Top 5 Ways To Avoid Phishing Emails

Five top ways to prevent phishing attacks

Cyber attacks are on the increase, and it is vital to protect yourself and your business against the rising security threats. For most companies, the employees are the weakest security link, leaving the company open to potential attacks and breaches. Over 90% of cyber attacks start with a phishing email, and recent studies suggest that the fastest growing security threat to businesses is no longer malware but impersonation email attacks.

The reason employees are often the weakest link in your security is due to human error, and cyber attackers have learnt it is easier to trick someone into revealing secure information such as logins and passwords, rather than trying to exploit a secure system. The number of impersonation email attacks sent has increased by 50% quarter-over-quarter compared with malware and harmful files being sent rising by 15%. This means your business is seven times more likely to be subject to an impersonation email attack than a malware attack.

The figures are staggering, and even still there are thousands of companies out there who are not doing everything they can to protect themselves against phishing emails. The most common type of phishing emails is spear phishing; a highly targeted scam email that is sent to a business or individual. If the cybercriminal does enough research into an individual or business, spear phishing can be very effective, and research has shown that 97% of individuals can be tricked by a spear phishing email attack. Here are some of the top 5 ways to avoid phishing emails and protect your business.

Invest In Your Systems

One of the best ways to protect your business from phishing emails is to prevent them from getting through to your employees in the first place. There are many technological approaches to avoid phishing attacks, such as powerful filters and protection systems. Implementing a smart security system can help to identify phishing emails and block them from being received by your employees.

This is a great place to start when it comes to avoiding phishing emails, but even the best technology can’t detect every single phishing email. There will always be some that slip through the filters, so it is vital to have other precautions in place as well.

Educate Your Employees

As personnel are often the biggest downfall for a company’s security, it is essential that they are provided with appropriate training and knowledge to protect themselves against phishing emails. While many phishing emails are poorly written and easy to detect, there are often highly sophisticated attacks that are much more difficult to spot.

To properly protect your business against phishing emails you should develop an effective security education programme to raise awareness among staff of the growing cyber threats.

Go Phishing

One very effective method to identify the weak links in your security and determine where further training is required is to send phishing emails to your employees. Craft an email based on the kind of ones that your employees do receive and then measure for these main four metrics: clicking on the link, opening attachments, reporting the email and response time.

After the ‘attack’, discuss the results of the tests with your employees; it is usually best to keep results anonymous or break them down by department or team to avoid employees feeling like they are being individually called out. Your goal with this exercise should be to raise awareness and educate your employees, not to embarrass them.

Develop A Strict Protocol

Ensure you have a strict and well thought out protocol in place for phishing attacks. Encourage all employees to report all attacks or potential attacks immediately so that they can be dealt with effectively and quickly.

Make it clear that every employee can ask for help if they think they might have been a victim of a phishing email attack and be sure never to punish staff if they do get caught out; it will only discourage your employees from reporting the attacks in future. Once an attack has been reported, take steps to scan the affected devices for malware and change all passwords as soon as possible.

Review Your Digital Footprint

Cybercriminals will use information that is publicly available about your business and employees to make phishing emails more convincing. This information can be found on your website and social media accounts and is known as your digital footprint. Carefully consider what information is necessary for your website visitors and what could be used by potential attackers.

It is also vital to offer support and training to your employees on how to best manage their digital footprint; you should not expect them to remove themselves from the internet entirely but help them understand what information isn’t necessary to share.

Increase your phishing protection with Cyan Solutions

At Cyan Solutions we can develop robust IT security to reduce the risk and prevent cyber attacks. If you would like friendly advice on how to increase your IT security, talk to our experts now.

Key Technology Trends Impacting the Energy Sector

The energy sector has been evolving rapidly in recent years thanks to new and upcoming technologies. 2018 is looking to be a milestone year for the energy industry, with the introduction of many new technology trends that are set to be revolutionary in the sector.

The rise of digital has affected many businesses over the years, and the electricity industry is no exception. With everything from artificial intelligence through to increased technological demands in the home, there are a number of technology trends set to impact the energy sector over the coming months and years.

Growing Cybercrime Threat

Cyber-attacks are increasing in every industry across the globe, and the energy sector is no different. Earlier this year the United States Department of Energy announced it was planning on setting up its own Office of Cybersecurity, Energy Security and Emergency Response to tackle the upcoming security challenges. There is also evidence that hackers have been targeting the energy and nuclear facilities for the last couple of years.

Cybersecurity concerns are one of the most pressing issues within the energy sector, and as companies introduce more complex technology systems, the risk and potential for an attack are increased. Many utilities are upgrading systems to provide a higher level of grid intelligence and better communication with customers devices, opening themselves up to more potential security threats.

The Rise in Artificial Intelligence

Artificial Intelligence (AI) has evolved rapidly in recent years and provided the energy sector with a variety of new capabilities such as machine learning, cognitive analytics, deep learning and robotics process automation. These advances in technology have led to powerful systems that can automate increasingly complex workloads and develop cognitive agents that can simulate human thinking and engagement.

AI can be used in the energy sector to streamline, automate and eliminate processes within customer interactions, taking customer experience to the next level. As well as customer service benefits, AI can also be an excellent tool for customer engagement by giving companies the ability to compute a customer’s smart metre data to develop invaluable insights into their consumption habits.

Blockchain

Blockchain has been on the cards for quite some time and is slowly growing in popularity across a variety of industries. While it is currently limited within the energy sector, the potential of this technology should definitely not be ruled out, in fact, it may end up being invaluable in the industry in coming years.

Blockchain offers a permanent and transparent solution that is entirely digital making it really easy to work with. Within the energy sector, blockchain could potentially be used for easily recording transactions and contacts in a transparent and searchable form. The energy sector involves a considerable amount of customer paperwork and blockchain could provide some significant operational benefits such as easily locating records, detecting fraud and clarifying bill disputes.

3D Printing and Smart Materials

In recent years there have been significant steps forward in 3D printing, particularly with print metals becoming significantly cheaper. This will likely be used widely in the energy sector for the creation and maintaining of equipment and systems.

An increased use of smart materials would also have a significant impact on the energy market, and the use of materials that can self-heal could potentially change the industry altogether.

Digital Transformation in Homes

It is no surprise that there is an increased demand for energy in homes across the world. With technology coming on in leaps and bounds in recent years, the amount of electricity being consumed today is very different from that of a few years ago. The introduction of smart technologies such as smart lightbulbs and smart metres has transformed the way consumers use their energy within their homes, and this is only set to become more complex and readily available in the coming years.

The uptake of smart energy products by consumers has been relatively minimal so far, and according to recent research, 72% of people are unlikely to introduce any form of smart home technology in the next five years. However, the individuals who already make use of smart devices have noticed a significant impact on the day to day running of their homes. Many believe the uptake has been slow as consumers are still sceptical of smart energy products, but the market is expected to accelerate rapidly once the popularity of the technology increases.

The energy sector is set for a rapid transformation for the rest of 2018 and the following years, and those within the industry should be preparing themselves or the upcoming changes and opportunities that these technology trends are sure to bring. Not embracing these new technologies will leave your business at risk of being left behind the curve. At Cyan we have experience of providing transformational technology infrastructures for growing businesses the energy sector. Talk to us today to see how we can help your business.

The Dos And Don’ts Around Consent For GDPR Compliance 

When it comes to General Data Protection Regulation (GDPR), the new rules for compliance are creating many drastic changes in the way businesses operate, particularly when it comes to collecting, managing and storing data of customers and potential business interests.  

Undeniably, GDPR is setting a higher standard in data protection. However, some of the information in the EU regulation can be confusing. In fact, some firms are left wholly baffled in regard to what their organisation needs to do. Furthermore, many myths are circulating the new regulation which is adding to the difficulty in becoming compliant.  

One of the aspects that is causing problems is the regulations surrounding consent. To help your organisation to gain consent and collect data in a lawful and compliant way, read on for our top tips on how your business should handle consent for GDPR compliance success.  

Top tips for GDPR compliant consent 

Do offer individuals a choice 

One of the primary areas of focus of GDPR is to give back data control to individuals, so that they can decide who has and uses their data. Your consent should be clear and concise. You need to show consumers that they have control as to whether they consent to your terms and conditions regarding their data.  

The benefit of providing individuals with a choice does not just ensure your organisation achieves GDPR compliance. Giving your customers control can help to establish your business reputation. Your explicit consent methods will build trust, engagement and honesty which can enhance your reputation and improve customer satisfaction.  

Don’t have pre-ticked opt-in boxes 

Having pre-ticked boxes is no longer an acceptable way to gain consent under the new GDPR rules. GDPR requires consent to be affirmative, and individuals must be able to access an easy way to exercise their right to withdraw consent. By having pre-ticked boxes, you do not allow customers the opportunity to give their consent actively.  

Another consideration is that consent must be explicit and easy to understand. You can still use a box for the customer to opt-in to provide their permission, but you should remove any advanced ticking. The customer should be the one to decide on their data sharing based on an action they complete themselves.  

Do make sure data processing is lawful 

In some circumstances, you do not need to gain consent to comply with the GDPR regulation. For some businesses, consent may not be a viable option. However, GDPR will allow exceptions for approval, providing they have a legal basis. For example, consent is not required for these lawful circumstances; 

  • Data processing is necessary for public interest 
  • An official authority has a vested interest in data processing 
  • Data processing is needed to comply with a legal obligation 
  • To fulfil a contract with the subject, data handling is vital 
  • Processing data can protect the interests of the individual.  
  • Data processing is needed for legitimate reasons by a controller or third-party. In this case, the rights of freedom of the subject are overridden.  

Don’t wait to change your consent process  

The fines for non-compliance can be devastating for a business. If a company does not comply with the GDPR regulation, firms may be hit with a £17 million penalty or a fine that is equal to 4% of the annual turnover. While this can severely impact a business, avoiding fines should not be your sole driver for maintaining compliance.  

A business should strive for compliance to show their professionality, trust and honesty. A firm that is committed to legal compliance will prove to customers their transparent policy and focus on following the best practice in the industry. The sooner your business can assure compliance, the sooner you can focus your organisation on further improvements to help your customers.  

Achieve GDPR compliance with Cyan Solutions 

At Cyan Solutions, our team are well-versed in the new GDPR regulations. If your business is struggling to separate the facts from fiction regarding the new rules, then Cyan Solutions can help. Working together with your organisation to understand your data collecting and processing requirements, Cyan Solutions can advise with creating a good governance approach to help make sure your business plans for GDPR compliance, and maintains industry best practice approaches. 

Our team are available to help, and with the deadline ticking closer, it is vital to act now. Get in touch with our friendly team of experts by calling 02392 333 365 or emailing [email protected] and start your GDPR compliance journey today.

What You Need To Know About GDPR: 6 Key Principles

What is GDPR?

Formulated over a total of four years, the General Data Protection Regulation (GDPR) has been developed in order to monitor and regulate the new ways that consumer data is used in an ever technologically advancing world. Replacing the 1995 EU Data Protection Directive, it is designed to implement the stricter regulation, as well as hefty fines of non-compliance and breach of data, and give consumers more control on how their data is stored and distributed by companies.

Principle One: Compliance and company-customer honesty

Any data shared with a company by a customer is still lawfully owned by the customer. GDPR is designed to help customers sharing data stay in-the-know about what happens with their data and offers the ability to review it. For businesses, the processing they describe must match what they have outlined as their objective. Stricter monitoring of this means that any organisations breaching contracts between themselves, customers and the EU regulators will face higher fines and harsher repercussions.

Principle Two: Purpose limitations

The initiation date in May 2018 brings in new rules in relation to the reasoning for obtaining data. Outlined in the official document, personal data may only be collected for ‘specified, explicit and legitimate purposes’. This means that customers consenting to a company holding their data cannot have their data used for marketing, consumer research or third-party distribution. Removing the clauses allowing organisations to use the submitted data in deceiving ways allows for a higher level of privacy and control over what is happening with your personal information.

Principle Three: Relevance

Where a customer would once supply a considerable variation of their personal information to allow businesses to have full records, the new legislation controls companies from obtaining any data that they do not explicitly need. Anything not relevant to the process the data is required for must either never be obtained, or removed to ensure it complies right from the beginning of the legislation.

Principle Four: Accuracy

If a company intends or requires holding customers information for a considerable length of time, they now must ensure that not only does it meet a 100% accuracy rate, but also that it is regularly updated to make sure it is up to date. Periodically checking the accuracy of the data is a secondary way to ensure that what is being stored is still relevant and required for the practice in motion. Developing a successful method for managing and storing data also assists in consumer protection against identity theft.

Principle Five: Limitations

Ensuring that identification of data subjects is monitored and regulated allows for businesses to regularly review the need for specific data. Applying company based compliance settings on how long a consumers data can be obtained without regular review or use is a sure-safe way to ensure GDPR is always being applied and avoiding stern charges and repercussions. Also, checking the finality of deleted data is a safe way to protect a company from any negative consequences, as well as protecting the customer from the dangerous distribution of their information or identity theft.

Principle Six: Security

While a business may be maintaining strenuous legislations about the removal and relevance of consumer data, it is important to remember the importance of an air-tight security management system. Security is essential to ensure third parties cannot enter the system and obtain information that a company could be held liable for distributing. Employee confidentiality, two-step computer systems are locked, and remote storage are just three of the ways as a business you can ensure the protection of a consumers data, and your own licences.

Think about your clients

Consumers will be aware of the implications of GDPR and will know what to look for when assessing your business. It is worthwhile considering the customers perspective to make sure your GDPR system is compliant in their eyes.

Consumer safety measures include;

• Terms and Conditions – Does your business make your terms and conditions as well as data opt-in readily available?

• Requesting deletion – How will your business handle requests and cater to customer needs. What is the timescale for removal and how can errors be avoided in this situation?

• Rights – Customers may ask for clarification on your policy to ensure you are a trustworthy business. Can your organisation provide the knowledge and peace of mind that the customer is looking for?

If you need help addressing any GDPR concerns, then get in touch with the IT Solution experts at Cyan Solutions. The team can help you to implement the necessary GDPR measures to ensure your business remains competitive, successful and compliant.