Does the plan include:
- Contact information for key people e.g. staff, suppliers, authorities, support, etc.
- Clear descriptions of responsibilities for individuals
- Making important information readily available such as alarm codes, building access codes, passwords, etc. Have these changed and has your plan been updated to reflect this?
- A process for communicating important messages to your customers
For more guidance and help with your disaster recovery response and planning, read this article from the UK’s National Cyber Security Centre.
You can help your users by implementing an information classification policy. We use Shred-it for our secure disposal, you can read some tips from them here.
Take a look at the Get Safe Online website for further guidance and information on risks associated with working remotely.
There is an abundance of fake accounts, trolls and fraudsters online, who seek to obtain and collect your personal information for possible criminal activity. Be strict with your privacy settings and be vigilant of the things you post. Avoid accidentally sharing information that could hint at:
- Login Details – email addresses, usernames and passwords
- Potential answers to security questions – “I will always love my first pet, Dave the dog”
- Personal details – “Hi Auntie Sharon, give me a call and pop over for Christmas 079….”
- Promoting that you’re out whilst your house/workplace is unoccupied
For further reading, take a look at this article Social Media Safety, which explains the things you should avoid posting and why.
While not all public Wi-Fi connections are dangerous, you can never be confident that your information is secure when using them. To stay safe, you should consider using a VPN which can protect your information, or simply stick to using your mobile data. Click here to read ‘The dos and don’ts of using public Wi-Fi’ by Symantec.
Unless you have intelligent web filtering capabilities, you could be leaving your users, systems and information at risk. There are tools available such as URLVoid and VirusTotal that can help you decide if a website is trustworthy or may have been compromised.
Paying via PayPal can reduce the risk of exposing your card details, as input is not required at the time of purchase. This can protect you at a time like Christmas, when you are likely to be using multiple sites and services.
Get Safe Online offer some great advice on taking and making payments, read more on their website.
Many devices now offer an alternative to passwords or PIN codes using biometric access control (fingerprint, iris scanners or facial recognition). These can be paired with USB security keys such as YubiKey to offer password free two-factor authentication (2FA) for laptops and PC’s.
Common campaigns may masquerade as known contacts, courier services, payroll providers, well known charities and other high profile organisations. The emails usually present some accurate/relatable information to the sender to appear trustworthy and entice you to click on a malicious link. Is that Christmas e-card hiding something? Be extra vigilant, disaster is only one wrong click away.
The most effective way of combatting these types of attacks is with end-user training and/or phishing simulations. METCLOUD, in partnership with Terranova Security, offer tailored e-learning solutions to educate your employees and make them a strong link in your defences. Learn more and sign up for a free demo here.
The best way to keep your shiny new device secure is to update, patch and protect them before you play. It may not be the most joyous part of using the device, but it is one of the most essential. Remember – smartphones, laptops, tablets and PC’s are not just for Christmas – continue to patch them and perform regular backups throughout their life-span to keep your information safe and sound.
There are many ways to look after your new (and old) devices, read some amazing tips and advice from the Symantec Security Centre ‘How to set up and secure your new tech’.
There have been instances of malware or spyware being pre-loaded onto such devices in the past, or ones found to be vulnerable straight out of the box. Cybercriminals are quick to abuse this proliferation of IoT devices as these can be difficult or impossible to protect for the average user. The video below or this NCSC blog post ‘Fixing All Things’ explains this in further detail.
0300 123 2040
03444 111 444
0800 555 111
0800 422 0421