Recent high profile data breaches have ensured cyber security is again a hot topic of discussion. Despite the best efforts of organisations to secure their systems, criminals know the weakest point is typically the individuals using the system, not the system itself.
It is important to train every individual working within an organisation to recognise threats and understand how to reduce the risks of a serious breach. It’s not just company data and money that is at risk; reputational damage is at risk too.
It’s time the focus switched to practical advice, rather than just news of more impending problems.
At Quiss, we deliver advice and training to staff at many organisations to help cut the risks, with best cyber security working practices including but not limited to these helpful hints:
PC & Laptop Security
- Lock your PC when you leave your desk.
- Do not store private/sensitive information on your desktop or in unsecured local folders.
- If you receive an anti-virus alert, immediately report it to the helpdesk.
- Do not install any software/apps that have not been specifically authorised.
- Read any on screen alerts and understand them. Don’t just click on them to get rid of them!
- Shut down your PC at the end of the day (to ensure updates are automatically installed).
- Lock mobile devices with a password or Personal Identification Number (PIN).
- Turn off Wi-Fi and Bluetooth services when not in use.
- Learn how to create and remember strong passwords.
- Never disclose your password (even to IT Support).
- Change your password regularly.
- Look out for suspicious e-mails, e.g., address, content/wording, urgent requests, requests to follow links, unexpected attachments.
- Beware Phishing/Spear Phishing e-mails e.g., unexpected request/information with familiar tone claiming personal knowledge.
- Be aware the address could be fake, double check content/wording, urgent requests, requests to follow links, unexpected attachments.
- Ensure you have appropriate e-mail security that’s current, patched and managed.
Using Wi-Fi – Best practices
- When using public Wi-Fi ensure you log off any services you were signed into.
- Tell your device to forget the network (to prevent future automatic connection).
- Make sure you can identify the correct network.
- Avoid conducting financial or corporate transactions on unsecure public networks.
Identify secure Wi-Fi connections
- Is the network name correct?
- Does it require a security code?
- Is the security code individual to you?
- Identify secure web connections, check for https:// and a padlock in the browser.
- Be aware of/look for any suspicious links.
Awareness of Social Engineering
- Make sure your social networking profiles (e.g., Facebook, Twitter, YouTube, MSN, etc.) are set to private.
- Be aware of what information you share online e.g., LinkedIn.
- Be cautious when giving out personal information on the Internet.
Using Portable Media
- Never plug an unknown USB drive into your PC/Laptop.
- Do not plug your USB powered device into a public USB charging point.
- Encrypt USB drives if possible.
This list is by no means exhaustive and only scratches the surface of the complex challenge cyber security poses for law firms in this always-on, digital world, where criminals are developing ever more sophisticated methods to steal.
We urge every law firm to provide regular cyber security training for everyone within their organisation, ideally as part of the induction process, as new starters are more vulnerable to attack in this way.
If in doubt, find out how Quiss can help.