Cisco recently released its 2015 Cisco Annual Security Report which highlighted that spam attacks, a tactic most might consider themselves to be alert to, have increased by 250% in the past year. Incident Statistics from the Malaysian Computer Emergency Response Team (MyCERT) concur with this, revealing that the 2906 spam attacks in the first half of 2015 make up 49% of all reported security threats in Malaysia.
Findings from the 2015 Cisco Midyear Security Report also revealed that web, network and email are the top three attack vectors. All three are ubiquitous nowadays, especially in Asia Pacific with its high mobile and Internet penetration rates. This indicates that users need to revisit a few principles that help keep our identity and organisation’s networks safe.
Cisco has developed 10 simple ways for employees in this digital age can cover the nooks and crannies without much of a flinch.
- Use non-trivial passwords – Choosing our passwords is a challenging dichotomy – on one hand we are being told (and sometimes forced) to use complex not-so-easy-to-guess passwords, but on the other hand we are expected to be able to remember all of it. Check out applications like Numeric Password Follies and Keep passwords safe and secure with password management.
- Change Our Passwords Regularly – It is highly recommended that you be proactive about changing your passwords regularly. Create a repeating reminder in your daily calendar to tell you when it’s time for a new one.
- Don’t use the same password everywhere – Once we’ve developed that very complex, non-trivial password, we hang on to it for dear life and use it everywhere. Many hacks or data breaches that are helped along the way because we use the same password for both personal and professional sites and applications. If you need help with remembering all these passwords, use a password manager tool.
- Don’t open emails that smell “phishy” – If an email appears suspicious and rather fishy, it probably is and you shouldn’t open it. Go directly to the known website of the supposed sender of the email. Be leery of emails which contain nothing but one URL/link or emails that start out with text such as “open this, it is funny.” Agree with your friend to send something he knows that will identify him when he sends a single link.
- Keep your operating system (OS) and application software up to date. Many Operating Systems (OS) provide automated means of updating software on a regular basis. Some of these updates patch the loopholes in security, so make full use of them.
- Understand your privacy settings and the security measures on your social networks. It is imperative that you are aware of what information is shared on your social networks. There are mechanisms are available to you to restrict access to the data you want shared to only those people with whom you wish to share, so remember to check your privacy settings.
- Have your guard up at all times. We often become lax, trustworthy and accepting of all invitations – whether by email, phone call, or text – on their surface, but when you get an email asking you to “click on the link” to resolve a banking dispute think twice, and contact the bank directly! Clicking on links sent to you via email or text could cause you to inadvertently and unknowingly provide login credentials and Personally Identifiable Information (PII).
- While Anti-Virus (AV) Software is certainly not a silver bullet and probably won’t stop some of today’s more complex threats, it is still a useful tool to have in our security toolbox both for our corporate and personal devices. Although most corporate IT departments push out updates regularly to our professional devices, we need to also ensure that the AV Software running on our home and personal devices is kept current and is regularly updated.
- Who you gonna call? Know who and how to report any suspect network security incidents, i.e., phishing, spam, malware, DoS, etc. This could be your ISP, your corporate IT department, Help Desk, or Information Security (InfoSec) department.
- Be vigilant and stay up to date with the latest cybersecurity news. Regardless of your role and your technical acumen, find at least one source of security intelligence to monitor via RSS, email, Twitter, or by just directly visiting websites. The Cisco SIO portal has a variety of information such as security alerts, blog posts, technical white papers, best common practices, and upcoming security conferences.