Cybersecurity awareness includes knowing what not to post online. With our digital reality of sharing content on social media, real-world cases have shown that it's easier to get ID cards than we think. If you post a selfie with your work badge, this is the kind of information hackers are always on the lookout for.
Even if you don't post a photo of your ID (which you know not to do), posting other details about your work or personal life can lead hackers to finding other sensitive information.
For example, in 2020, Australian Prime Minister shared a photo of his boarding pass on Instagram and that led hackers to his phone number and passport details.
Key elements possibly on an ID:
ID cards give access to highly sensitive data and information. If posted online, hackers can duplicate it.
Some companies have installed radio-frequency identification (RFID) entry authorization but this doesn't make them safer. People can by RFID scanners on Amazon or eBay, and it could take months before an ID theft is discovered similar to a ransomware attack.
There are now newer ways to check ID such as finger scans, face scans, or iris scans rather than physical cards.
Cybersecurity training should be proactive. Daily reminders, frequent simulations and workshops, to test skills is key, not just having a presentation every year.
Based on research conducted, 77% of SMEs see remote working as an increased risk to their business. This risk is due to a lack of access to business infrastructure. It is difficult to monitor when nobody is on site and also risky to leave it completely unattended. The increased distance between staff and their infrastructure, and the delay time in maintenance and disaster response, is what cybercriminals are looking to exploit.
SMEs have increased risk of sensitive data being exposed or ransomware attacks if left unattended for too long.
Education, healthcare, and financial are top targets for cybercriminals. Thus, these industries need to regularly monitor their infrastructure.
“It is imperative that SMEs treat their data and IT infrastructure like any other asset and properly secure it. If SMEs are unable to secure their infrastructure due to remote working or a lack of expertise, they must find a custodian who can do it on their behalf, or run the risk of having their data comprised in the future.”
A new poll of 253 small and mid-sized firms finds that very few businesses are prepared for a cyber attack.
Fewer than two in five respondents to the online survey by KPMG Canada, released on the eve of Cyber Security Awareness Month, believe they can fully detect and fend off cyber attacks.
This ties in to the challenges companies are face. From low funding, to staff shortages, it all makes it difficult to protect the business. Once businesses get more funding, they can not only focus more attention to cybersecurity, they can create awareness and training for staff too.
The larger the company and larger the digital footprint, it becomes more challenging with all the interconnections within the network
– only 38 per cent of respondents said cyber security is “deeply embedded” into all aspects of their business;
– just 39 per cent said they are “very confident” in their ability to detect and respond to a cyberattack, while 59 per cent were “somewhat confident;”
– 48 per cent of respondents plan to increase their cyber security budgets by up to 20 per cent in the next 12 months. One-third plan to increase cyber spending by less than five per cent in the same period.
How to improve the cybersecurity maturity of organizations:
–Find more staff with cybersecurity skills
–Spread the importance of cybersecurity
–Focus on patching, identity and access control and vulnerability management instead of new products