certification is aimed at creating and establishing processes to safeguarding information from unauthorised access, use, destruction,
modification or disclosure. Information security is an essential component to
the successful operation of any organisation regardless of your size or
industry. Your business will deal with sensitive information of some sort be it
employee or client details, financial information or even patents and other
items of intellectual property. Here
are four easy to implement tips on how to protect your sensitive information
from falling into the wrong hands.
Tip one: Know how to spot a fake email
This one may seem a
little email 101 to most of us, but it’s one that can be easy to disregard.
Fake emails often contain malicious attachments and web links that can contain
spam or phishing content. Ensuring that all your staff are aware of the traits
of a fake email and how to spot them is an essential first step to ensuring
that your organisation isn’t caught out. Some things to keep an eye out for
- Calls for action – terms like ACT NOW or
IMMEDIATE ACTION required are often seeking to confuse the reader
- Incorrect spelling or Grammar
- Be wary of giving out personal information
Tip Two: Keep your passwords close
Many people tend to
use the same or similar passwords for multiple accounts, therefore if your
password is compromised once there is a good chance other sensitive accounts
could be compromised as well. Make sure your password isn’t common such as
‘password’ or ‘12345’. Maintaining good password hygiene and ensuring you
aren’t sharing your passwords with others is a good place to start.
Tip Three: Keep your software up to date
Out of date software
also makes your IT systems susceptible to malware attacks which can be a
crippling occurrence to any business big or small. Software updates often
contain security patches to fend against evolving viruses and address issues
within the past software.
Tip Four: Pay close attention when both sending and receiving invoices.
The New Zealand construction industry was recently the victim of invoice fraud. Hackers were able to gain access to the email invoices from an NZ construction company and were able to reissue the invoices with fraudulent bank details. This resulted in customers paying over $100,000 into a false account. Read the full story here.
Be aware of changes to invoicing details and always seek to confirm these changes either in person if possible or over the phone with an established contact within the organisation. Care also needs to be taken when sending invoices – make sure your invoice details are correct and that invoices are being sent to the correct persons.
Thinking about how ISO 27001 can impact your business? Contact us for a quick quote and answers to all your questions.