Cyber criminals are cracking MI6’s firewall in minutes on TV programmes and film stars download millions of people’s personal data onto a memory stick. Is this reality or fiction?
While many people might think of cyber security like this, the main ways that organisations can be affected by cyber crime are much more mundane. For example, did you know that most data breaches in the University come from people sending information to the wrong email addresses?
*Read our Remember...Information and Cyber Security infographic
That’s why over the last 18-months, our Security Sam campaigns have been running to help colleagues understand and tackle information security risks here at Durham.
To find out what you thought about the campaigns so far, and to learn what you might need from Security Sam in future, the team recently asked colleagues to complete a short survey.
Over 570 people gave their feedback, with results showing an improvement in both awareness and confidence when it comes to dealing with cyber and information security issues compared to the same survey carried out in 2022.
It’s essential for everyone to take responsibility to keep our information and systems safe and sound. Looking at our recent survey results, 98% of respondents agreed that information and cyber security is everyone’s responsibility.
Dialogue caught up with Colin Hopkins, Director (Cyber Security) and Andy Ladd, Head of Information Governance, to find out what their three tops tips are to help us all keep our data and systems safe and secure.
Colin’s top three tips for keeping cyber secure...
1. Pause and reflect before acting on messages
“We all get a lot of messages these days – emails, texts, social media posts, etc. Unfortunately, criminals know this and send us fake messages trying to get us to give away confidential information, make fraudulent payments or install malware on our IT devices.
“Some of these will be pretty easy to spot, but they’re getting increasingly sophisticated. In some cases, they even research individuals and organisations before sending messages so they can include details that make them more convincing. Taking a short pause to reflect on whether it’s something you’d really expect from the sender and whether the details check out, could save you a lot of time and trouble in the long-run. If the sender is trying to convince you something is really urgent, then there’s a good chance it’s a scam.''
If it sounds too good to be true or too bad to be true, then it probably is!
2. Turn on Multi-Factor Authentication (MFA) wherever you can
“We require MFA on a number of University IT services for good reason – it’s a simple and effective way of greatly reducing the risk of IT accounts being compromised.
“Passwords are subject to risks such as being stolen through phishing or malware, or simply being guessed. Adding a second factor to generate a code on your phone, forces an attacker to take a much more complicated route to get into your online accounts.
“Many services offer MFA now, including email providers, social media and shopping sites. It’s worth enabling it wherever you can, especially if the account contains something you really care about, like your credit card details!”
3. Keep your stuff up-to-date
“IT updates might be a bit annoying, but they’re really important to protect your devices and apps. In the past, product updates were mostly about getting the latest functionality, but these days they often include essential fixes for bugs that could leave you exposed. Did you know that Microsoft fixed 150 security flaws across their products in their April 2024 update? Apple pushed out 29 security fixes in March just for their Mac products, with separate releases for other products like iPhone, iPad, Apple Watch, TV and software like Safari. Google similarly fixed 28 Android vulnerabilities in April.
“Product manufacturers and developers have got much better at finding and fixing security flaws, so make sure you take advantage of that by installing updates when they’re available. While it may be tempting to keep postponing that update, it could cost you a lot more time in the long run.”
Andy’s top three tips for keeping our data safe...
1. Be up-to-date with your required learning
“We all have a responsibility to protect our information.
“Make sure you have completed your required learning so you’re familiar with best practice and the common threats to our information. Please also check out our latest guidance - Information and Cyber Security.“
2. Share with care
“Be careful when sending emails as our most common data breach is personal data being shared with the wrong recipient.
“Make sure you know how to report a data breach or near miss as the more we hear about incidents, the better we get at preventing them in the future.“
3. Look after those records
“Think about who needs access to your information and store it in the appropriate University system.
“Our Storage Options Tool can help you decide what repository to use. Our new Information Classification and Handling Standard will guide you in how to handle information in-line with its sensitivity.”
For more details about all our previous information and cyber security campaigns, visit the Security Sam intranet pages.