Making cyber attacks on executives more difficult

The management level, i.e. the entire C-level of a company, is particularly in the focus of cyber attacks. There are several reasons for this: Due to their function and area of responsibility, managers have more sensitive information than "normal" employees. With regard to security aspects, it is particularly problematic that "special rules" with privileges often apply to the management level; for example, IT security guidelines and standards are relaxed in order to simplify login. Managers are also often less technically adept and have to process a large amount of information under time pressure - so they are also unable to critically scrutinize every e-mail they receive.

NTT Security (Switzerland) recommends six simple measures to avert danger.

1. Careful management of social media accounts

Today, it is inevitable to be visible on social channels, but it requires careful management of accounts and a social media strategy. This is because the data available on social platforms is often used by cyber criminals for so-called phishing attacks to gain access to personal or company data. The general rule is therefore to share as little personal information as possible, to prevent so-called "tagging" on pictures and not to post private pictures.

2. Avoidance of public and free networks

Attackers often use networks in train stations, airports, hotels or cafés to gain access to the mobile devices of unsuspecting users via so-called "fake access points". The use of public networks should therefore be avoided. It is also advisable not to make phone calls with sensitive information in public areas.

3. Securing the home network

Poorly secured home networks are a classic gateway for targeted attacks. The same security measures should therefore be taken in them as are standard in the corporate network.

4. Sensitization of the secretariat

Fake calls, for example, as a supposed help desk employee in order to obtain information or obtain passwords, are still common. Consequently, a manager's secretariat must also be explicitly trained with regard to social engineering dangers.

5. Restrictive opening of emails

In targeted attacks, deceptively genuine mails are created by "friends", the association or employees to entice the manager to open a file or click on a link. A manager should therefore never open an e-mail that he or she is not expecting. Furthermore, under no circumstances should a file be opened or a link used without the source being validated.

6. Securing passwords

Last but not least, password protection and security are of crucial importance. For the administration of passwords, the use of a password manager is recommended in any case. With this, individual and complex passwords can be created for each login. If the password for a website is discovered, only this one login is affected and an attacker cannot use this password to log on to other websites or systems. In general, it is also important to remember that so-called "shoulder surfing" is still a popular method when using passwords, which means that care must be taken to ensure that no one is standing behind or next to you when you enter a password.

"These six simple security measures are first steps for threat mitigation, and steps that are largely in the hands of managers themselves," said Kai Grunwitz, senior vice president EMEA at NTT Security.

See also SF article "Beware of CEO Fraud"