Notes: The CRYPTRON Security GmbH website does not use cookies. No session or user cookies are created when visiting the website. Cookies are small text files that can be stored in a user's Internet browser via a website. Cookies are only created when administrators make adjustments to the CMS. Cookies do not cause any damage to your computer and do not contain viruses. By using this website you agree to the processing of statistical data about you by Google (Google Analytics). We occasionally run marketing campaign with support of Google Analytics for evaluation. You can disable the use of cookies at any time through the settings in your browser. As a rule, cookies are used only for the duration of your session for the purpose of anonymous, static assessments and to improve the user experience on our website. By clicking "OK", you agree to the storage of cookies on your device, which will be used to improve website navigation, analyze website usage and optimize our marketing efforts.

More Information
Info

Cryptron EN

Search

Your security and IT teams know all about the dangers of cybercrime , phishing, business email compromise and malware, and the importance of practicing good cyber hygiene. But how well do the rest of the employees in an organization know and practice the basics of working safely with new technologies? How well known and prevalent are basic security practices in your organization?

In this blog post, the CRYPTRON Security Team outlines essential things employees should know and do, or just not do.

1.) Don't let others use your work computer

There's a reason we all have our own passwords, and it's not just to protect the company, but to protect ourselves. If someone accesses company resources with your credentials, who is to prove it wasn't you? If you think it's unlikely that your colleagues are doing something malicious, remember that people can easily be tricked into doing things either against their will or without realizing what they are doing. Remember, it's also easy to be fooled into trusting people who seem to have the authority or wouldn't you like to be the person who was named in a security audit as the weakest link that allowed professional hackers to compromise your company's network, right?

Always log off when you are not at your computer and if someone else has a legitimate reason to use it, let them log in through their own account or a guest account - never through your user account if possible.

2.) Do not insert unknown USB sticks

Another proven trick that penetration testers but also criminal hackers regularly use to open backdoors or load malware into a network is to insert malicious USB sticks with appropriate payload.
Unknown removable media should either first be handed over to the IT department for approval or connected to a separate computer running a trusted anti-malware solution.

3.) Do not click on links or attachments without checking them first

Phishing via links and attachments in emails is still by far the most common infection vector for ransomware , backdoor Trojans, cryptominers or adware and other forms of malware. Checking links and files before clicking on them is like washing your hands to prevent corona virus transmission. Only the advice is to do this not just "frequently," but always.To check a link, hover your mouse cursor over the hyperlink (e.g., https://www.cryptron.ch) above it, usually colored blue, to see if it points to the expected location. Copying and pasting the link into your browser instead of running it directly in your email client is also a useful habit. Further, it is recommended to have strange URLs checked automatically with, for example, VirusTotal.

4. ) Out of office messages (Out of office).

If external emails result in an automated response that you are out of the office until next week, or on maternity leave, or were skiing in the mountains until Friday, you have provided valuable information to scammers, spammers and criminal hackers alike . There's no need to tell the world you're unavailable, just your colleagues and your boss - business emails should be forwarded to an alternate contact who can handle requests in your absence.

5.) Multi Factor Authentication

Credential theft is high on every attacker's agenda, but there are simple steps you can take to minimize this risk for the vast majority of attacks.

First, enable 2-factor or multi-factor authentication for all accounts that support it. Short-term code generators such as those from Google and Microsoft Authenticator should be used whenever possible. Also, use a password manager to ensure you generate unique passwords for each account and use a different password for each service on the Internet. Biometric authentication options are, of course, increasingly in use today and can be used selectively depending on requirements.

6.) Public WLAN hotspots

Use your personal hotspot on your smartphone when you are not at home or in the office. Public WLAN is inherently insecure because all other users on the same WLAN network can eavesdrop on traffic, among other things. If for some reason you can't avoid using unprotected public WLAN, make sure you use encrypted email, messaging, and communication channels like VPN to work securely on the go. Never do things like payment processing or banking while connected to a public Wi-Fi hotspot.

7.) Do not mix work and fun.

As a general rule, your work devices should not be required to be used for anything other than work tasks, according to company policies or directives. This is not only to protect your business, but also yours and globally, many companies do not yet have a privacy policy for data or activities in the home office or on work devices such as notebooks, tablets and smartphones with business apps. (Keyword: Compliance, GDPR)

8.) Do not ignore software and operating system updates.

This should also be mandated by company policy. However, if your device is not centrally managed by IT, you need to pay attention to software and operating system update notifications. Why is it so important to apply updates in a timely manner? As soon as vendors release a patch, hackers and reverse engineers try to figure out what the vulnerability was in the previous version and how it can be exploited. Therefore, apply security updates regularly.

9.) Have you been hacked, what to do?

If a computer has been hacked, you can no longer access your company data, the web store is down or under the control of criminal hackers, then call our Incident Response & Forensics team.

The vast majority of problems occur because one or more of the above practices were ignored. Giving criminal hackers a hard day at the office doesn't require a master's degree in cybersecurity, just an awareness and practice of the basic principles that apply whether you're working from home, in the office, or on the train while traveling.

To learn how the home of Security team can help your employees and organization stay safe in times of crisis, contact us or request a free demo of our security services, training and software solutions.