How well are you equipped for handling cyber threats to your business? Take the quiz below to test your knowledge on cybersecurity.
- You just received an email from a client telling you to attend to an urgent financial matter with a link to help you.
Do you… ?
- Click the link provided to sort out the problem as quickly as possible.
- Delete the email because all emails like these are scams.
- Carefully assess the sender address and content, and contact the sender via a previously used channel.
There are many cybercriminals out there who are intent on gaining access to company secrets and sensitive information. Whenever an email reflects a sense of urgency and demands immediate action, it is usually a good time to pause and assess all the facts. Fraudsters are known to use seemingly legitimate addresses that mimic real email addresses to lure individuals into clicking malicious links and giving away sensitive information. Whenever you receive an email with an unsolicited link or that presents itself with great urgency, it is best to contact the sender through a known channel to ascertain whether or not their request is legitimate (most of the time it will not be). Be vigilant to avoid this kind of cybercrime known as ‘phishing’.
- A strange pop-up just came onto your browser window.
Do you … ?
- Reach for the “X” (close) button and click it as quickly as you can.
- Inspect the pop-up without clicking anything, and exit the website if the pop-up is unexpected.
- Just click accept because you don’t believe that pop-ups can harm your computer.
There are many websites that run scripts that are malicious or have the potential to be malicious. While it may feel instinctual to just reach for the first sign of an exit button, be wary not to click on a malicious link. Many illegitimate and fraudulent ads, pop-ups, and notifications exist on the web that mimic legitimate messages. Always inspect a pop-up and if it is unexpected (especially if it relates a sense of urgency) it may be best to exit the website altogether. Many aids, such as anti-virus and anti-malware software, exist to help users identify bad or potentially hazardous sites.
- You’re setting up a new computer and new accounts for an employee.
Do you … ?
- Only install the operating system, and give your employee easy to remember passwords like 123CompanyName and trust the basic pre-set antivirus software
- Set up the computer with all relevant software, already-strong passwords, and premium security software?
Whenever you set up a computer for an employee or set up new accounts for your employees, it may be tempting to simplify the process. However, making sure that you uphold a high level of security from the start is vital to ensure maximum protection. Set up new accounts with strong passwords that cannot be easily guessed and contain an array of lowercase, uppercase, numeric, and special characters. While pre-set antivirus programs like Windows Defender are not completely useless, they cannot provide the same level of security that dedicated anti-virus software can.
- You’re working away from home and find yourself seated in a coffee shop.
Do you … ?
- Connect up to your own mobile router because you think that is the safest option
- Connect to the first available open Wi-Fi network with a name like FREEWIFI
- Use a VPN before connecting to any network in the public space
- Buy a coffee and just people-watch because you can’t work safely from a coffee shop
Open Wi-Fi networks are extremely dangerous as they have no protocols in place to prevent anyone from reading the data shared on the network. It is not advisable to connect to an open network, and where open networks are used, make sure that they are legitimate (in the scenario above, you might ask a waiter for the coffeeshop’s Wi-Fi name and password – if the Wi-Fi is password protected) and use a VPN program to encrypt the data sent from and to your device. It should be noted that although VPNs are largely effective in hiding data from cybercriminals, it is not a failsafe as there may be delays in the connection between the network and connection to the VPN (in which your details could be briefly exposed). It is always best to use a trusted network.
- A new employee has just joined your company.
Do you … ?
- Educate them on things to look out for online and teach them to practice online safety
- Let them read through a policy and hope they understand the security measures that you have in place
- Trust them to know good security practices because their generation knows internet security a lot better
Proper cyber-security in your business relies on adequate training and retraining — regardless of age and experience, you cannot rely on the new employee to be aware of all the security threats that your business may face. While online safety policies may provide guidance and give you a method of keeping employees accountable for digital safety, it doesn’t physically provide that safety. Always keep educating and retraining your employees (even established ones) on cybersecurity practices, thereby establishing a company-wide reverence for digital security best practice.
- Your employee does not have a personal computer and wants to use their work device for personal purposes.
Do you … ?
- Tell them that the device is only for work purposes and is not to be used for personal tasks, leaving them disappointed
- Avoid being a spoilsport and let them go to town with the device
- Tell them that it’s okay to use it for person tasks as long as they take strict security measures
Even if you want to exude a ‘cool’ attitude and have your employees like you, letting them use work devices for personal use is highly irresponsible. If you do not set strict boundaries regarding the use of company assets, you open up yourself and your data to a world of unnecessary risk. Even if you have the utmost faith in your employees, you should always designate company devices for strictly professional work. You may also want to add administrator privileges to ensure that your employees are unable to install/uninstall any software that you have not authorised.
(Answer key: 1.c, 2.b, 3.b, 4.a (or c), 5.c, 6.a)
This article is a general information sheet and should not be used or relied on as legal or other professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your adviser for specific and detailed advice. Errors and omissions excepted (E&OE).