Diverse storage mediums such as computer and cell phone

For users who do not have a technical background IT security topics are often hard to grasp. It does not take too much, however, to protect your own IT systems from cyber criminals. Here you will find 5 basic tips for more IT security that anyone can take!

IT security – more than just technology

IT security encompasses all measures that have to be taken to protect information and communication technology from cyber criminals. Crimes in the area of IT and telecommunications are, however, far more abstract and less accessible to people not familiar with the cyber world. But – cyber criminals actually tend to use methods from the “real” world, as well – manipulation and burglaries are on their agenda. To counteract these attempts, the German Federal Ministry of the Interior (BMI) recommends two things in their cyber security strategy: “Besides a robust infrastructure, i.e. the network, hardware and software, it should be our goal that everyone acts securely and autonomously in the digitized world.” Citizens have to be in a position to understand, evaluate and align their behavior to the use of information technology. IT security is more than just technology, but also involves the human ability to interact with it. How can this look like?

Human factor – Why are people so important when it comes to IT security?

Technical protection such as a good firewall is vital. It is, however, far easier for cyber criminals to use humans than infrastructure as a gateway. Did you know that 9 out of 10 cyber attacks are targeted at humans? Hackers try to get access to organizations via their victims – to steal secret or sensitive data in most cases. Hackers subsequently sell them or demand ransoms for their release themselves. Such a procedure is based on the principle of social engineering – the active manipulation of humans in computer networks in order to prompt certain actions. In order for the hackers to reach their goal, they consciously use the victim’s emotions such as fear, curiosity or pressure. But not only the psychological tricks are manifold, but also the points of attack. Dr. Niklas Hellemann, Managing Director at SoSafe, evaluates the situation as follows: “The hackers always find new points of attacks – may it be passwords, phishing mails or social media. Between February and March alone the ENISA could detect an increase of phishing mails by 600% – particularly often with contents connected to the coronavirus. Training employees on these user-centered cyber attacks is therefore crucial.”

1. Passwords – how to use them correctly

One of the basic measures to take against hacking attacks is using secure passwords. A lack of control over passwords can have serious consequences – private financial damages, losses for the organizations and identity theft. To minimize the risk you should use strong passwords. Passwords should be randomly generated and contain a number of different signs. Coming up with and memorizing these can be tricky. You can use password managers to support you with creating and managing them.

2. Emails – Spotting suspicious signs

There is a flood of mails that reaches employees’ inboxes everyday: From short notices by colleagues to newsletters and mails sent by the system. No wonder phishing mails are the most popular medium used by hackers – in the large amount of messages they can easily conceal fraud attempts. In any case, you should check the legitimacy of an email with regards to several characteristics: Irregularities in the return address, links and attachments might be a sign of phishing.

3. Clean desk – “Real-world” measures are equally important

When leaving your work place, your computer should always be locked with a password. You should not leave important documents visible and accessible on your desk either – they should be stored in a locker. Should you have very sensitive documents, it is not sufficient to throw them in the bin – you have to take additional precautions. Shredding documents before throwing them away is a must-do.

4. Social media – Data for all: Hackers jump for joy

Hackers use private information from social media – also for attacks in professional contexts in the form of targeted spear phishing attacks. Many employees do not yet know this especially perfidious scam. It is therefore advisable to chose wisely when sharing information. You should also check friend request before accepting them. Messages that refer to a login page often also indicate a phishing attempt.

5. Security incidents – Stepping in fast and determined

You are not sure if there is a security incident? Potential signs are a slowed down computer after installing a program or an unknown error message after clicking on a link. If unsure: Better be safe than sorry! In concrete terms, this means staying calm, disconnecting your computer from the network and contacting the IT department. Reaction time plays significant role. That is why a fast and determined reaction is so important.

Correct behavior in the case of a security incident

Modern awareness training – for a sustainable change of behavior

But how does this knowledge get into the employees’ minds and how can it be transferred to everday actions? Psychology knows different types of learning. The “classic” linear knowledge transfer, meaning reading and memorizing, is common practice – but only has a temporary effect. Learners will have forgotten 75% of the learning contents after only six days. Modern awareness training, therefore, aims at learning routines and thereby minimizes risks more effectively. Dr. Niklas Hellemann explains why SoSafe uses a mix of interactive e-learnings and phishing simulations: “We count on distributed learning in the form of short, bite-sized and interactive modules. Users can work through the contents in only a few minutes. The knowledge is then picked up in other channels as well – for example via a email-based phishing simulation.” Since the sensitization runs for at least a year, the employees are confronted with learning units continuously. This is effective as reduced click rates in phishing simulations show.

Über SoSafe

Die Awareness-Plattform von SoSafe sensibilisiert und schult Mitarbeitende kontinuierlich im Umgang mit dem Thema IT-Sicherheit. Phishing-Simulationen und interaktive E-Learnings bringen den Mitarbeitenden auf effektive und nachhaltige Art und Weise bei, worauf etwa bei der Nutzung von E-Mails, Passwörtern oder sozialen Medien besonders zu achten ist. Das Unternehmen erhält ein anonymes, aber differenziertes Reporting und kann Awareness-Building so messbar machen – vollkommen DSGVO-konform.