Welcome to this vital video series about how to keep your organization's data safe. Once you have viewed the videos, review our XXX at the bottom of this page.
At Where To Start, we try to prevent the bad guys from applying their tradecraft; but when it happens, it comes down to people being the last line of defense by doing their part.
Within this Cyber Hygiene training series, we're going to focus on three main areas:
- Hackers and their tradecraft
- Threats that exist within the organization
- What you can do to keep your organization safe
Let's get started:
Lesion 1: Hackers applying their tradecraft.
This first lesson will demonstrate how easily hackers can break into any computer.
Lesion 2: Threats that exist within your organization.
In the second lesson, we look at the threats facing you from within your organization.
Lesion 3: What you can do to keep your organization safe.
This final lesson is the most important one. We cover the three key areas to keep your organization's data safe and how to minimize the likelihood of a data breach.
What We Typically See When We Review a Companies Cyber Security
- Using outdated software, such as Windows 7 and Office 2010
- Not applying regular security updates to modern software, such as Windows 10 and 11
- Not using monitored and managed virus protection.
- Using old and outdated IT equipment
- Using simple, easy-to-guess passwords
- Not using a password manager to generate long random passwords and remember them.
- Not using other security basics such as multi-factor authentication (where you generate a login code on another device).
- Using non-standard devices, such as smart TVs or other gadgets, on the company network without proper consideration
- Not correctly configuring applications (VPNs) or equipment in your business. Get it wrong, and it's like leaving the front door to your house wide open.
Basic Precautions: Three effective and easy methods to protect your business.
1. Apply Hardware\Software updates:
- Run updates when your computer asks (Operating System, Applications, Hardware, etc.).
- Or better still, have us do the updates for you.
2. Passwords:
- Don't use obvious ones such as children's names, pet names, or birthdays. Avoid any personal information in a password.
- Don't ever give your password to anyone, including us.
- Never write down passwords.
- Use a unique password for each account.
- Use a random password generator or passphrases with upper-case and lower-case letters and special characters.
- Embrace multi-factor authentication.
- Use a password manager.
- Ask us for a recommendation based on your requirements.
3. Awareness of social engineering
- Be aware of anyone trying to get personal information from you; even small bits of information can add up when combined with other details.
- Look carefully at emails that don't seem right:
- The sender's address is not what you expected.
- Inconsistent writing style or format
- Spelling and grammar issues
- Verify the link destination before clicking on them.
- Attachments are always suspect.
- The logo position, quality, and style is not what you expected.
- Watch out for urgency, emotion, and unexpected money.
- If you're not sure – stop, think, and check (Google for the details, or even better, pick up the phone and verify the details)
What if you fall victim to malicious activities?
- Don't panic,
- Did you give away a password? If so, change it immediately on any systems you've used from a different device. Consider adding MFA when you update your password.
- Did you download and open an unknown file? Isolate or disconnect your computer from the network (this could be as simple as turning it off) until it can be inspected. If this is a wireless device, consider powering off the wireless router \ access point.
- Get in touch with us. And explain what happened.
We hope this helps, and if you have questions, don't hesitate to reach out and see how we can help.
