To kick off cybersecurity month, we are proud to present the insights of TreeSolution Consulting, a global leader and pioneer in cybersecurity consulting that was founded by Dr. Thomas Schlienger for companies who want to intelligently improve their information security posture.TreeSolution is a longtime partner of Hoxhunt. They have amassed an outstanding track record of helping companies build information security awareness guided by Dr. Schlienger’s visionary, science-based training methodology. Dr. Schlienger believes that employees are the key to security, and organizational awareness will flourish with firm cultural anchors established at all levels of the organization. TreeSolution helps clients build measurably effective security cultures, supported by awareness campaigns and aligned with business goals.
Cyber threats are rapidly increasing every year. According to McAfee (1), the global cost of cybercrime in 2020 was around $ 1 trillion. This is an increase of more than 50% compared to 2018. In cyberattacks, companies or individuals are maliciously attacked by individual hackers or groups of hackers over the Internet in order to obtain data, information, or money.October marks the beginning of the annual European Cyber Security Month. It aims to make states, companies, and individuals more aware of the dangers of cybercrime, and of ways to stay protected.Cybersecurity month is a great opportunity to shine a light on five selected information security areas to watch out for. And how to stay safe!
Cybersecurity refers to technical as well as organizational measures to protect IT infrastructure and organizational data against malicious attacks. This includes the protection of computers, networks, servers, smartphones, and smart devices, but also data protection and information security.There are three types of cyber threats:
All threats are composed of the same types of attack. The spread of malware (viruses, Trojans, spyware, adware, ransomware, botnets) puts computers and systems out of service or damages them. SQL Injections enable hacking of databases to obtain information. Phishing is an attempt to obtain login and financial data as well as to find out personal information. Man-in-the-middle attacks intercept information between two parties, e.g., a computer and a network. In the case of denial-of-service attacks, networks or servers are flooded with data traffic so that the infected computer systems can no longer run, and companies are unable to function. Attack targets are typically governments and companies, but can also be private individuals.
How can you protect yourself from cybercrime as a company and also as a private person? On the one hand, technical protective measures are essential. On the other hand, our behavior has a decisive influence on the risk of becoming a victim of a cyberattack.
Phishing emails are e-mails sent under fraudulent pretext by hackers, who try to obtain login details, bank and credit card details, or other personal information. As a rule, the goal is to make money with the data obtained or to gain access to systems. The emails often look deceptively real and appear to come from a legitimate source, such as your bank. Urgent calls to action entice users to click on links and enter their data.It is therefore important not to click on links in emails, especially from unknown senders. Be wary of any request for login information. No reputable company will ever ask you to adjust your access data via a stored link or to disclose them by replying to an email. Also, be careful if you are asked to provide your credit card or bank account information.Watch out for misspelt, missing, or misaligned letters in emails and links. These are also indicators of phishing.
Malware, also known as malicious software, is software that can damage your computer, smartphone, or tablet or disable it entirely. Malware is mainly spread via the internet while surfing, downloading software such as email attachments, or via social media. Malware can also be distributed via USB sticks and other mobile data carriers. As with phishing, the motivation is mostly financial or industrial espionage. Hackers can also be politically motivated or want to damage a company's reputation.Viruses, Trojans, spyware, adware, and ransomware are forms of malware, and they are often spread via botnets.On the one hand, technical measures provide protection against malware:
On the other hand, users must also behave securely:
Social engineering is a method in which fraudsters fake an identity in order to obtain information or to convince their victims to take a certain action. For example, they can pretend to be a help desk employee in order to persuade the victim to provide login data or to convince them to visit an infected website. Most of the time, social engineering is used to attempt to obtain login data, steal credit card or bank information, or gain access to IT systems. The more information that can be gathered about a victim, the higher the chances of success in an attack. Most of the information is found on the Internet, e.g., on company websites or in social media, but it may also come from public registers or the phone book.It is important that you never pass on internal or confidential information about yourself or your company to strangers. Passwords and access data should never be shared. Do not allow yourself to be pressured or persuaded to download a particular file or visit a given website. Read more tips on how to protect yourself from social engineering in our blog.
Every day we have to enter passwords for our work or private lives in order to log in to systems. A well-chosen password is essential for protecting yourself against dangers from the Internet.If passwords are revealed, data can be manipulated or stolen. Hackers have special tools with which they can easily discover passwords if the passwords are not created according to certain rules.To ensure protection, a good, secure, individual password must be created for each application. Never use the same password for multiple systems or websites and never give your login details to anyone else. Otherwise, the passwords lose their effectiveness for protection. Always activate 2-factor authentication if the system allows it. This also increases security.Note the following points when creating a new password:
The following tips can help you avoid having to write passwords down and make them easier to remember:
Nowadays it is more important than ever that employees are trained on the topics of information security. Training courses should take place at regular intervals and ideally be coordinated with one another.Employees are the most important element of protection when it comes to cybersecurity. Use this element of defense by enabling your employees to recognize the dangers associated with the Internet and to behave correctly.The European Cyber Security Month is a good opportunity to train employees with a targeted campaign. Create virtual games, quizzes, e-learning courses, or events where employees can actively participate on site. The topic can also be brought to people’s attention with posters, intranet pages, or e-mails.In our blog posts we discuss how to plan and implement a security awareness campaign and how to successfully change the behavior of employees.
Dr. Thomas Schlienger, Dipl-Inform., is managing director and owner of TreeSolution Consulting. He has specialised in the subject of Information Security Culture, in particular on the questions of sustainability and measuring of Security Awareness. Since 2002 he has dealt with this subject, at first during his academic career, since 2005 with his own company. He has studied Business Informatics at the University of Zurich and has written his doctoral thesis about Information Security Culture at the University of Fribourg. Thomas Schlienger is an author of numerous professional and scientific publications, ISO 27001 Lead Auditor and lecturer at the Bern University of Applied Sciences and the Luzern University of Applied Sciences.