Christoph Kuhle used the 10-min presentation slot to speak about a number of important cyber security issues that companies and individuals are highly recommended to do. Social engineering attacks, such as phishing, are the most prevalent and dangerous types of cyberattacks since they are deceptive and tricky. According to Verizon’s 2021 Data Breach Investigations Report, 85% of breaches involved the human element. We covered:
- How to carry out staff training
- Considerations on company data – do you know where it is, and how you might know if you have had a breach?
- How to ensure that mobile phone software is up to date
Staff Training can be done in two main ways:
- FREE training available from the National Cyber Security Centre (NCSC). Together, we went through the training that is made available by NCSC. This brought up some useful points for discussion in our open forum.
- Managed staff assessment and training by a Managed Service Provider (MSP) such as Hive Communications offers organisations a far more comprehensive product. This operates as follows:
- All staff would carry out an initial assessment that is reported on to managers/owners
- Staff are sent training in manageable short sessions on an ongoing basis. This does as much as possible to reduce the risk of any hacks or malware breaches by threat actors caused by accidental human interaction.
If any organisation would want to get accreditation such as Cyber Essentials, it is imperative that you know what devices have any of your data (emails, Teams, OneDrive, Sharepoint etc.). If employees have any of these on their mobile phones or personal computers, there is a requirement to know which devices. It is also imperative to know that those devices are on the latest software and that all the software is updated.
Christoph spoke about the ways that the correct licences on Microsoft 365 would allow organisations to be able to block any access to corporate data from any device unless it has been enrolled. By enrolling devices, individuals are not giving away everything that they are doing but the company can check that the devices are on the latest software, and prompt them accordingly.
Christoph recommended that an MSP is the best way to be able to do this, and therefore be able to accurately protect data and be able to get the accreditations such as Cyber Essentials.
Mobile Phone App Software
Christoph showed all those who attended how to find the list of apps on their mobile devices that needed updating, and how to do this. Even when automatic updates are set, they can take some time. Some people had over 69 apps that required updating. We discussed how those apps in the App store are safe to be upgraded, and should be as they so frequently cover important security updates.