• Security
  • 24/10/2020
5 simple ways you can mitigate social cyber threats

Social threats like identity theft, social engineering, phishing, vishing, smishing, scams, cons, doxing and spam emails can be mitigated with security controls to protect you and your business.

You can divide these security controls into two categories. The first is for an individual to adapt their online behaviour. This means altering ones actions to a safer way like not downloading an email attachment.

Behavioural changes depend on people never making mistakes which unfortunately for creatures of habit who grow more forgetful with age; one's ability to recollect goes down and proneness for fallibility increases. What's that old saying? You can show the horse to the water but you can't prevent them from downloading email attachments? Something along those lines. Don't send a horse to protect your IT infrastructure anyway, they clearly lack the dexterity for it.

The second type of control is using a technical one like sandboxing your email client browser. The Implementation of both behavioural and technical controls to protect us against social threats ensures we're deploying defence in depth. This way we have multi-layered both forms of security controls to protect us.

Here are 5 behavioural changes you can make to protect yourself from these threats.

 

1. If you did not request it, always be suspicious of it.

Do not respond to it. Be immediately suspicious. This includes your emails, SMS, telephone calls, messages, things popping up on your screen or messages in messaging apps. Some of the messages you receive can be very enticing and seem legitimate, but if you didn’t request it or weren’t expecting it, consider it suspicious. If you have subscribed to an email list, then you are expecting the emails so it is fine. However, if you suddenly get an email you never requested, then it should immediately be considered suspicious.

 

2. Never download and run any file you don't 100% trust.

Especially not if you've been sent it via a link or via a an attachment from an email you did not expect. All email attachments should be considered suspicious and should be put through some technical controls that we'll detail later, so don't run attachments and files that you don't 100% trust.

 

3. Never enter sensitive information after following a link or pop-up.

Never enter things usernames, passwords or personal information after following a link or pop up. Always, always go to the site by typing the URL into the browser yourself. In fact, these days, companies should nt be sending out links by emails asking you to log in and enter personal information. You will find companies that understand security do not do this anymore, they ask you to go to the site and login without providing a link. They tell their users that they never send out links, because they want to train their users out of receiving links in emails and clicking on their site. So never enter usernames, passwords, oe personal information after following the link. Go to the site yourself, enter the URL yourself within the browser.

 

4. Validate the link.

If you read How to tell if website is attacking you, you now know how links are manipulated. Check to see if a weblink uses any of the attack types and link manipulation techniques. What is the high level domain?

 

5. Minimise personal information disclosure.

The best defence is actually very easy to stick to - just minimise the personal information you give out online at all times. By doing so, you're less of target and risks to your personal information and privacy drop as a result. Minimising your registration and finding alternatives to providing information on registration makes you more secure and lessens your online attack surface.

If hackers don't know you exist and your email, phone numbers and messenger ID's are not available, how can they attack you? Posting email addresses, phone numbers or messenger ID's in forums or anywhere online get gathered by automated scanners. This is how you end up on a hackers hit list for an automatic target of phishing attacks, scams, cons, spam, or whatever else is the latest social attack.

Recent Post

The Cloud Question

Security

Are IT preconceptions holding the business back?

Security

How secure is the Cloud?

Security

The Six R's of Cloud Migration

Security

Cloud Computing and the Property Sector

Security

Related Posts

  • Security
  • Jan

Do we value our data enough to protect it?

I’m sure you know yourself. You know your business. Of course you want to protect everything in it,

Read More
  • Security
  • Jan

Privacy or anonymity? - Which is more important in the digital era?

Technology is evolving quicker than most peoples’ ability to understand it; therefore it is increasi

Read More
  • Security
  • Jan

If all computers are vulnerable, how strong are your security defences?

You should now understand the difference between Privacy, Anonymity and Pseudonymity. which should l

Read More
  • Security
  • Jan

The Cyber Security Landscape - Best Practices to Protect Your Business Data

What business owners consider to be valuable assets will vary from one business owner to another  bu

Read More