US Pro Insurance Services

National Cyber Security Awareness Month: Week 1

Cyber Security Awareness Month:  Week 1 is Simple Steps to Online Safety- What Can You Do?

Per the DHS, all members of the public can take some simple actions to protect themselves online and to recover in the event a cyber incident occurs.  In Week 1 will address the top consumer cybersecurity concerns, provide simple steps to protect against these concerns, and help the public understand what to do if they fall victim to cyber crime.

Today US Pro recommends some basic behaviors that can go a long way towards mitigating these online cyber security threats:

Encrypt your data:  Encryption is a safe harbor in almost every privacy regulation.  Using either Symmetric or Asymmetric encryption offers you a maximum layer of security against data theft.

Continuing education:  Employees are the largest threat to a commercial business.  As much as 80% of events are caused by unintentional employee negligence.  Continuous education and training of your employees on current threats should be implemented.

Some topics that should be included in this training are:

  1. Avoiding improper disposal by limiting the task to a position duty rather than allowing everyone to dispose unsupervised.
  2. Double check before hitting send to confirm that the information being sent is being sent to the right person and contains the right information.
  3. Avoid the clicking of links embedded in emails, even when the emails are from sources you trust.
  4. Learn to identify phishing scams.

Become Phishermen:  Social engineering is the tactic used by an individual to deceive or trick another individual into disclosing personal information they would not otherwise disclose.  The most common form is to mimic your bank and ask for you to click on a link and log into your account as a security test.  These are known as phishing scams.

Phishing is the leading cause of unauthorized access to or use of computer systems, and has evolved into a more sophistical technique known as Spear Phishing.  To minimize the threat of an event arising from a Phishing act, the very best policy is to become phishing experts, or Phishermen.  Consider these tips in addition to many others we advocate:

  • If you must click on embedded links, then verify embedded link integrity.  Hover your mouse over the link and the actual URL should be displayed.   If it differs from what is written on the link, it is suspicious.
  • Beware of child domains.  A child domain is when a URL is created using what appears to be a valid domain followed by the bad domain.   Most users will never notice it.
  • Failed the English test.  Any message filled with grammar, punctuation or spelling mistakes is likely suspicious.  Most companies sending out corporate emails proofread and spellcheck first.

There are many other different mechanisms that can be engrained into the daily corporate lives of employees that will serve to mitigate the risks against commercial business.  These 3 tips are a good “Simple Start” towards having better online behavior patterns and getting on the road to improving your Cyber risk health assessment.

Look for our article during the theme for Week 2: Cyber Security in the Workplace is Everybody’s Business.  We will give an in depth explanation of what a non-physical fire is and why they are so much more destructive to a business than the standard property fire.