ISO 27001 certification is aimed at creating and establishing processes for safeguarding information from unauthorised access, use, destruction, modification or disclosure. Information security is an essential component to the successful operation of any organisation regardless of your size or industry. Your business will deal with sensitive information of some sort be it employee or client details, financial information or even patents and other items of intellectual property. Here are four easy to implement tips on how to protect your sensitive information from falling into the wrong hands.
Tip one: Know how to spot a fake email
This one may seem a little email 101 to most of us, but it’s one that can be easy to disregard. Fake emails often contain malicious attachments and web links that can contain spam or phishing content. Ensuring that all your staff are aware of the traits of a fake email and how to spot them is an essential first step to ensuring that your organisation isn’t caught out. Some things to keep an eye out for are;
- Calls for action – terms like ACT NOW or IMMEDIATE ACTION required are often seeking to confuse the reader
- Incorrect spelling or Grammar
- Be wary of giving out personal information
Tip Two: Keep your passwords close
Out of date software also makes your IT systems susceptible to malware attacks which can be a crippling occurrence to any business big or small. Software updates often contain security patches to fend against evolving viruses and address issues within the past software.
Tip Three: Pay close attention when both sending and receiving invoices
The New Zealand construction industry was recently the victim of invoice fraud. Hackers were able to gain access to the email invoices from a NZ construction company and were able to reissue the invoices with fraudulent bank details. This resulted in customers paying over $100,000 into a false account. Read the full story here.
Be aware of changes to invoicing details and always seek to confirm these changes either in person if possible or over the phone with an established contact within the organisation. Care also needs to be taken when sending invoices – make sure your invoice details are correct and that invoices are being sent to the correct persons.