The world moves fast these days. We’re connected, virtualised and digitally-primed, but while the benefits are clear, there are downsides too. Cybercrime is rife thanks to the technology that underpins our lives, and no one is immune to the harm it can cause.
At CGI, we empower our clients with robust, advanced cybersecurity solutions that protect and support their businesses. Our cybersecurity team is world-class and deeply passionate about their roles, and they’re always committed to doing what’s best for our customers.
The dedication of CGI’s employees is fuelled by our unique ownership culture. Our teams aren’t ‘employees’, they’re ‘members’ of the company who own shares and a stake in our success. That means our company’s success is their success too, and this ownership mentality is woven into every aspect of how they’re managed and how they work.
With Cybersecurity Awareness Month upon us, we asked the team for some timely advice on how we can all avoid and mitigate cybersecurity risks to both ourselves and our employers, especially in an age where remote or hybrid working has become the norm.
With the increased dependence on technology as people work from home, what advice do you have for security best practices and cyber hygiene?
It’s important to ensure that you adhere to company security policies and procedures while working from home. At CGI, we continue to follow the clear desk policy, lock our workstation when away from the screen and store and destroy documents as per the classification requirements.
We also remain vigilant about ensuring our CGI laptops continue to receive security updates and required security patches. Laptops must be connected to the CGI network at least once every 30 days, rebooted every couple of weeks and have patches regularly installed to remain compliant.
Our approach to our day-to-day work should encompass security vigilance regardless of the location we are working from - whether that be from the office, at a client site, whilst travelling or when working from home.
Our home laptops have anti-virus, etc. installed to minimise breaches for personal accounts and to minimise attacks that move laterally across to work devices connecting from home.
It is also important to ensure we separate work from non-work functions (including data, etc.) in a cyber sense – that is, how we manage our corporate logins, accounts and so on, versus our personal ones. The passwords I use for my corporate and personal accounts are different so that if there is a breach on a social media site for example, the attackers can’t try and use the same password to attempt access to my work accounts.
I also specify my personal email address for any non-work related memberships, social media accounts, etc.
Cyber hygiene is about training yourself to think proactively about your cybersecurity — as you do with your daily personal hygiene — to resist cyber threats and online security issues. The increased work from home culture has exposed a wider threat landscape, as end users are outside the control of the corporate network protected by corporate policies. There are a couple of things that you can use as best practice in order to minimise the threat index such as:
With people now working from home, they have increased the time in which they share the home network with the rest of the family. When sharing a home network, an infected machine has the opportunity to attempt to breach other devices on the same network. Some recommendations to avoid this are:
There is a lot a user can do to secure their home network. I could almost write a book on best practices for this. The common ones are; making sure all of your devices such as phones, routers, PCs, printers, TVs and IOT (smart devices) have the latest firmware/software updates and are running good antivirus software; where possible, turning on automatic updates for everything and have them set to install out of hours to minimise disruption; changing the default passwords for these devices, as these are easy target for attackers.
I also strongly suggest using a password manager. And don’t use the same password for all of your accounts either. If you do, and someone guesses one of your passwords, they will have access to all of your accounts – at worst, they can use this information to steal your identity. Another line of defence is turning on multi-factor authentication, which adds another line of defence against attackers.
Speaking of identity, never throw out any documents with your details in plain view, such as bank statements or bills. I would invest in a shredder and shred these documents before discarding them.
We live in the 21st century where our personal life and work lives have converged. We use our personal devices for work-related activities, and because of that, we have each created one digital profile - something malicious actors can and do exploit.
As organisations mature their security controls and increase their security posture, malicious actors are targeting individuals and families as a pathway to infiltrating organisations. Additionally, due to COVID, where we are all balancing work-life and home-schooling, we’re even more dependent on digital services and internal. With this in mind, there is good advice available via the Australian Cyber Security Centre and eSafety department on protecting children and families from cyber-bullying and cyber-attack. This can be found here:
No organisation, or person, is safe from attempted cyber-attacks, so it is incumbent on every individual to stay mindful of possible threats at all times. By following our advice, you’ll give yourself the best possible chance of avoiding the destruction that a cyber-breach can cause. Don’t wait until it happens to you!
If you’re interested in finding out more about how our security team helps clients and the work you could be involved with, head to our cybersecurity careers page.