blog-hero-background-image
Employee Security Training

Ransomware

backdrop
Table of Contents

Join thousands of professionals and get the latest insight on Compliance & Cybersecurity.


Ransomware is defined as a type of malicious software designed by threat actors to block access to a computer system until a sum of money is paid.

Threat actors include individual hackers, hacker organizations, government entities, and terrorist organizations.Over the last few years, ransomware has become a major cybersecurity threat to companies and people alike.
slider

According to SonicWall, there were around ~600 million ransomware attacks in 2021! One of the prominent cases of ransomware was the attack on Colonial Pipeline in Texas, US which led to a severe crunch in gasoline supply in 18 states in the US.

Given the rapid rise of ransomware, here’s a short explainer of how it works:

  • The threat actor infiltrates network security and looks for systems that are vulnerable or directly exposed to the public internet.
  • Subsequently, the vulnerabilities and the protection level of the system are analyzed to see what type of code would stay undetected and breach the system.
  • Malicious software is installed on the system which stays dormant for a period of time until it gets executed.
  • Upon execution, the malicious software encrypts a large number of files in the system. The owner of the system would not be able to access the files without decrypting the files.
  • Malicious software displays a message on the system stating the ransom required to release the files. The ransom is usually paid in cryptocurrency.
  • The owner of the system pays the ransom to the threat actor and the threat actor sends a decrypting tool to access the files again.

How to Protect Yourself from Ransomware:

Install the latest software and firmware updates
Installing the latest software and firmware updates ensures that there are minimal vulnerabilities and better detection of malicious software.

Back up important data online:
Backing up your data regularly will allow you to revert back to a safe version of the a system without malicious code. However, the limitation of this is that you would not know when the malicious software was installed as it could have stayed dormant for days or months before being executed.

Use modern security solutions that are updated regularly:
Using the latest security solutions vastly increases the likelihood of detecting malicious software which can be blocked from being installed on the system.

In the event you are a ransomware victim, here are a few options to explore:
1. Isolate the affected system and consult experts on the next step
2. Secure existing backups of data and software
3. Change all your passwords linked to that system

What is Ransomware and How Can I Protect Myself against it?
As the name implies, ransomware actually refers to malicious software that is designed to block access to a computer system until the ransom is paid. In a typical ransomware scenario, the attacker demands a form of payment before releasing access to critical software containing valuable information and managing important processes.

Common ransomware attacks include:

  • Sending a phishing email with an attachment and taking over the victim’s computer and demanding a ransom to restore access
  • Exploit security gaps to infect computers without the need to trick users
  • The attacker threatens to publicize the user’s sensitive data unless a ransom is paid

What should you do?
1. Keep your operating system patched and updated
2. Install antivirus software
3. Be very careful about admin privileges and limit that strictly
4. Back up your files
5. Invest in cyber insurance

  • Employee Security Training
Srividhya Karthik

Srividhya Karthik is a seasoned content marketer and the Head of Marketing at Cyber Sierra. With a firm belief in the power of storytelling, she brings years of experience to create engaging narratives that captivate audiences. She also brings valuable insights from her work in the field of cybersecurity and compliance, possessing a deep understanding of the challenges and pain points faced by customers in these domains.

Find out how we can assist you in completing your compliance journey.

blog-hero-background-image
Employee Security Training

Reporting A Data Breach

backdrop
Table of Contents

Join thousands of professionals and get the latest insight on Compliance & Cybersecurity.


Data breaches occur in various manners and the specific definition of a data breach varies from company to company.

Please refer to your Company’s Information Security Policy for details on what the firm defines as a data breach and how to escalate/respond to it. Here, we cover general information about a data breach and steps you can take to report it.
slider

What is a Data Breach?
Conventionally, people think of hackers, who use complex tools to access company systems and extract data, in relation to a breach. However, any unauthorized access to your company’s data may constitute a breach. Some examples include:

  • Employees leaving the company with sensitive information and no prior authorization.
  • A database with personal information of customers being available publicly (with no prior consent of customers)
  • Emailing company or customer information to the wrong party
  • Unauthorized access by cyber threat actors (aka hackers), who exfiltrate data and use it wrongfully with no consent from the company or its customers.

Notice that some breaches relate to company information, while others to personal data. You have an obligation to report both.

How can I report a data breach, and to whom should I report this?
Please note, based on your country of operation, reporting a data breach may be legally mandatory. The best ways to be sure of your responsibilities are to:

  • Refer to the cyber laws of the countries your company has operations in
  • Check with your IT team or your Company’s Data Protection Officer (DPO)
  • Visit the regulatory authority’s – typically Personal Data Protection Commission (PDPC) or its equivalent – website to learn of your responsibilities. Example – A tool like this, from the Singapore Government’s PDPC, is a relevant reference.

Generally, authorities get involved when the personal information of individuals is compromised. The best first step is to escalate any breach internally to your Management, who can then decide on appropriate next steps.

  • Employee Security Training
Srividhya Karthik

Srividhya Karthik is a seasoned content marketer and the Head of Marketing at Cyber Sierra. With a firm belief in the power of storytelling, she brings years of experience to create engaging narratives that captivate audiences. She also brings valuable insights from her work in the field of cybersecurity and compliance, possessing a deep understanding of the challenges and pain points faced by customers in these domains.

Find out how we can assist you in completing your compliance journey.

blog-hero-background-image
Employee Security Training

Safe Browsing Habits: 8 Best Practices to Boost Your Online Security

backdrop
Table of Contents

Join thousands of professionals and get the latest insight on Compliance & Cybersecurity.


In today’s fast-paced workplace, where remote and hybrid models are becoming the norm, we often find ourselves juggling multiple online activities — whether it’s collaborating on projects, attending virtual meetings, or managing sensitive company information. While this connectivity makes our jobs easier, it also opens the door to cyber threats that can jeopardize sensitive company information. 

That’s why cultivating safe browsing habits is essential for every employee. By adopting a few simple yet effective practices, you can protect yourself and your organization from potential security breaches. In this blog post, we’ll explore a few practical tips that will help you navigate the digital landscape securely and confidently.

Why is safe browsing important?

Safe browsing isn’t just something IT tells you to do—it’s a vital part of keeping your organization secure. Safe browsing is crucial for protecting your organization from web-based threats like phishing, malware, and malicious downloads. These threats can compromise your entire network by stealing credentials, infecting devices, or causing data breaches. By prioritizing safe browsing habits, you reduce the risk of exposing sensitive information and maintain the security and integrity of your organization's operations.

So, here’s why safe browsing should be a top priority for you and everyone:

  1. Protecting Sensitive Data: Think about all the confidential information your organization handles. One wrong click on a suspicious link can lead to a data breach, exposing sensitive client details and proprietary business information.

  2. Preventing Malware Infections: Malicious websites and downloads can introduce malware into the systems. This can disrupt operations, lead to financial losses, and compromise the integrity of our data.

  3. Maintaining Network Security: Unsafe browsing practices can lead to unauthorized access to the network. Cybercriminals often use compromised employee accounts as a gateway to infiltrate systems, leading to potential security breaches.

  4. Upholding the Organization’s Reputation: A single security incident can damage an organization’s reputation. Clients and partners trust the organization to protect their data, and a breach can erode that trust, impacting business relationships.

  5. Compliance with Regulations: In many industries, stringent data protection regulations must be followed to keep data safe. For example, the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States set high standards for data security. When we practice safe browsing, we help ensure our organization complies with these laws. This allows your organization to avoid hefty fines and steer clear of legal troubles, ensuring that its operations run smoothly and its reputation remains intact.

8 Best Practices to Boost Your Online Security

To ensure a safe, privacy-preserving internet experience, there are a few best practices that we can keep in mind as listed below:

1. Update Your Browser’s Privacy and Security Settings:

Your browser acts as your digital gatekeeper. Most modern browsers offer privacy and security settings to manage your browsing data, enable safe browsing practices, and handle security keys. Regularly review and update these settings to ensure you’re always protected against evolving threats.

For example, if you’re using Chrome, open Chrome and click the three dots. Go to Settings > Privacy and security > Security. Click on Go To Safety Check  and check Safe Browsing level and refresh the browser to apply the changes. Similarly, you can adjust these settings in your respective browsers, such as Firefox or Edge, to enhance your overall browsing security.

2. Block Pop-Ups:

Pop-ups can lead to malicious sites or prompt unwanted downloads. They might also collect your data or compromise your security. Use your browser’s built-in settings to block pop-ups by default, reducing your exposure to these risks and enhancing your browsing safety.

If you’re using Chrome, click the three dots, go to Settings > Privacy and security > Site settings > Pop-ups and redirects. Set it to Blocked to prevent pop-ups from appearing or Don’t allow sites to send pop ups. Similarly, adjust pop-up settings in other browsers like Firefox or Edge to maintain a secure browsing experience.

3. Avoid Suspicious Websites:

Be vigilant when visiting websites, especially those lacking HTTPS or showing expired SSL certificates. Modern browsers often alert you to potentially dangerous sites, but it's wise to remain cautious and trust your instincts when encountering unfamiliar or dubious sites.

If you see a website with a warning message like “Not Secure” or a red padlock icon, it’s best to avoid entering any personal information. In Chrome, you can check for HTTPS by looking for a padlock icon next to the URL in the address bar. Similarly, apply this practice across other browsers to ensure you’re navigating safely.

4. Be Cautious with Downloads:

Only download files and software from reputable sources. Before opening any downloaded files, scan them for viruses to avoid malware infections. If a file or download seems suspicious or too good to be true, it's best to avoid it to protect your system.

5. Use an Ad Blocker:

Malicious advertisements can be a vector for malware. An ad blocker helps you avoid intrusive ads and prevents malicious content from reaching your device. This tool enhances your privacy and security by filtering out potentially harmful ads. You can install an ad blocker extension in your browser to automatically block unwanted ads and reduce your risk of encountering malware.

6. Disable Browser Password Storage:

While storing passwords in your browser might seem convenient, it poses a security risk. In the event of a breach, your passwords could be compromised. Instead, use a dedicated password manager to securely store and manage your credentials, ensuring better protection for your accounts.

If you’re using Chrome, click the three dots, go to Settings > Autofill > Passwords, and toggle off Offer to save passwords. 

7. Strengthen Your Passwords and Use Two-Factor Authentication (2FA):

Create strong, unique passwords for each of your accounts and enable two-factor authentication where available. This adds an extra layer of security by requiring a second form of verification, making it significantly harder for unauthorized users to access your accounts.

If you’re using Google, go to Google Account > Security > 2-Step Verification, and follow the instructions to set up 2FA. Similarly, check the security settings of your other accounts to enable 2FA.

8. Protect Your Personal Information on Public Wi-Fi: 

Avoid accessing sensitive information or logging into secure accounts while on public Wi-Fi, as these networks can be less secure. If you need to use public Wi-Fi, consider using a Virtual Private Network (VPN) to encrypt your connection and protect your data from potential threats. Always verify that the Wi-Fi network is secure and from a trusted source before connecting.

Final Thoughts

By adopting these safe browsing habits, you play a crucial role in protecting both your personal information and the sensitive data of your organization. Remember, cybersecurity isn't just about complex systems—it's about everyday actions. Stay vigilant, stay informed, and take proactive steps to secure your online activities. Your commitment to safe browsing can make all the difference in keeping our digital environment secure.

FAQs

1. How can safe browsing habits impact my work?

Following safe browsing practices helps protect both personal and organizational data from cyber threats. By being cautious, you can avoid malicious websites and prevent security breaches. This reduces the risk of downtime, data loss, or financial losses caused by cyber incidents. Safe browsing also supports your organizations’ compliance with industry regulations, safeguarding both your personal and the company’s information.

2. What should I do if I encounter a suspicious website or email?

If you come across a suspicious website or email, do not interact with it. Report it to your IT or security team immediately. They can investigate and take appropriate action to protect the company’s systems and data. Always verify the authenticity of any unsolicited or unexpected communications before responding.

3. How can I tell if a website is secure?

Look for "HTTPS" in the URL and a padlock icon in the address bar. If a site has a warning like “Not Secure” or shows "HTTP" alone, avoid entering personal information or sensitive data on that site.

  • Employee Security Training
Gowsika Vadivel

Gowsika is a content marketing specialist at Cyber Sierra, where she leverages her expertise to craft compelling narratives that resonate with audiences. With a passion for unraveling complex topics, she brings a fresh perspective to cybersecurity and compliance, addressing customer challenges with clarity and insight. When not immersed in decoding industry jargon, you'll find her by the seaside, immersed in music and contemplating life's profound mysteries. Trust Gowsika to guide you through the cyber jungles with her serene demeanor and keen intellect!

Find out how we can assist you in completing your compliance journey.

blog-hero-background-image
Employee Security Training

Password Management

backdrop
Table of Contents

Join thousands of professionals and get the latest insight on Compliance & Cybersecurity.


Just like email, passwords are intricately part of our digital experiences. These days, each individual has dozens of services that require password usage.

This ranges from our social media accounts to our financial applications, tools, and services we use at work.Hence, password security and management have become an important part of digital security.
slider

A multi-billion dollar industry is now in place working on effectively and safely managing passwords through companies like LastPass, Dashlane, etc.
Ensure passwords being created and maintained are strong, stored safely, and changed on a periodic basis. Weak passwords being breached either because of poor storage or brute force are a common phenomenon. In fact, the SolarWinds hack from 2020 was partially attributed to a weak password, solarwinds123, being used on an internal system that hackers got access to.
To ensure internal systems being used at the workplace have a safe, strong, and confidential password, organizations should have a password policy in place. A good password policy should cover the following aspects of password management:

What Makes a Good Password:

1. Length of the password:
A good password should ideally be at least 8 characters with different types of characters being used (alphabets, numbers, special characters)

2. Password active duration:
The passwords can be toggled regularly so that the chances of an old password being used across multiple systems reduces, thereby strengthening the security of the systems.

3. Blocklist:
A good password policy can also include a set of weak yet most commonly used passwords as part of the block list. This would ensure that the employees don’t end up getting a weak password making the system potentially vulnerable.

4. Secure Storage:
To store the passwords, it’s advisable to use password managers like LastPass or Dashlane against written passwords on an Excel spreadsheet or post-it notes. In the event of the system being hacked or breached, the passwords stored in dedicated password management systems would still remain safe but passwords stored in plain text in note-making tools are a security risk.

  • Employee Security Training
Srividhya Karthik

Srividhya Karthik is a seasoned content marketer and the Head of Marketing at Cyber Sierra. With a firm belief in the power of storytelling, she brings years of experience to create engaging narratives that captivate audiences. She also brings valuable insights from her work in the field of cybersecurity and compliance, possessing a deep understanding of the challenges and pain points faced by customers in these domains.

Find out how we can assist you in completing your compliance journey.

blog-hero-background-image
Employee Security Training

Sensitive Data Handling

backdrop
Table of Contents

Join thousands of professionals and get the latest insight on Compliance & Cybersecurity.


For clarity on what ‘sensitive data is, refer to your Company’s Information Security policy. It should also stipulate guidelines, specific to your org, on how to handle sensitive data.

Generally, any data that helps identify individuals, their residency, banking, or health information is considered sensitive. Also, information that can risk the competitive advantages or reputation of the organization is sensitive.

As an employee, here are 11 steps you can take to handle sensitive data well, to mitigate the risk of a breach:

  1. Ensure devices have encryption.
  2. Use synthetic data, instead of actual, where possible. This way, any leakage does not risk real people.
  3. When sharing information internally, and especially externally, only pass on what is needed. Remove non-relevant content.
  4. Secure/Wipe the hard drive before disposing of old devices.
  5. Restrict locations to which work files with sensitive information can be saved or copied.
  6. Use application-level encryption to protect the information in your files.
  7. Develop the habit of deleting unnecessary files, which no longer serve your business purpose. Note to check for storage rules in your Company’s information security policies first.
  8. Use Virtual Private Networks (VPNs) when logging in from outside the workplace.
  9. Limit sharing of data externally. If possible, consider using data leakage prevention tools.
  10. Stop using USB drives altogether, or limit the storage of sensitive information on unencrypted devices.
  11. Use separate wifi for Guests/Customers.

As you may notice in the steps above, developing a more proactive, defensive approach to data is most helpful, especially where sensitivities are high.

  • Employee Security Training
Srividhya Karthik

Srividhya Karthik is a seasoned content marketer and the Head of Marketing at Cyber Sierra. With a firm belief in the power of storytelling, she brings years of experience to create engaging narratives that captivate audiences. She also brings valuable insights from her work in the field of cybersecurity and compliance, possessing a deep understanding of the challenges and pain points faced by customers in these domains.

Find out how we can assist you in completing your compliance journey.

toaster icon

Thank you for reaching out to us!

We will get back to you soon.