Cyber Awareness Training
What is Cyber Security?
Cyber security involves the practice of protecting computer systems, networks and data from unauthorized access, theft, damage and disruption. For businesses, this is crucial for ensuring they operate safely and with peace of mind in today’s world.
Implementing it involves a range of measures, which include using tools such as antivirus software, network monitoring, and user awareness training, which will be the focus of this presentation. An organization’s people can be either the greatest asset or weakest link in its Cyber Security posture, forming an invaluable ‘last line of defence’ in many cases.
Why Cyber Security matters?
Without cyber security, businesses can be compromised by cyber criminals with devastating effects. This includes financial, legal and reputational consequences. Cyber security is essential for achieving legal compliance, protecting your customers, and preventing disruptions in your business. People, through human error and unawareness, can unwittingly open the door to these threats.
Many businesses exhibit the ‘bear in the woods fallacy’, believing that as long as they do not have the weakest protections (are the slowest person in the woods), they will be safe from cyber threats (the bear). This is not the case! Cyber threats are constantly scanning the web using tools which are constantly finding and exploiting opportunities for illicit gain.
Types of cyber threats
There’s three key types of cyber threat that users should particularly be aware of:
- Malware: Short for “malicious software,” this category includes viruses, worms, Trojans, ransomware, spyware, and other harmful software designed to infect and harm computer systems, steal data, or gain unauthorized access.
- Phishing/Smishing: These are social engineering techniques where cyber criminals send fraudulent emails and messages that mimic legitimate ones to trick users into revealing sensitive information, such as passwords, credit card numbers, or personal data.
- Ransomware: Ransomware is a type of malware that encrypts a victim’s data, making it inaccessible until a ransom is paid to the attacker for the decryption key.
Make sure you team is cyber aware.
Security Awareness Training from $395.
Equip yourself and your team with essential knowledge to safeguard your digital landscape. Our Security Awareness Training, starting from just $395, empowers you to navigate the complexities of Cyber Security with confidence. Don't wait—take charge of your online security today!
The global annual cost of cybercrime is estimated to be $6 trillion per year.
Cybersecurity Ventures reports exponential growth in ransomware damage costs. It estimated the global damage to be $20 billion in 2021, which is over 57x the costs in 2015.
From 2020-2021, phishing attacks more than tripled. They reached a record-high of over 316,000 in December 2021, according to APWG’s 2021 Phishing Trends Report.
There are 30 million SMBs in the USA, over 66% of all SMBs had at least 1 security incident between 2018-2020
Three key risks of remote work
Personal home routers lack advanced security measures found in industry-standard routers, making it easier for cyber threats to access an organization’s network via remote workers’ devices, creating patchy security.
The use of personal devices to access an organization’s network exposes vulnerabilities. This threat is amplified in cloud environments, granting threat actors access to extensive data. Additionally, employees using work devices for personal purposes creates new avenues for cyber threats.
Internet of Things
When remote workers utilize their work devices to connect with IoT devices like Amazon’s Alexa, inadequate security measures can jeopardize network security. Malware can infiltrate these devices, enabling eavesdropping and potentially spreading attacks throughout an organization’s network.
cybersecurity for remote work
Avoid connecting IoT devices to work devices.
Access your network via an organizational VPN to create a private and encrypted connection
Ensure that antivirus software is installed and active on work devices
Keep devices and applications regularly updated with the latest patches and security fixes.
Saving data, backups & recovery
Data backup and recovery features enable you and your organization to retrieve lost or deleted data should it ever be needed.
Cloud platforms such as Microsoft 365, Google Workspace and Egnyte enable documents to update in real time. It is also possible to restore previous versions of a document. Your organization may use its own file storage and sharing solution.
Take care to:
– Where possible, store documents in a cloud solution
– Check where you are saving documents
– Do not save files outside of your organization’s network infrastructure, such as on a personal device.
– Clean up: delete old documentation when it is no longer relevant, this will keep your virtual workspace clean and minimise data exposure.
– Give permissions to files on a ‘need to know’ basis.
– Beware of saving or storing suspicious files on your device or network
Malware & ransomware
As discussed, malware is harmful software that destroys, steals and accesses data illicitly. Ransomware is designed to extract a payment by encrypting an organization’s data and demanding a ransom in order for it to be released. There is no guarantee they will fulfil their promise even if you do pay.
To protect yourself and your organization from these threats:
- Install antivirus and keep it updated; use it to scan suspicious files before opening them.
- Phishing often opens the door to malware & ransomware. Implement the phishing best practices to avoid it.
- Do not visit unsecure sites unless it is absolutely necessary, only use and download apps from trusted vendors.