Cybersecurity - Stay Alert!

No one logs in to work for the day thinking, “Today is the day I will be compromised by a cybersecurity attack.” And while you may not encounter a cyberthreat this month or even year, it is critical to stay alert to the trends and best practices.

This month’s blog post will share a few of the important (but perhaps not so obvious) cybersecurity best practices to keep you and your organisation safe this year.

Check email recipients

Sending emails to the wrong people increases the chance of sensitive company or personal information being used by unauthorised individuals.

All information, especially sensitive information, should only be shared with those who need to know, this includes email contents. It is easy to click a recipient that pops up in your email without truly knowing that you clicked the right person. Emails that end up in the wrong hands may be used for malicious purposes.

Check Hyperlinks

Investigate hyperlink’s destination before clicking. Many times, we encounter websites in the form of hyperlinks. For example, a link that says, “Policy reminders” and takes you to a website or other destination. Hyperlink destinations can be viewed before clicking by hovering over the link with your mouse.

It is important to check the link’s destination before clicking. Hackers know that users don’t often check links before clicking, and they will hide malicious websites behind these links. Malicious websites can download malware, scam you or collect your credentials. By checking links, you can avoid the hidden dangers of these malicious websites.

Review your organisations security policies and procedures

Security policies are put in place to reduce the risk of cybersecurity incidents and increase awareness. In addition to staying up to date with the security policies, reviewing and following all cybersecurity procedures keeps cybersecurity best practices as a foundational part of your workday.

Recent data breach: 23andMe

In October 2023, hackers started selling personal genetic information on the dark web.

This information was packaged by ethnic group and appeared to come from 23andMe, a DNA testing service.

23andMe immediately launched an investigation.

What did they learn? The service itself wasn’t hacked. Instead, attackers used a technique called “credential stuffing.” They took login information and passwords stolen from other services – such as email programs and online shopping platforms. Then they tested these logins and passwords on 23andMe.

Unfortunately, many people reuse login and password information across different sites and some of these stolen credentials allowed hackers to log into real 23andMe accounts.

Remember - always make sure you use hard to guess, complex passwords and never use the same password for multiple accounts.

Have you been breached?

Data breaches are happening every minute. With so much of our lives online, there is a high chance that our emails, usernames and passwords have been seen by an unauthorised user.

Cyber Strategies offer a number of services to help protect you and your information. These include - Staff Awareness and Phishing testing, Vulnerability Monitoring and Penetration Testions.

Click the above links or check out our website to find out more.