This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our PRIVACY POLICY for more information on the cookies we use and how to delete or block them.

The human aspects of cyber security

22 November 2019

Cyber Security Do

The most valuable asset to any company is most certainly its people, however in some cases people can also be considered as the most vulnerable component within an organisation. This is the case with cyber security.

Facts:

  • The number of reported phishing emails keep increasing significantly (almost 40% versus last year)
  • Because more phishing emails were/are reported, people will become increasingly more aware, and cybersecurity authorities are able to block more malicious websites
  • Since phishing addresses the weakest component in the organisation (its’ people), it remains the most popular technique for hackers. Messaging services such as whatsapp, Facebook, Messenger, SMS are nowadays used by hackers apart from emails … this is referred to as ‘smishing’ or ‘sms-phishing’.

How to identify a suspicious email/sms?

  • A phishing-mail or sms is often received unexpectedly and without a clear reason.
  • A mail or sms can be intimidating (urge you to take immediate action) or on the contrary can make one curious.

The “obvious” features you can look out for in phishing emails include:

  • Mistakes of spelling and grammar. Phishing emails often look unprofessional, unlike the genuine emails they are pretending to be.
  • Since hackers wouldn’t know who they are contacting, they often use incorrect or vague greetings. Phishing emails often say “Dear Sir/Madam” or “Dear Customer”. A genuine email sender would know who they are contacting.
  • Errors in regional usage. Phishing emails may use the wrong currency symbols, an unusual date format or an unexpected word that a genuine sender would get right.
  • Incorrect or unlikely web links. Phishing emails generally rely on getting you to click through to a web domain that’s different from the genuine site.
  • But not all phishers make all these mistakes, so that if you rely heavily on the presence of obvious mistakes to make phishes obvious, you’re more likely to get caught out.

Other useful tips

  • Entering passwords into login pages that show up after  clicking on a link in an email must be avoided. Bookmarking the official login pages of your favourite sites, or typing  URLs into your browser from memory is also beneficial.
  • Avoid opening attachments in emails from recipients you don’t know, even if you work in HR or accounts and you use attachments a lot in your job.
  • Don’t ignore browser warnings about insecure sites and data input forms. Unencrypted web pages are typically the sign either of a lazy crook or of a site operator who’s not up to speed on security.

The Do’s and Don’ts of a secure password

DO!

DON’T!

Combine uppercase and lowercase letters, numbers and symbols

Do not use a predictable password (such as YourName1988)

Use a long password – at least 13 characters

Do not share your password & keep it hidden

Base it on an easy to remember sentence

Change your password regularly – at least every 3 months

Use a two-step verification: combination between something you have (mobile phone/fingerprint) and something you know (password).
Step 1 = logging in with a password
Step 2 = that account sending a code to your mobile phone for verification

Do not use the same password for different accounts

Use a password vault – e.g. LastPass, Fastlane, LogMeOnce, Myki, 1Password, Dashlane, etc. - which keeps all your accounts and associated passwords safe

Do not use secret questions (such as the name of your mother-in-law, …)

Organisations may not realise how exposed  a cybersecurity strategy is until there’s a vulnerability. BDO wants to make sure your organisation never faces that situation. BDO professionals are available to provide guidance and specialised resources surrounding any cyber security issue.

Learn more about BDO's Cyber Security services.

Get in Touch Today!