Cyber Awareness

Think before you click

Malicious links can look genuine and the spoofers will try to obscure the links by making them
look legitimate. Be sure to inspect links and ensure they are from trusted senders before clicking. If in doubt do not click and ask us to review the link.

Phishing emails (spam emails)

Spoofers use these methods to obtain account credentials through spoof emails with links leading to fake login pages or infected documents. They then use these credentials to get into email accounts, harvest contacts and send invoices with altered bank account details as the actual person or ask for goods to be bought, gaining them money.

Changing passwords whilst working remotely – COVID-19

For the time being we are advising against changing passwords and should only be done where an account has been compromised, under the guidance of Flex IT to avoid complications.

Do not reuse passwords

Don’t use the same passwords across accounts, use different passwords for each service, account or application where possible. It is especially important to not reuse passwords between work and personal accounts.

Do not share passwords

Sharing passwords broadens the attack surface from those trying to get a foothold into the company systems. If a password is shared with someone else, it drastically weakens the company’s security.

Use a strong password

Take the first characters from a memorable song, quote or phrase and randomise the capitalisation of these. Add in the last two numbers of two memorable years and a special character. We’ll use Do You Want To Know A Secret by The Beatles and end up with DYw2K@s8207.
As you can see in the example we swapped the word To with a 2 and the ‘a’ with an @ symbol to keep the password shorter and still include a number in the middle strengthening the password and using a special character. To use a password across different services, add in an e for eBay or A for Amazon and it will look as part of the seemingly random characters.

Update your computer

If your computer wants to do updates, you can wait till the end of the day to do them. At the end of your working day, allow the updates to run and restart your computer. Updates often keep software secure which is essential to keep your device and accounts secure.

Stick to your own devices

Do not use a computer other than those provided by the company for your daily work, using someone else’s device may open your work accounts to be compromised. Even if it’s only a quick check of your emails, their computer may be infected with a virus and be unknown to them.

Social Engineering

Be aware of strangers or even friends, family or acquaintances adding you to a social media account if you already have them added. Be aware of what you post online as it could be used in a social engineering attack to get information from you that could lead to gaining access to your accounts. Watch out for those questionnaires that ask you seemingly inconsequential questions like your year of birth, pets names, where you grew up, places you’ve lived or visited, favourite foods and movies.

Keep your documents secure

Keep your documents stored on company servers or services. These are good places to store documents and will be backed up and restored. Storing documents on your device risks losing them to hardware failure, accidental deletion or malware and viruses.

Lastly – you are not immune

The most dangerous thought is that “it won’t happen to me” – “I only visit trusted websites”. This is when your guard is down and potentially vulnerable. Stay vigilant and suspicious of any emails that you weren’t expecting from contacts. If someone changes some details about how to contact them, their bank accounts or asks something out of the ordinary of you, always ask them to confirm this before changing any details.