Insightful &
Helpful Articles

Here is what we're working on and
thinking at Hedgehog security.

As hacking and data breaches are constantly in the news, we have included some simple ways in which you can protect your business from becoming the next headline. Most CEOs believe that building the level of information security requires a large budget and a lot of time, however the methods given below show there are low to no-cost options available:

Do not click on links in emails that are unsolicited or suspicious.      

In our previous blog post we covered a report that showed 80% of hackers believe humans are the most responsible for data breaches, even more than inadequate security and unpatched software. With this in mind, it is a good idea to train your staff to be wary of emails they open and to always be suspicious of anything that requests you click a link to submit information from yourself or the company.
Common requests include:
Verify your account detailsReset your passwordUpdate your personal informationReview a recently uploaded documentLog in to your account
One particular scam that is related to this is ‘CEO fraud’ in which an email that is intended to trick the recipient into believing they have received an urgent message from their boss. Usually these emails will request the employee pays money into a certain account, opens an attachment or provides certain information that the CEO supposedly needs. In these situations, the best response is to call the phone number you already have for the contact to verify the message you have received.

Don’t fall for fake Windows tech support calls.

Fraudulent tech support calls have been around for quite a while now but continue to deceive users. Calls originating from online con-artists trick victims into believing they are employed by Microsoft and are calling to investigate a malware infiltration. Users are then convinced the ‘Microsoft employee’ requires remote access to their computer’s desktop. Once this is provided, the con artist claims to have found a critical case of malware (usually by installing malicious computer programs) and the victim is then tricked into purchasing and downloading potentially dangerous software. The con artist will continue to extort fees even after the initial purchase is made under the premise that more problems have been found.
You can avoid this issue by keeping in mind that Microsoft doesn't call people about potential malware problems.

Don't overshare on social media.

Social media is an everyday part of life for most people, as is sharing details of everyday life with friends and contacts. However businesses should take care to remind employees of the type of information that should not be shared online such as information about your company’s clients and security process for gaining access to the building (some may want to share a photo of their staff ID badge when first gaining employment). Hackers will use information shared by the company and employees on social media as a way to gain access to data or the company building itself. This information may then be used as part of a social engineering attack in order to pretend the hacker is an employee that requires further information.

Limit the amount of information employees have access to.

One way of preventing a data breach is to limit how many people have access to sensitive information. By doing this you are then limiting the number of people who could potentially leak information to hackers (unintentionally or otherwise). Asking yourself if each employee or department really needs access to certain information can help to narrow down the number of people who have certain privileges. This also reduces the risk of disgruntled employees sharing confidential information or using that information for financial gain.
The points given above are designed to give businesses a starting point in building up their level of cyber security. Through penetration testing, Hedgehog Security can provide you with deep insight into your business’ vulnerabilities and how they can be mitigated to prevent your company becoming the next headline.
Get in touch today to find out more.