Threats to information security can come from all angles. Cyber criminals are constantly developing new ways to catch us out so that they can access to information, harvest what is valuable, and use it for malicious purposes, such as reselling on the Dark Web. Trading sites on the Dark Web can attract up to 80,000 users at a time and are notoriously difficult to trace. Sites sell a range of products from credit card details, to identities, and stolen high-end goods.
Perhaps surprisingly, security threats can come from within an organisation rather than an outside source. This is because your employees serve as the frontline defence against data breaches and, as such, need an awareness about best practice and recognising/reporting suspicious behaviours. A lack of awareness training means that employees aren't able to detect the threats that challenge them, and as a result the company is vulnerable to breaches.
Cyber criminals love emails because they can send malicious content directly to thousands of inboxes in seconds. If just one user in thousands clicks on and downloads the content of one of these emails, your entire network could be infected before you know it. Some software can even create a permanent, and hidden, entry point for hackers to come and go on your machines as they please.
People share lots of information on social media, making the lives of hackers and impersonators easy when on the lookout for new victims. The informal nature of social media platforms means many people don't view the information they share and make public as all that valuable – and people tend to have their guards down when it comes to using the sites. However, all it takes is one fake connection to send a malicious link or crack your password, and they could have access to your entire list of connections and control of your profile.
Poor Password Policies
The amount of passwords most of us have to recall now can cause people to resort to reusing some or even just one password for all our online accounts. Unfortunately, this is a big information security risk since, should one account be hacked, all your accounts become vulnerable to the same. Criminals use impressive software that can make millions of password attempts in seconds. Pair this with the fact that the most popular password out there is currently "password" (ironically), and you have a recipe for disaster. Remember, password managers can help you remember and secure strong passwords, as well as regularly update them to avoid hacking attempt.
Lack of Software Protection
Failing to use security software, such as antivirus and firewalls invites opportunistic cyber criminals to take advantage of the information stored on your digital devices. Whilst not a 100% guarantee of security, security software is a vital tool when it comes to keeping information secure and can deter criminals looking for easier prey.
As stated above, the protection gained from the appropriate software means additional layers of security from cyber criminals, but how you look after this software is just as important. It's imperative that all security software, as well as other software such as operating systems and apps, are updated when prompted. Your employees should know that that clicking 'remind me later' endlessly will lead to unnecessary risk.
This refers to the change in working patterns of cyber criminals. Rather than a lone figure in a dark room, hacking and cyber theft are often organised groups of criminals. Hacking is no longer 'just' a hobby to cause chaos, the money on offer means that the whole process is much more sophisticated, and cyber criminals can make more money online that, say, drug trafficking or other more traditional organised crime activities.
The more that something is shared, the more people can access it. Growing interest in things like social media, where the intent is to share information, mean that 'going viral' applies equally to malicious software and links as it does to the fun/interesting content we see. Additionally, the Internet of Things (IoT), or the way that devices are now made to connect with each other (such as your fridge texting your phone that you've run out of milk), all aim to connect devices for convenience. Unfortunately, this can mean that malicious content is no longer contained in one place, making it easier for hackers to find a weak link in the chain.
Data breaches are a problem with USBs/phones/tablets as their portability means they are hard to track and manage – and easy to lose sight of. Personal or sensitive data stored on these devices should always be encrypted to protect it from unauthorised access, and USBs and CDs, etc. should be scanned for viruses prior to use.
This is the equivalent of someone impersonating a legitimate source over the phone in order to coax confidential information from you through building up trust (what is known as social engineering). Examples include impersonating your bank and pretending to require your PIN number. In instances like this, your card may have already been duplicated (perhaps via ATM scanning) and the PIN number or CVV code could mean that criminals can use it to purchase stolen goods or facilitate crime. Remember, if in doubt, hang up the phone and contact the organisation through their legitimate phone number to enquire.