The impact of a successful attack could be huge - on your IT systems, on the data you store and on the reputation of your business. Threats are increasing in sophistication as well as volume and the easiest way to target an organisation is through phishing scams directed at its staff.
We're highlighting ways to protect the Sheffield City Region from increasingly sophisticated scams targetting businesses.
Phishing is a widely used cyber-attack designed to trick you. It doesn't take long to fall for an attempt of someone impersonating a colleague, to click a link and enter your credentials to access 'an important message' or to open an unexpected document containing malware - especially at busy times like at the start of new Covid-19 rules to implement.
It's important to be digitally aware so please do spend some time reviewing the available advice from the National Cyber Security Centre to help keep yourself, your household, and your businesses safe.
If something seems out of the ordinary, always stop and think.
This quick 2 minute video, created by Centre for the Protection of National Infrastructure (CPNI), helps draw attention to some of the ways that fraudsters can infiltrate an organisation and try to trap staff into giving away information.
One way to keep yourself and your businesses IT accounts and details safe is to use multi-factor authentication (MFA). You probably already use this if you bank online or have it enabled for online payments or shopping sites.
It requires additional approval steps when logging into systems. This could be sending an authorisation code to a pre-known mobile that then gets entered into the system for that logon.
Consider adding MFA to any services you use with personal accounts where it's available too.
Password management is an important part of online safety. Passwords must not be revealed to anyone and anything obvious used. When choosing a password:
- Keep it confidential and businesses that employ others should have IT regulations and procedures in place if a breach occurs
- Make it strong (long with a wide mix of characters)
- Make it unique for each service (password reuse is high risk)
- Don't include personal information such as birthdays
If systems allow you or your employees to reset passwords through secret questions. These questions and answers need to be confidential to be effective. Again, it's important not to use personal information that may be available on social media such as birthdays or the names of family members or pets. One useful website allows you to check if your email address has been involved in a breach.