Cyber criminals target both individuals and companies. Knowing some cybersecurity tips and putting them into place will help you protect yourself and your business and reduce the risk of a cyber-attack. Teach your members staff on how to avoid phishing scams and keep them informed common ways fraudsters can infect computers and devices with malware. Include tips for identifying and protecting against cyber-attacks in your regular employee trainings and communications.
Cyber Security Approach to Individuals:
- Software update – Set your installed windows and applications to automatic software update and they will notify you as soon as they become available, which will safeguard you from vulnerabilities.
- Use multi-factor authentication – It is an authentication method that requires the user to provide two or more verification factors to gain access to an application or an online account, like a temporary code on a smartphone or a key that’s inserted into a computer.
- Back up – Backup all important files offline, to an external hard drive, or to a secure cloud service.
- Require passwords – Don’t leave these devices unattended in public places. Always use complex passwords for all laptops, tablets, and smartphones to login.
- Encrypt – Encrypt devices (i.e. .,laptops, smartphones, removable drives, and cloud storage solutions) and other documents containing sensitive personal information.
- Secure your router – Change the default name and password and ensure you turn off remote management feature and remember to log out of the router. Its recommended t set up router with WPA2 or WPA3 encryption.
- Use licensed software’s – Use legitimate/licensed software’s and use antivirus and anti-malware protection applications on your electronic devices.
- Loosing PII – Personal Identifiable Information might be lost while you are revealing phone numbers and emails on social media or purchasing platforms where data brokers will e filtrate that information to exploit for financial gains.
Cyber Security Approach to Organisations:
- Identify – (a) IT department should make an assets list and create a cyber security policy that has roles and responsibilities for employees and vendors who all are having access to companies data. (b) Steps to take to protect against an cyber-attack and limit the damage if one occurs
- Protect – (a) Someone responsible for who logs on to your network and uses your electronic gadgets. (b) Use security software to protect data. (c) Encrypt sensitive data (both while in in-transit and rest. (d) Regular backups of data to be taken. (e) Set software’s to automatic update. (f) Have a published policy on how to safely disposing of old data and old devices.
- Detect – (a) Train all employees who uses your computers and devices on how to be self-protected. (b) Monitor unauthorised personnel access to network and devices. (c) Analyse all unusual activities identified on your network or by your member staff.
- Respond – (a) Notifying everyone in the office on whose data may be at risk. (b) Report the attack to cyber-crime police authorities. (c) Analyse and update your cybersecurity approach along with lessons learned.
- Recover – Repair and restore the network and systems to normalcy that were affected.
Most Common Cyber Security Threats:
(a) Phishing – Phishing is a method of trying to gather personal/sensitive information using deceptive Phone Calls, SMS, E-mails, Blogs, and Website and then steal data or money from the Victims. The analogy is of an angler throwing a baited hook (the phishing email) and hoping the victim to bite. It appears to be an increasingly sophisticated, form of cyber-attack but is just that, they play with common sense and steal from Individuals. Many psychological factors are used by fraudsters are Trust, Ignorance, Greed, Moral Duty and Urgency. Lottery Frauds, OTP Frauds, Refund Frauds, Customer Care Frauds, E-commerce Discount Frauds etc are few frauds that are outcome of Phishing.
(b) Ransomware – If you click on a short link asking for an organisations survey or a feedback or Online ads that contain malicious code or infected website can also automatically download malicious software etc, They will install ransomware and spread to the entire company network. The attackers ask for cryptocurrency, but even if we are ready pay, we are not sure they will provide us back the data in as is condition. There are other possibilities i.e. Your Server vulnerabilities are further identified by fraudsters and sensitive data of vendors, customers and member staff will be further exploited by hackers.
(c) Spoof Emails – A scammer sets up an email address that looks like it’s from your company. The email looks legitimate with an advice to you asking you to transfer funds to an account on an emergency basis, Not knowing about the spoof email and spoof SMS, you may transfer the amounts to fraudsters account. It is suggested that companies enable Email authentication technology, which makes it difficult for a scammer to send spoof emails.
Raising a Complaint against a Cyber Attack:
Register at https://cybercrime.gov.in/. You will be required to use register via OTP from a valid Indian number. Select the category “Report Crime related to Women or Children” (a) Upload the Screenshots of the conversation from Social Media & Messaging Platforms (b) Copy the URLs of the Social Media Channels (c) Screenshots/statements having financial transactions.