It’s that time of year again where the spring flowers are blooming, the spring lambs are being born and (for some) the spring clean is being negotiated. You may not have considered a spring clean of your IT security knowledge or corporate network security, so we have put together a few quick tips to help you remain safe online and tidy up your corporate accesses.
It’s easy to get lost in a checklist when someone leaves your organisation. So much of our day to day lives are now online and individuals will have accounts and sign in credentials for numerous websites, portals and systems.
- Are you certain that all the credentials relating to your previous employees have been disabled?
- Is their email address still active?
- If you use The Cashroom can the leaver still access the Cashroom Portal?
- Can they still access your CMS/Bank accounts/other software remotely?
Cyber-attacks are getting increasingly complex and fraudsters are always developing new strategies to try and separate you from your sensitive information. It is important that you don’t succumb to paranoia, but everyone should always try to remain vigilant when it comes to IT security.
- Be wary of spam and suspicious emails – this includes emails that look like they are from someone you normally communicate with, but the content may be asking for something out of the ordinary.
- Only open an email attachment or click on a link if you’re 100% certain of its source & you were expecting it. If you’re unsure, don’t open it.
- Look out for changes to phone numbers, email addresses and bank account/payment numbers etc. Don’t be afraid to double check any changes with the email sender but call them at a number you know exists or begin a new email chain from scratch. Don’t click reply or use the details in the suspicious email – you may end up “verifying” the change of details with the fraudster!
- When accessing the internet, check the web address has “https” in front of the address (sometimes shown with a padlock icon). The “s” means that the site is secure. Also check that the address is spelt correctly and is the usual web address that you use for that site.
- We are always told never to reuse or write down our passwords. Have you considered investing in a password management software, which can securely store and remember your passwords so that you can always have a unique and complex password every time you need one? There may also be times where you can use double authentication instead of one single password, for example a password and a fingerprint.
Social engineering is an increasingly common type of confidence trick for information gathering, fraud, or system access. Fraudsters know we are savvier when it comes to dodgy looking email attachments, so they are now playing on our personalities and common human foibles. They will rely on humans wanting to help each other out or taking advantage of our natural intrigue.
- Examples of social engineering tricks can include a fraudster sending an official-looking announcement to the company that says the number for the help desk has changed – when employees call for help the individual asks them for their passwords and IDs thereby gaining the ability to access the company’s private information.
- Another example of social engineering would be a hacker leaving a USB stick on the floor in or around your office, possibly titled “cute puppy pictures”, “2019 promotions” or “payroll data”, hoping someone will pick it up to see what is stored on it. Malware would often then be automatically downloaded to the computer and the wider network.
We hope that this “spring clean” list is of some use. Obviously this isn’t intended just for springtime, you should use these tips throughout the year to ensure that your systems are constantly reviewed and your IT security is working well for you and your business.
For more information on cyber-attacks and social engineering, please contact your IT Support provider.
For all Cashroom clients with leavers please contact your Cashroom representative if you have any staff that need removing from the portal. If you would like more information on how to do this yourselves, please refer to the portal help icon and look for Adding / Deleting Client Users in the “How-to articles” section.
Rachel Faris, IT and Data Protection Administrator at The Cashroom Ltd