An Auditor’s Tips On Cybersecurity
Would you leave your front door unlocked and propped open all day, every day? Chances are at some point you’d experience a breach in security and arrive home to find your belongings rifled through and valued possessions have gone!
In a digital world protecting your systems, network and programs from digital attacks is crucial. Practising cybersecurity is like locking your door, leaving a lamp on and installing a robust security system. As an auditor we play a critical role in helping our clients manage their cybersecurity, finding the gaps in digital processes and ensuring security standards are met. So, what should you be doing?
1. Pause before sharing your personal information
Your personal information is currency for criminals online. This information is a key for them to access your passwords and bank accounts, fraudulently open credit cards or loans in your name and compose convincingly fake emails. Social media provides opportunities to stay connected with our network, however, we need to be aware of the risks involved.
- Update your privacy settings so only approved friends or followers can view your profile and posts;
- Familiarise yourself with your workplace social media policy to ensure you comply; and
- Educate family and friends about using social media safely.
2. Activate Two-factor authentication where possible
Two-factor authentication (2FA) makes it harder for someone to access your online accounts. With 2FA, if a cybercriminal gains access to your passwords they will be unable to perform any online transaction without your second-factor identification.
- Do not share password, PINs, user IDs or One-Time passcodes;
- Do not use your banking passwords/PINs for other purposes;
- Set up your mobile device with an automatic screen lock, PIN and/or biometric detection; and
- Securely store devices such as security tokens.
3. Identify suspicious emails
Identifying suspicious correspondence from “your bank” ensures you are on the forefront of a potential cyber-attack. Key indicators of a suspicious message can include:
- Embedded URL links, attachments, a sense of urgency in the message, poor spelling and grammar, incorrect branding and requests for sensitive information; and
- Unfamiliar/unusual sender address, an unusual offer from the sender/company and an unexpected or unusual contact.
Handy hint: If you receive an email with URL links, search for the website address using your internet browser rather than clicking on any links that you’ve been sent. Clicking these links can expose your computer or device to hackers.
4. Enable automatic software updates
Malicious software can prevent your computer from working properly, delete or corrupt files and allow cybercriminals to access your personal and confidential information. Employing a quality security software provides a level of protection in the form of virus scans, spam filtering, parental controls and help prevent unauthorised access.
- Turn on automatic updates for your operating system, software and apps on all devices to ensure you are covered by the most up to date security measures;
- When installing security software, make sure you run a software scan to detect any existing issues, then enable regular automatic scanning;
- If your security software cannot remove a virus, seek professional technical assistance; and
- Regularly back-up your software systems so you can recover data if your files are deleted or damaged.