There are many information
security threats that we need to be constantly aware of and protected against
in order to ensure our sensitive information remains secure. This document
details different information security threats that are commonly found, together
with some preventative measures that can be taken.
Unauthorized Access –
Enter at your own risk:
The attempted or successful
access of information or systems, wihtout permission or rights to do so.
Ensure
you have a properly configured firewall, up to date malware prevention software
and all software has the latest security updates.
Protect
all sensitive information, utilizing encryption where appropriate, and use
strong passwords that are changed regularly.
Social
Engineering – Go find some other mug:
Tricking
and manipulating others by phone, email, online or in-person, into divulging
sensitive information, in order to access company information or system.
Verify
all requests for sensitive information, no matter how legitimate they may seem,
and never share your passwords with anyone – not even the IT Service Desk.
Never
share sensitive information if in doubt, and report suspected social
engineering attempts immediately.
Cyber Espionage – Hey, gets
off my network!
The act of spying through the
use of computers, involving the covert access or “hacking” of company networks
to obatin sensitive information.
Be
alert for social engineering attempts and verify all requests for sensitive
information.
Ensure
software has the latest security updates, your network is secure and monitor
for unusual network behavior.
Malware – you Installed what?!
A collective term for malicious
software, such as virus, worms and trojans; designed to infiltrate
systems and information for criminal, commercial or destructive purposes.
A collective
term for mailicious software, such as viruses, worms and trojans; designed to
infiltrate system and information for criminal, commercial or destructibe
purposes.
Ensure
you have a properly configured firewall, upto date malware prevention and all
software has the latest security updates’
Do
not click links or open attachments in emails from unknown senders, visit
un-trusted websites or install dubious software.
Data
Leakage – I seek what you leak
The
international or accidental loss, theft or exposure of sensitive company or
personal information.
Ensure
all sensitive information stored on removeable storage media, mobile devices or
laptops is encrypted.
Be
mindful of what you post online, check email recipients before pressing send,
and never email sensitive company information to personal email accoutns.
Mobile Device Attack –
Lost, but not forgotten:
The malicious attack on, or unauthorized access of,
mobile devices and the information stored or processed by them; performed
wirelessly or through physical possession.
Keep
devices with you at all times, encrypt all sensitive data and removable storage
media, and use strong passwords.
Aviod
connecting to insecure, un-trusted public wireless networks and ensures
Bluetooth is in ‘undiscoverable’ mode.
Insiders – I see bad
people
An employee or worker with
malicious intent to steal sensitive company information, commit fraud or cause
damage to company system or information.
Ensure
access to senstive information is restricted to only those that need it and
revoke access when no longer required.
Report
all supicious activity or workes immediately to the IT service Desk.
Phishing – Think before
you link
A form of social engineering,
involving the sending of legitimate looking emails aimed at fraudulently
extracting sensitive information from recipients, usually to gain access to
system or for identity theft.
Look
out for emails containing unexpected or unsolicited request for sensitive
informations, or contextually relevant emails from unknown senders.
Never
click on suspicious looking links within emails, and report all suspected
phishing attempts immediately.
System Compromise – Only the
Strong survive
A system that has been
attacked and taken over by malicious individuals or ‘hackers’ usually through
the exploitation of one or more vulnerabilities, and then often used for
attacking other system.
Plug
vulnerable holes by ensuring software has the latest security updates and any
internally developed software is adequately security reviewed.
Ensure
system are hardened and configured securely, and regularly scan them for
vulerabilities.
Spam – Email someone else
Unsolicited email sent in
bulk to many individuals, usually for commercial gain, but increasingly for spreading
malware.
Only
give your email to those you trust and never post your address online for
others to view.
Use
a spam filter and never reply to spam emails or click links within them.
Denial of Service – Are you
still here?
An international or uniternational
attack on a system and the information stored on it, rendering the system
unavailable and inaccessible yo autorized users.
Securely
configure and harden all networks and network equipment against known DoS attacks.
Monitor
networks through logreviews and the use of instruction dectection or prevention
system.
Identity Theft – you will
neve be me
The theft of an unknowing
individual’s personal information, in order to fraudlently assume that
individual’s identity to commit a crime, usually for financial gain.
Never
provide personal information to un-trusted indivicuals or websites.
Ensure
personal information is protected when stored and securely dusposed of when no
longer needed.