The Cyber Blog Times

How to sensitize your team to cyber risks in 2 steps?

by mathildeexlm

The Cyber Blog Times

How to sensitize your team to cyber risks in 2 steps?

by mathildeexlm

by mathildeexlm

It’s TheCyberBlogTimes again! Today, it’s all about cyber risks. Ready to read, ready to score (and win our final award?)?

Your first time here? No worries, read this article and catch up with the rules and the first two articles here:

  1. How to watch out for your infrastructure with a SOC?
  2. How to react to a cyber incident?

What is cyber risk?

Cyber risk is defined as any risk of financial loss, business interruption, data loss or damage to a company’s reputation due to a failure of information technology systems. These risks can take many forms:

  • Intentional and unauthorized intrusion into a system to obtain secure information for espionage, extortion, or image deterioration.
  • Unintentional or accidental intrusion of a secure system, but the risks must still be managed.
  • Operational risks related to information technology due to lack of system integrity or other factors.

A cyber risk may arise because of a cyber attack.

Cyber attack is a threat to computer systems with malicious intent. It targets various IT devices: computers or servers, isolated or in networks, connected or not to the Internet, peripheral equipment such as printers, or communicating devices such as mobile phones, smartphones, or tablets. There are four types of cyber risks with different consequences, directly or indirectly affecting individuals, administrations, and companies:

  • cybercrime,
  • damage to image,
  • espionage,
  • sabotage.

Help your team recognize cyber risks

It is fair to say that cybercriminals are not lacking creativity. Thus, new techniques have multiplied over the years, so it is important to continually educate your teams. Despite this, some techniques remain old-fashioned:

  • Phishing/Ransomware: emails sent to all or some of the employees of the company containing booby-trapped links. The latter invites them to change their password or to provide confidential information. How can you avoid this? Teach your employees to recognize official emails from fraudulent ones.
  • Password theft: Thanks to hacking. How to limit password hacking and theft? Activate two-factor authentication and choose passwords with the highest security level and change them regularly.
  • Infection via external removable devices, including USB sticks. Hackers infect a computer with malicious code designed to automatically spread to all newly connected removable devices. When your employee connects this device to one of the company’s computers again, the device is also infected, etc. How can you avoid this? As you may have guessed, by raising awareness among your teams…
  • Exploitation of network security breaches: When an employee uses a free Wi-Fi connection without using a secure connection. You can avoid this by passing on the correct connection gestures.

Excellium Services: Cybersecurity awareness for your teams

Raising user security awareness is essential to protect your company from malicious people and prevent potential attacks. Indeed, your employees are the first ones to be targeted by a computer attack due to their lack of knowledge on the subject. By training them, you can build strong walls around your IT equipment.

To do this, several solutions are available:

  • Drawing up an IT manual summarizing good practice and the internal security policy.
  • Making your employees aware that they work for a company with sensitive data and that they are the first people targeted for access.
  • Reminding them of the possible consequences of such an attack for the company.
  • Training your employees in good practices and reflexes with the help of a specialized security consultant.
  • Carrying out a live-hacking session to teach your employees how to react in the event of a cyber-attack.

These sessions may be accompanied by a test of knowledge or even a certification at the end of the training. Continuous training is preferable to keep up to date with current threats and the best practices to counter them.

 

Let’s go for the cyber risks challenge!

Let’s not lose our good habits and finish strong with our little traditional quiz. Hit the score and who knows maybe you’ll win our competition and final award at the end?!

Ready to play?

  • Attackers access someone’s computer and encrypt the user’s personal files and data. The user is unable to access this data unless he pays the criminals to decrypt the files. This practice is called:
    • Phishing
    • Files blocking
    • Ransomware
    • DDoS attack
  • Which of the following should you do to restrict access to your files and devices?
    • Have your staff members access information via an open Wi-Fi network.
    • Use multi-factor authentication.
    • Share passwords only with colleagues you trust.
    • Update your software once a year.

Don’t forget to send us your answer by email. 

Did you like the article? Let us know on social media with #TheCyberBlogTimes.

 

Alaaedine CHATRI,

Lionel THONNATTE.

Top