by attacking users of an IT system and get them to share useful information.

Social Engineering

Social engineering is based on subtle psychological techniques to obtain access to confidential data or systems by attacking users of an IT system and get them to share useful information.

How to recognise social engineering?

  • Indirect attacks may take place in the form of phising and spam emails.
  • Direct attacks may take place during a telephone conversation and do not need to be particularly complex. They may be nothing more than a plain and simple request for information. An attack may seek to obtain information to be used for an attack on a completely different target. Generally, any request for information made by an unknown person about professional activity, personal details and habits, is suspect.

How to protect against it?

  • Any information, even seemingly insignificant, must be considered important and therefore protected.
  • Do not click on unsolicited or suspicious-looking links in emails or on social networks.
  • Never open an email attachment from an unknown or suspect sender. The same goes for suspicious files on websites.
  • Be vigilant regarding seemingly harmless Internet surveys and quizzes.
  • Always log off web sites and other pages online using the button provided for this purpose.
  • Alarm bells should ring if a person you don’t know becomes very curious.
  • Never share your Internet or computer login details or password with anyone, even if the request seems very credible.
  • Never carry out orders for a stranger, whether by telephone, email or direct contact if these orders concern sensitive information.
  • If in doubt, check the identity of your phone or computer contact.
  • If in doubt, do not make impulsive decisions. Take some time to reflect, so that you free yourself from the aggressor’s pressure.
  • Never leave paper documents containing sensitive information in plain view. Make any documents you no longer need illegible.

Work from home: DO's and DONT's

Work from home has become the new norm to many of us. Below are the do's and don'ts you need to keep in mind while working from home.


DO’S

Follow these best practices in cybersecurity to ensure the essential safety standards for efficient work and keep up productivity while working from home.

DO’S

  • Keep your operating system and applications up-to-date.
  • Install antivirus software and update it regularly.
  • Secure your home network, change your router’s password (the network must be encrypted and accessible only with a password).
  • Separate work and personal devices: use a computer dedicated for work.
  • Avoid connecting interfaces (USB keys, memory cards or other) with uncertain origin.
  • Watch out for phishing scams, be careful when checking your emails and social networks.
  • Follow the recommendations described about passwords (link)
  • Enable ‘find my device’ and ‘remote wipe’.
  • Use a virtual private network (VPN).
  • Follow special security rules while videoconferencing


DON’TS

Which are the things you should avoid doing while working from home? Follow these essential safety guidelines to make your home a cyber-secure place to work.

DON’TS

  • Do not delay updates
  • Do not turn off the VPN
  • Do not connect to any public, unknown or insecure network
  • Do not share your company laptop or devices with other family members

On holidays: continue to stay cyber-safe

before, during and after your vacation. Cybersecurity tips to avoid your holiday becoming a nightmare.


Before you leave

Preparing for your vacation is not only about choosing your destination and booking your accommodation but also about considering what technical devices you bring and how to use them.

Before you leave

Keep your devices up-to-date at all times, so they are less vulnerable to a cyberattack. Also, prepare for the worst: backup your data to have them even if your device is stolen or lost.

First, use strong-enough passwords on your devices and a secure swipe pattern lock on your smartphone. Second, set an automatic device lock asking for the access code after a specified time of inactivity. Delete apps you are no longer using. Take the minimum amount of data with you (on your devices) as possible. And last but not least, check your privacy settings on your apps and understand what data they can access on your device before downloading.

Think twice before setting up your OOO (Out of Office) replies: the fewer people know you went on vacation, the better. If you want to send OOO messages, set up rules so only your colleagues got such replies. Do not forget: an automatic OOO response is a confirmation that your email address exists.

Set up a VPN service before travel (if you have not done it already): when at a hotel or café, you can seldom trust the Wi-Fi connection, so better be prepared with a VPN endpoint to connect to immediately when away from your office or home.


During your vacation

Enjoy your deserved vacation, but do not forget about the basic guidelines and protect yourself from a lot of inconvenience and annoyance while on holiday.

During your vacation

If your device has been lost or stolen, use the ‘Find my device’ functionality and try to locate your device. You can remotely erase data on your device if it is turned on and connected to the network. It is crucial to do a remote wipe very quickly before your data become compromised on your device.

Keep your devices close at hand or in a secured place when not in use. Enable ‘Find My Device’ on Android and ‘Find My’ functionality on your iPhone or iPad.

When you turn on the Wi-Fi or Bluetooth, they connect to a network and track your whereabouts. If you do not need them, switch them off.

Always verify which network you are supposed to use and the credentials for login. Make sure your device asks your permission before connecting to a Wi-Fi network, so you can check which network you want to log in to. Be careful about insecure Wi-Fi hotspots and do not transmit personal info or make purchases on unsafe networks. Consider using a VPN if you need a more secure connection.

Be extremely cautious in public places like internet cafes, airports and hotels. Do not connect to applications where you need to log in with personal credentials. Do not plug in any USB sticks or other storage media in public computers, and avoid using your USB plugs even for charging. If the computer is infected, your USB will be as well. Use a shared computer in such areas only when absolutely necessary.

Think twice before posting pictures that would reveal you are not home. It is never a good idea to post images of yourself while on vacation. Malignant people might find your postal address by checking your social media sites (or from other sources) and break into your home while you are on vacation. Set your social media accounts to only allow you close circle to view your posts and content.

On holidays we are often susceptible to downloading mobile applications to make our stay easier and improve our experience in the places we visit (hotels, museums, public transport, etc.). The first step is to avoid installing them if it is not necessary and if not, make sure you always download them from official shops such as the App Store and Google Play.


Back home

Hopefully, you had a wonderful holiday and got a lot of memorable experiences. You took hundreds of images and stored them on different devices in different formats. You visited various websites, downloaded images, and purchased online…

Back home

Clear your browser cache to avoid any data leaksand remove any unnecessary apps from your devices as it can abuse permissions you have given.

  • Check your devices against malware: run an antivirus software even on your mobile devices.
  • Change your passwords and update your security software.
  • Before backing up, saving your images and videos on your storage media, run an antivirus on your portable device.

Do a quick inventory of all your data and removable storage media: do you and all your family members have all flashcards, USB sticks, smartphones, etc.?