Tag Archives: tips

Helping To Protect Your Company From A Cyber-Attack: Eight Tips For Human Resources …

Recent, highly publicized data security incidents highlight the continued vulnerability of corporate information systems. Notably, employees who fall prey to sophisticated phishing e-mails and other scams often contribute to the success of cyberattacks and other assaults on an employer’s information systems. Consequently, technical fixes, alone, will only partially reduce the risk of a data breach. For that reason, human resources professionals and in-house employment counsel can play a critical role in reducing the risk that their organization will be the next victim.

Below we list eight tips the “people side” of an organization should consider taking to supplement and enhance the organization’s technical safeguards for sensitive information:

  1. Conduct Background Checks: Job applicants, temps, and contractors who will have access to sensitive information or administrative privileges for information systems should be subject to a thorough background check before they start working, and periodically thereafter, focused on evaluating trustworthiness.
  2. Confidentiality Agreements: Consider requiring all employees with access to sensitive information to sign a confidentiality agreement that not only requires non-disclosure of confidential information, but also describes steps employees must take to safeguard the employer’s confidential information.
  3. Security Training: Train all employees, regardless of access rights, on information security as part of the onboarding process and provide periodic security awareness reminders. Provide additional training to all employees authorized to access sensitive information.
  4. Security Incident Awareness: All training should include information on what events constitute a security incident and how to report a security incident internally.
  5. Recognize Phishing Emails: Training should also include information on how to recognize and report phishing emails. Employees commonly are responsible for activating malicious software, such as ransomware, by clicking on a link or opening attachments. They routinely are duped into disclosing to scammers their network log-in credentials in response to what appear to be a trusted requestor, such as the organization’s IT Department or a business partner. And, hundreds of payroll personnel have disclosed all of their organization’s W-2 forms in response to bogus requests from a senior executive. Given the prevalence and serious consequences of these scams, companies should consider sending fake phishing emails to employees and providing additional training to employees who fall for the test scam.
  6. Need-To-Know And Minimum Necessary: Ensure that employees have access to sensitive data only on a need-to-know basis and limit authorized access to the minimum necessary to perform job responsibilities. Access rights should be modified when job responsibilities change and terminated promptly after the employment relationship ends.
  7. Require Strong Passwords: Require that employees use strong passwords, i.e., at least eight characters with a mix of letters, numbers, symbols, and cases, and prohibit employees from sharing their passwords with anyone, including the IT Department.
  8. Prepare For A Security Incident. Even companies with robust information security programs will experience a security incident. Many incidents naturally will be reported to HR professionals or in-house employment counsel, such as the disclosure of W-2 forms in response to a phishing e-mail or the mis-direction of an e-mail with an attachment containing social security numbers or health benefits information. HR professionals and in-house employment counsel should put in place a plan for responding to these “non-IT” security incidents.

Expert: 'Social engineering' cyberattacks on the rise; how to protect yourself

Experts warn social engineering — one of the more devious types of cyber attacks — is on the rise.

iTSynergy President Michael Cocanower says with social engineering thieves are sneaky and they use tactics such as phishing, baiting and tailgating.

  • Phishing: Emails appear to come from someone you know.
  • Baiting: Tries to exploit your curiosity (like if you receive an offer to click on a link to download free music, the link might contain malware).
  • Tailgating: A bad guy follows a person into a restricted area, or might impersonate a vendor to gain entry into a location where they can access valuable data.

“Social engineering is the use of techniques designed to mirror ‘normal’ processes and behavior in order to maliciously ‘trick’ the victim into taking an action or providing information under false pretenses,” said Cocanower.

Cocanower says people need to be cognizant of picking up USB drives left in parking lots or on the ground. Hackers could have left them there, knowing people will pick them up and plug them into their computer. At that time, Cocanower says the hackers could install malicious malware on your computer.

Once a month, Cocanower offers a free 15-minute webinar called “Hacking the Human” where he provides people with helpful tips to ward off cyberattacks and social engineering schemes.

The next webinar is Thursday, April 13 at 11:30 a.m.

Interested participants should register here.
 

7 Ways To Hack-proof Your Smartphone To Keep Your Data Safe

We’re always warning you of the latest cybercrimes. Data breaches, ransomware and phishing attacks are constantly in the headlines these days.

It’s not just criminals trying to break into our gadgets either. It was recently leaked that the CIA has been hacking smartphones, TVs and other items to spy on us for years. Knowing that seemingly everyone is after our personal information, it’s a good idea to take safety precautions.

That’s why it’s important for you to know these seven ways to hack-proof your smartphone to keep your data safe.

1. Update your software

One of the most important safety precautions as a smartphone user is to keep its operating system (OS) up to date. It’s important because, when OS vulnerabilities are discovered, updates are sent out that contain patches for those flaws.

That makes it critical to install OS updates ASAP. Here are the steps to update both Apple iOS and Android OS:

Apple

Go into your “Settings” app and select “General.” From there, select “Software Update” and your iPhone will begin to check for updates. Then select “Download and Install.”

Android

Open Settings >> Tap About Phone >> Tap System Updates >> If there is an available update tap Restart and Install.

Next page: Keep thieves out of your phone

How to find and access your Facebook chat history

Previous Tips

How to find and access your Facebook chat history

Random Tips

3 ways Apple Mail just got better