21 Oct Affiliate Mitigo Share Helpful Advice on Cybersecurity
Cybersecurity Awareness Month
Cybersecurity Awareness Month – The Three Factors of Authentication
October has been Cybersecurity Awareness Month and APCC’s Affiliate for Cyber Risk Management, Mitigo, are sharing helpful advice and guidance.
Just a password is no longer good enough security. The more factors and levels used in your user authorisation, the harder it is for hackers to gain access to your accounts. We recommend a three-pronged approach:
Something you know: this is a piece of information that only you would know to log into your system – like your traditional password, pin code or swipe pattern.
Something you have: this is usually a short code sent to a user’s mobile phone or automatically generated by an authentication app installed on the phone. It is only valid for a short amount of time, so much harder to steal or impersonate.
Something you are: biometrics such as face recognition, fingerprints and retinal scans are extremely difficult to attack so criminals reserve their energies with this for only the highest profile individuals. Face ID uses a 3D scanner so it can’t be hacked with a 2D representation of your face and involves sensitivity for checking there’s movement as an added level of security.
Layer up with multi-factor authentication – it’s a small extra step or two for you, that creates a lot of extra hassle for criminals.
For more helpful cybersecurity advice, follow Mitigo on LinkedIn, or head to their blog.
5 Ways To Make Your Passwords Stronger
This week APCC’s Affiliate for Cyber Risk Management, Mitigo, are focussing on passwords. Perhaps it goes without saying, but the stronger your passwords, the better protected your system will be.
The graphic shows five ways you can make yours better. It is good practice to change your passwords regularly – either when prompted by the system, or if you’re even a slightly unsure if the account has been compromised.
If you can’t remember when you last changed your password, it’s probably time for a new one – why not change a couple of them now while you’re thinking about it?
For more helpful cybersecurity advice, follow Mitigo on LinkedIn, or head to their blog.
How to Recognise Phishing
The most used method of exploitation performed by criminals is done via phishing campaigns. This week, APCC’s Affiliate for Cyber Risk Management, Mitigo, are sharing a round-up of your main red flags if you do receive a phish:
- If the email seems too good to be true or seems suspicious – it probably is. Trust your intuition.
- Criminals will often add a sense of urgency to their phishing campaigns – the language will push for you to react quickly before deadline.
- The email will be requesting money or sensitive information such as credentials – official sources will never ask you to supply these via email so don’t give them out.
- Criminals pretend to be an authority figure or reputable company to gain your trust. Hint: don’t trust them.
- Poor grammar or spelling may be the most obvious red flag – if it’s badly written, it’s bad news.
- Suspicious links or attachments may be included. Don’t click – you can see what the real website is by hovering over the URL, and don’t open any attachments unless you are absolutely sure they are legitimate.
- The email address used is public domain or misspelt – an official source would never have a normal gmail account associated, and double check that it’s not from something like “Microsuft” instead of Microsoft.
- Whilst you’re looking at the email address, does it match the sender’s name or the company they’re purporting to be from? If not, you’ve probably caught a phish.
- The final red flag would be threatening language – aka “Do this or else”. No reputable company would speak to their customers like this – if your back’s up, it’s probably for good reason.
If you’re still not sure, it’s best to verify independently of the original source – so if you’ve got an email, give the person or company a phone call to see if they did send the message. Use the number from their official website, rather than any included in the message.
Never respond or react to the phish – just ignore it and delete it.
For more helpful cybersecurity advice, follow Mitigo on LinkedIn, or head to their blog.