Cyber Security Awareness Training for Employees

Summary

If you use the same password on multiple websites and one of those websites gets hacked, the hacker now has access to all of your login websites including your work accounting system. Using the same password not only places you in a vulnerable position but also any other individual who has sent you their personal information. If you used those details on Gmail, Facebook, Instagram and every other site, you have now given the hacker full control. Avoid using the same password on multiple sites and protect yourself from financial and identity theft.

Summary

To check if any websites you used has been hacked, go to:

Google Avast  Hackcheck

Enter your e-mail address to get a list of site that you used, that has been hacked.

You can also Google haveibeenpwned

Summary

Cybercriminals may be trying to gain access to your computers and websites. How are they able to do that? By stealing or guessing your password! Most people use their favourite sports team, brands and even curse words as their passwords.

So try to make your password:

• At least 16 to 20 characters long

• Don’t bunch up special characters in your password, spread them out.

• Don’t have them written down next to your computer

• Do not use sequential numbers or letters, example: 1234 or abcd

• Do not use words found in the dictionary

• Never reuse your passwords

  
  

Looking for Trouble?

If any of the passwords below are similar to what you use, then you are just asking for TROUBLE:

123456
123456789
qwerty
password
12345
qwerty123
1q2w3e
12345678
111111
1234567890

Tip 1:

To create a strong password, use a mixture of UPPER and lower-case letters, numbers and symbols.

Tip 2:

NEVER use personal information or a common phrase. Family names, birthdays, quotes, phone numbers, addresses or anything you post online is a BIG NO.

Summary

Don’t let your browser remember passwords for you! Although the option is convenient, the underpinning security is often undocumented. By saving your passwords in your browser, you are giving thieves and hackers complete access to your online accounts.

Tip 1:

Go to all your web browsers example: Firefox, Chrome, Microsoft Edge etc. and remove your saved passwords.

Tip 2:

NEVER save your passwords in a browser again.

Summary

Sharing passwords in the workplace, and amongst friends is a common practice.
Password sharing can be very risky if it’s not done securely.

A password that falls into the wrong hands can result in a ransomware attack,
a data breach, or your company being found out of compliance with POPI Act / GDPR.

What is Vishing?

Vishing is identified as a social engineering technique used by hackers which involves making phone calls or leaving voice messages claiming to be from trustworthy company for the purpose of enticing people to divulge personal information such as bank account numbers and credit card numbers.

In recent years, there has been an increase in vishing in the workplace due to hackers believing that humans are easier to hack than computers.

It is essential that employees are trained to identify, take note of suspicious calls and voice messages and to follow best practices for all telephonic conversations.

Tip 1:

Verify all calls with the actual organisation that the caller claims to be a part off.

Tip 2:

Do not divulge sensitive information over the phone.

Tip 3:

Always be suspicious of phone numbers provided in emails. To be safe, cross-check the phone number provided on the company’s website.

Callback Attacks

In recent years, this hybrid form of phishing and vishing have been on the rise. Several known cybercriminal entities are known for using this technique and some of the largest known cybercrime cases are due to this technique.
A suspicious email is sent saying “you’re being automatically renewed for a subscription”. However, you have no recollection of taking no less! In your panic and frustration, you would call the number attached to get the matter resolved. However, in this particular scenario, you are met by someone who is posing to be a helpful clerk but they’re actually a cyber criminal skilled in the art of social engineering and use this to gain sensitive information such as login details or even banking details.
A hacker from within one of these organisations pointed out that large companies are spending billions to upgrade their cyber security making it more difficult to gain access but little is done to train employees so this provides the easiest route.
It is vital that companies are trained to accurately evaluate potential risks and threats.

Tips to Keep You Safe!

OFFICIAL

Make sure you know the name of your domain registrar and only renew your domain name through the official registrar’s website.

NEVER

Never upgrade mailbox space via any e-mail link. Contact your provider directly.

IGNORE

Ignore any correspondence from a registrar unless you know for certain that it is the company with whom you originally registered your domain.

Test files or websites for malware

VirusTotal

Virustotal, is an online malware and virus scanner, that was acquired by Google. You can upload a file and check if the file is malicious. The site also allows you to check a website link to test if the site is secure.
Never upload any sensitive information to these kinds of websites.

Keep your EYES Open!

Fake Profile

The tactics of cybercriminals are extremely creative! Cybercriminals create fake social media profiles that look like legitimate profiles in which they conduct attacks that are both large and small. Fake social media profiles plan cyberattacks to target people in specific companies or businesses. For example, using a CEO’s fake profile, these cybercriminals can conduct catfishing attacks and ask for personal or sensitive information about the company from employees. These fakes profiles are utilised to instruct employees to do things that could disrupt business operations or put someone in a compromising position. An example of such a social media attack is a man named Spas Vasilev who created a fake account under the name Alexander Nikolov and used that fake identity to defraud others

Compromised Profile

Verified social media profiles are likely targets of such attacks. Compromised profiles can be used to expose a brand’s customers to malicious content. This attack is similar to brand hijacking and can be very harmful as it also negatively affects an organization’s website. Retail giant called Target suffered a profile attack in 2018. Scammers use the brand’s verified Twitter account to encourage customers to submit bitcoin to participate in fake giveaways.

Malicious Links and Content

Rather than posting malicious content directly on social media platforms, cybercriminals typically use malicious links to trick victims into clicking on data hosted on third-party websites. Exploits can be shared on social media and used for account takeovers when clicked. This type of attack was evident in the reported hijacking of Microsoft’s Live.com subdomain.

Social Engineering

Cybercriminals use psychological manipulation to carry out such attacks. Social engineering is used to trick unsuspecting users into sharing confidential or sensitive data via social media, email, or other communication channels. These messages often evoke a sense of urgency, fear, or a similar emotion or interest, prompting the target to disclose confidential information, open malicious files, or click malicious links.

Reconnaissance

Today, more and more social media users are willing to share a lot of personal information about themselves, making them easy targets for reconnaissance attacks. Cyber criminals collect and analyse users’ profiles, relationships, behaviours, hobbies, etc., and then use this information to craft enticing messages and other lures. Reconnaissance attacks can be carried out passively on social media and are difficult to detect. Users will not know that threat actors are already using their information to authenticate or access other services or accounts, such as online banking. Therefore, as a social media user, it is best to limit the amount of personal information publicly shared to minimize its informative value to potential cyberattacks. Social media is identified as a playground for cybercriminals which is why it is important for companies to play close attention to the safety of their accounts. Business social media accounts should be protected at all costs as it prevents malicious content from reaching your consumers. Employees should be trained adequately about cyber security awareness in order to prevent future cyber-attacks.