You can stop 99% of Cyber Incidents!
Chirag D Joshi
CISO | Founder | Best-Selling Author | Keynote Speaker | Board Director
Stay Smart Online - 99% of cyber incidents can be avoided by being cyber aware. Oh, and yes, read my book on cyber awareness and the human factor!
Stay Smart Online Week is coming up in October. Just like Valentine’s Day isn’t the only day to be kind to your loved ones, this isn’t the only week to be smart and secure online. However, it’s certainly a welcome reminder that our lives have now migrated online. Our communications, commerce, entertainment, banking and yes, even good ole fashioned Love is now online. This means we need to stay safe and smart online just as we’d in our physical, “non-virtual” lives.
It is also worth noting that October to December period is the proverbial “Happy Hour” for scams and online crime with number of attacks increasing by over 30% during this period. This is due to the holiday and travel season as well as a time when cyber security teams are usually short-handed.
On the topic of staying smart online and protecting ourselves against cyber threats - did you know that according to the latest human factor report , 99% of cyber incidents required human involvement such as clicking on links, opening attachments, downloading or installing software? Only 1% of incidents were a result of system vulnerabilities. This is an amazing fact and also contains a very hopeful message. Why hopeful, you may ask? Because 99% of cyber incidents could have been avoided just by good security awareness and due diligence! The findings of this report are consistent with other studies, analysis and my own professional experience.
It is worth revisiting the basics to protect our information and stay safe online:
· Password and Access Hygiene: have long and strong passwords and don’t reuse them on multiple websites. Instead use a password manager such as LastPass or KeePass to manage multiple passwords. Also, don’t forget to set up Multi-factor authentication on your accounts.
· Be wary of phishing emails and scams. Red flags include: unusual or urgent tone, asking for money or sensitive information, information request that you wouldn’t typically associate with the sender. Always hover over links in email before clicking on them. Additional great content on this topic is available here
· Ensure your mobile devices and computers are updated at all times and have a good anti-virus software running.
· Set up a PIN or password on your mobile devices. Also, have a remote tracking and wiping functionality enabled on your mobile devices so they can be wiped to protect your sensitive information if they are lost or stolen. Oh, and be careful of apps that you install on your devices, as a general rule of thumb, avoid installing apps that have less than 10,000 downloads.
· Don’t use public wireless internet or public computers such as those available at airports or cafes to conduct sensitive transactions like online banking
· Don't assume that a website is safe just because it has a https in its URL. Cyber criminals are increasingly using encrypted channels to appear trustworthy and evade detection. Always read the URL of a website diligently especially if it involves entering your user credentials or other sensitive information.
· Be careful what you share on Social Media and ensure your privacy settings on these platforms are properly locked down. A word of advice - regardless of the privacy setting, never share anything online that you wouldn’t be comfortable being made public. Multiple social media and other data breaches are a reminder of this fact. Besides, if you aren’t paying for a product or service, you are the product or service! Just how the world works. No free lunches or dinners here.
If you’re interested in knowing more about being cyber smart, communicating cyber better and protecting yourself against cyber-attacks, check out my book: “7 Rules to Influence Behaviour and Win at Cyber Security Awareness.” It’s an extremely easy and quick read. The book is available here
I recently read your book. It was very interesting and gave me helpful tips for an audit I am currently busy with.
CDPSE, CISM, ISO 27001 LA, PRINCE2, ITIL (SS)
5 年Good article