The Journey to Protection, Vol 2.

by Ryno Nel and Pieter Swiegers | January 11, 2022

the journey to protection, vol 2.

Following the month of October 2021, which is dubbed as the Cyber Awareness Month, we as society must not become complacent in our fight and prevention against cyber-attacks. The hard reality is that a standard solution or prevention cannot be used to combat volatile, disruptive and spontaneous cyber-attacks.

So, what does this mean?

The answer to this question is easy…. Let’s treat every month as a Cyber Awareness Month and spend time on teaching, learning, and communicating strategies.

Unfortunately, most cybersecurity problems are due to some form of human error. In previous articles the statistics have shown 95% are due to human errors meaning that cyber-attacks were successful because someone either clicked on a random button, visited a potentially harmful website or even simply opened an attachment on an email.

Now let’s be realistic – not everyone is a techno guru and for some of us the constant changes to the technology environment have led people to fear what they don’t know, and cybercriminals are those “Blood feasting mosquitos” who are both irritating and unpredictable.

This article will shed some insight into the most common human errors that lead to hacks and cyber- attacks and what can be done to safeguard yourself from these criminals. Limited guidance such as

  • Don’t have the same passwords for all your accounts; or
  • Don’t share your password with anyone; or
  • Don’t use your personal details as part of your passwords.

still sometimes fall short or on deaf ears resulting in employees disregarding the safety mechanisms in place. This could carry some heavy consequences if these safety mechanisms form part of a company’s IT policy and the employee is found guilty of negligence.

According to statistics phishing is responsible for more than 90% of all data breaches.¹

Phishing can come in various forms. A phishing email is a fraudulent attempt to get sensitive data or information from people such as their usernames, passwords, financial information, or credit card details, by disguising as someone trustworthy.

Whereas your email exchange can implement a strict or comprehensive spam filter policy as opposed to the likes of LinkedIn who does not offer you the same protection, and if you were to click on a link sent to you by a Direct Message it can also be a gateway into your systems.²

The question is: How do I protect myself against phishing attacks?

There are a few helpful guidelines to follow³:

Don’t always trust the display name.

Double check the email address, and make sure it is from a known person. A simple example: Where Jon Calliger in marketing sends you a meeting invite and the email is calligerjon@iol.com, you might not ring the alarm bells, but you often get email addresses that contain a set of weird or unfamiliar characters (calligerjon@i0I.com, using number “0” instead of letter “o” and Capital “I” instead of lowercase “l”, as an attempt to fool you into believing that it is the same). However, it could be sent from an email address impersonating someone close or familiar to you (it can even be a work colleague).

Make sure to double check BEFORE you click on a link.

A simple yet useful trick is to hover your mouse over a link or an email address which will show you the true source. Masking these links or email addresses is a very successful trick cyber criminals use in their attempt to fool the recipient to believe that it is from a reliable source. Once hovering over the links or email addresses it will show you to where you will be redirected. As seen in the image below, if you are web browsing and you hover over a link it also shows you the actual web address.4 

Hovering your mouse over a link or an email address will show you the true source and help prevent against cyber-attacks.

In an era of increasing online shopping you can also hover over advertisements to see where you will be redirected.

In an era of increasing online shopping you can also hover over advertisements to see where you will be redirected to should you wish to follow the link. Make sure the link corresponds to the advertised product.

Look out for the “s” after the web page address.

So, what does https actually mean. HTTP stands for Hyper Text Transfer Protocol, and it is the network protocol used by the World Wide Web that lets you open web page links and jump from one page to the next across search engines and other websites. So, what does the “s” mean, the “s” stands for Secure, and it essentially wraps the data between your browser and the server in a secure, encrypted tunnel.5

So, what does that mean for the average user?

TLS and SSL are especially useful when shopping online to keep financial data secure, but they’re also used on any website that requires sensitive data (e.g., passwords, personal information, payment details). The easiest way to know if the website you’re on is using HTTPS is by looking for https in the URL. Most browsers also put a lock icon to the left of the URL to indicate that the connection is secure.

The easiest way to know if the website you're on is using HTTPS is by looking for https in the URL. TLS and SSL are especially useful when shopping online to keep financial data secure, but they’re also used on any website that requires sensitive data.

This means that if you are required to enter personal data, always make sure that a website is secure and never let a website remember your login details.

Sometimes the web browser will even inform you that a certain website is not secure.

Another option to consider is a VPN. What exactly is a VPN? VPN stands for “Virtual Private Network” and describes the opportunity to establish a protected network connection when using public networks. VPNs encrypt your internet traffic and disguise your online identity. This makes it more difficult for third parties to track your activities online and steal data.

With only 31% of internet users worldwide having used a VPN service before and the benefit that using a VPN can bring to the table it is worthwhile for every company to consider using a VPN.6

With the work from home era it has become essential for companies to make use of a VPN since it can provide a secure network between the user working from home on their home WIFI and the company that is situated in a different location.7

Like previously mentioned it is of the utmost importance to NOT use the same password for all your accounts. It goes without saying that you also need a good and reputable up to date anti-virus software.

In conclusion, even if the company provides all the best systems and education available, it is still the responsibility of the user to inform themselves and act responsibly.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *