Practical pointers to help you improve workplace data security

Businesses that take a proactive approach to cybersecurity are better equipped to safeguard sensitive data and spot suspicious activity.

Keeping sensitive data safe and secure is a challenge for businesses of all sizes. Major shifts in the workplace – from in-person to remote and hybrid productivity – forced companies to change, or at least re-assess, their cybersecurity practices and protocols. And far too often, they were not adequately prepared for the evolving cyberthreat landscape.

In fact, according to CyberEdge’s ninth annual Cyberthreat Defence Report, more than 80% of organisations suffered from a successful cyberattack in 2021. With data privacy and data security top of mind, businesses are looking to strengthen their defences against cybercriminals. Here are four simple steps you can take to better protect your workplace data.

1 | Identify the ‘crown jewels’ of your business

Knowing what kind of data cybercriminals want is an essential part of your defence strategy. Therefore, creating an inventory of your so-called crown jewels (the most valuable data and data-related assets within your organisation, including hardware and software information) is important.

In addition, you should have a current (and actively maintained) list of every end-user who has access to your critical business data. Keep accurate records, with device and location details, so that you can carry out the necessary forensic investigations in the event of a data breach.

 2 | Make sure you’re updating and authenticating – always

Keep your operating systems, software packages and web browsers up to date and ensure that all devices have automatic updates enabled. When your connected environment is well maintained, with patches and updates carried out timeously, then your overall security posture is that much stronger.

In addition, make sure that your staff use multifactor authentication (MFA) when they log in. Simple username-and-password combinations are not enough to keep cybercriminals at bay, and MFA could mean the difference between a successful or an unsuccessful hack.

3 | Actively monitor your connected environment for suspicious activity

You should monitor your IT environment continuously to detect misconfigurations, vulnerabilities, breach attempts, and cyberattacks in real time. If you have dedicated cybersecurity personnel, they can implement endpoint security technology to help monitor your network. If not, you can bring in SecOps experts to actively identify, investigate, and mitigate cyberthreats 24/7/365.

Moreover, make sure that everyone in your organisation understands the importance of good cyber hygiene and is following the security policies you have in place. When your people know how to spot phishing attempts, for example, then they can respond appropriately.

4 | Prepare your response plan in advance

No matter how many safeguards you have in place, the unfortunate reality is that cyber incidents still occur. However, responding in a comprehensive manner will reduce the impact on your business and send a positive signal to your customers and employees. Therefore, you should have an incident response plan prepared in advance.

This document should be stored safely and your dedicated response team should be able to access it quickly when the need arises. Make sure your incident response plan includes clearly defined technical, operational, legal, and communication-related steps for your team to follow.

BUI is proud to be a Champion organisation for the 2022 edition of Cybersecurity Awareness Month. This article was originally provided by the National Cybersecurity Alliance and is republished here with permission.

Improve your cybersecurity posture with an expert partner.

Cybercriminals are targeting enterprises big and small to try to gain access to sensitive, confidential, or proprietary data and resources.

How are you protecting your IT environment? Stay ahead of threat actors by choosing a managed detection and response service from BUI.

Four basic online safety tips to remember

If you look out for phishing scams, protect your passwords, and update your devices regularly, then you can improve your online safety.

Cybersecurity has become one of the biggest topics inside and outside of technology circles over the past two years. From securing personal devices for digital learning and remote work during the COVID-19 pandemic to safeguarding corporate data against cyberattacks, there’s been a seemingly endless news cycle dedicated to concerns around online safety.

It’s easy to feel overwhelmed or even powerless in the face of rapidly increasingly cybercrime, especially when there are fresh headlines about data breaches and phishing scams almost every day. But end-users – the people using technology to communicate, collaborate and connect – have an important role to play as the first line of defence when it comes to thwarting scammers, fraudsters and threat actors.

Unfortunately, many individuals are not aware of the most basic cybersecurity practices for everyday life. During Cybersecurity Awareness Month this October, Champion organisations like BUI are trying to change that – by sharing practical, actionable tips to help everyone #BeCyberSafe. Here are four basic online safety tips that you can implement right now.

1 | Watch out for phishing scams

Phishing (when a cybercriminal poses as a legitimate party in the hope of getting individuals to engage with malicious content or links) remains one of the most popular tactics among cybercriminals. In fact, about 90% of data breaches occur due to phishing, according to Cisco’s 2021 Cybersecurity Threat Trends report.

While phishing has grown more sophisticated, suspicious email characteristics (like poor spelling and grammar, typos, low-quality graphics and fake logos in a message) can be a tell-tale sign that the content is risky. Read our explainer blogs – Phishing: Can you spot these common types? and Three ways to shore up your defences against phishing – to learn more.

And remember… If you think you have spotted a phishing attempt, be sure to report the incident to your internal IT teams and service providers so that they can remediate the situation and prevent others from possibly becoming victims.

2 | Protect your passwords

Having a unique, long and complex password for each of your accounts is one of the simplest ways to boost your online safety. And yet, only 43% of the public say that they “always” or “very often” use strong passwords, according to the National Cybersecurity Alliance’s 2022 Cybersecurity Attitudes and Behaviours Report.

Password cracking is one of the go-to tactics that cybercriminals turn to in order to access sensitive information. And if you are a “password repeater”, once a cybercriminal has hacked one of your accounts, they can easily do the same across all of your accounts. Read our blog – The importance of digital identity management – to find out why it’s vital to make your login credentials rock solid.

3 | Enable multifactor authentication

Multifactor authentication or MFA – which prompts a user to input a second set of verifying information or to sign-in via an authenticator app – is a very effective measure that anyone can employ to reduce the chances of a cybersecurity breach.

According to Microsoft, MFA can block over 99.9% of account compromise attacks. Therefore, it is a must for any individual who is looking to secure their devices and accounts. Remember, multifactor authentication – from one-time PINs to biometric scans – will put an extra barrier between your sensitive data and the cybercriminals who want to access it.

Read our blog – Three simple ways to improve your data privacy – to explore other ways of protecting your personal information.

4 | Turn on automatic updates

Making sure that your devices are up to date should be an essential part of your cybersecurity routine. Don’t ignore software updates and patches! Cybersecurity is an ongoing effort, and updates are important for device maintenance and security.

Instead of trying to remember to check for updates, enable automatic updates whenever you can. This way, you’ll reduce your chances of having older, possibly vulnerable or risky versions of software that could be exploited by cybercriminals.

BUI is proud to be a Champion organisation for the 2022 edition of Cybersecurity Awareness Month. This article was originally provided by the National Cybersecurity Alliance and is republished here with permission.

Improve your cybersecurity posture with an expert partner.

Cybercriminals are targeting enterprises big and small to try to gain access to sensitive, confidential, or proprietary data and resources.

How are you protecting your IT environment? Stay ahead of threat actors by choosing a managed detection and response service from BUI.

BUI is proud to support Cybersecurity Awareness Month for the fifth year in a row

This year, Cybersecurity Awareness Month is geared towards empowering individuals and organisations to improve their cybersecurity through simple, actionable steps.

BUI is proud to be a Champion organisation for Cybersecurity Awareness Month in October 2022. Launched in 2004, Cybersecurity Awareness Month is held annually in October, and is regarded as a leading global initiative in the promotion of cybersecurity awareness and best practices.

The Cybersecurity Awareness Month Champions Programme is a collaborative effort among businesses, government agencies, industry associations, non-profit organisations, universities, and individuals. This year’s theme for Cybersecurity Awareness Month is “it’s easy to stay safe online” and Champions – including BUI and technology giants like Microsoft and Cisco – will be sharing actionable advice to help people improve their digital safety.

“We’re excited to take part in Cybersecurity Awareness Month for the fifth consecutive year,” says BUI Managing Director Ryan Roseveare. “Worldwide campaigns like this, which are designed to drive public awareness and public action, show that cybersecurity really is a team effort. We all have a role to play in protecting the devices, applications and networks that enable our personal and professional activities.”

From smartphones and wearable devices to home-automation systems, technology is becoming more intertwined in our lives every day. And while the evolution of technology is accelerating at a rapid pace, cybercriminals are working just as hard to find ways to compromise technology and disrupt business operations.

Cybersecurity Awareness Month aims to highlight some of the emerging challenges in the world of cybersecurity today, and provide straightforward and actionable guidance that anyone can follow to create a safer and more secure digital world for themselves and their loved ones.

This year, Cybersecurity Awareness Month will focus on four key areas:

  • Recognising phishing, which remains a popular tactic used by cybercriminals;
  • Understanding the benefits of strong password management practices;
  • Enabling multi-factor authentication on personal devices and business networks;
  • Installing software updates on a regular basis and turning on automatic updates.

Now in its 19th year, Cybersecurity Awareness Month continues to build momentum and impact with the ultimate goal of providing everyone with the information they need to be more secure online. BUI is proud to support this online safety awareness and education initiative, which is co-led by the National Cyber Security Alliance and the Cybersecurity and Infrastructure Agency (CISA) of the United States Department of Homeland Security.

For more information about Cybersecurity Awareness Month 2022, visit the website. And be sure to follow BUI on Facebook, LinkedIn, Twitter and YouTube for helpful cybersecurity tips and #BeCyberSmart resources throughout the month of October!

Three ways to shore up your defences against phishing

From ransomware to SolarWinds, the cybersecurity space has been as hectic as ever over the past 12 months. However, for all of the emerging threats on the horizon, phishing – one of the oldest pain points in cybersecurity – continues to wreak havoc for enterprises around the world.

It’s often overlooked in terms of media hype, but phishing has been a mainstay in the cybersecurity threat landscape for decades. In fact, 43 percent of cyberattacks in 2020 featured phishing, while 74 percent of US organisations experienced a successful phishing attack last year alone. And globally, cybercriminals exploited public fears over the COVID-19 pandemic to find new phishing victims.

Phishing remains one of the most serious risks to an organisation’s cybersecurity health, but with proper anti-phishing hygiene and best practices in place, you can shore up your defences. Here are three simple tips to help you deal with phishing threats…

1 | Know how to spot the red flags

Phishing scammers are masters of making their content and interactions appealing. From content design to language, it can be difficult to discern whether content is genuine or a potential threat, which is why it’s crucial to look for the red flags.

Unusual formatting, overly explicit call-outs to click on a hyperlink or open an attachment, and subject lines that create a sense of urgency are all warning signs. Emails with these hallmarks should be treated with caution. And if you suspect a phishing attempt, contact your IT department immediately.

2 | Verify the source

Cybercriminals may impersonate someone you already know – such as a colleague, service provider or friend – as a way to trick you into believing that their malicious content is trustworthy. Don’t fall for it.

If an email is out of place, or unusual, reach out directly to the sender to confirm whether the content is authentic and safe. If not, break off communication immediately and flag the incident through the proper channels at your workplace.

3 | Be aware of vishing and other types of phishing

Threat actors have diversified their phishing efforts beyond traditional email. For example, voice phishing – or vishing – has become a primary alternative for scammers looking to gather sensitive information from unsuspecting individuals.

Similar to conventional phishing, vishing is typically executed by individuals posing as legitimate contacts – like healthcare providers or insurers – and asking for sensitive data. It’s imperative for individuals to be wary of any sort of communication that asks for personal information (via email, phone or chat), especially if the communication is unexpected. If anything seems suspicious, break off the interaction immediately and contact the company directly to confirm the authenticity of the communication.

Phishing may be “one of the oldest tricks in the book”, but it is still incredibly effective and increasingly widespread. By exercising caution and vigilance, and by deploying these few fundamentals, you can reduce your chances of falling victim to a phishing attack.

This article has been adapted from Cyber Security Awareness Month resources supplied by the event organisers, and is published here with permission. References include:

BUI is proud to be a 2021 Cyber Security Awareness Month Champion Organisation. Follow along on FacebookLinkedIn and Twitter for more security tips throughout October!

Get end-to-end protection for your organisation.

Our Cyber SoC leverages state-of-the-art Microsoft Security technology – including Azure Sentinel – to continuously monitor connected environments.

With cloud-powered data processing, cyberthreats are detected, analysed, and managed in near real-time to provide comprehensive, end-to-end protection.

Are you a cybersecurity champion?

BUI is proud to announce its commitment to Cybersecurity Awareness Month, held annually in October, by signing up as a Champion organisation and joining a growing global effort to promote awareness of online safety and privacy.

This year, Champion organisations include technology companies Cisco, Kaspersky, McAfee, and Palo Alto Networks, as well as industry heavyweights like General Motors.

The Cybersecurity Awareness Month Champion programme is a collaborative effort among businesses, government agencies, tertiary education institutions, associations, and non-profit organisations and individuals committed to the 2020 Cybersecurity Awareness Month theme of “Do Your Part – #BeCyberSmart”. The programme aims to empower individuals and organisations to own their role in protecting their part of cyberspace.

The overarching message of this year’s theme – “If You Connect It, Protect It” – dives into the importance of keeping connected devices safe and secure from outside influence.

More than ever before, connected devices have been woven into society as an integral part of how people communicate and access services essential to their well-being. Data collected from these devices can detail highly specific information about a person or business which can be exploited by threat actors for their personal gain. Cybersecurity Awareness Month aims to shed light on these security vulnerabilities, while offering guidance around simple security measures to limit the risks for commonly used devices like smartphones, tablets, and laptops.

This year, Cybersecurity Awareness Month will feature four main focus areas:

  • General security hygiene for connected devices and home networks
  • The importance of device security, especially for remote workers
  • How connected devices play a pivotal role in the future of healthcare
  • The overall future of connected devices for consumers

If everybody does their part – by implementing stronger security practices, raising community awareness, educating vulnerable audiences, and training employees – then our interconnected world will be safer and more resilient for everyone.

Cybersecurity Awareness Month continues to build momentum and impact with the ultimate goal of providing everyone with the information they need to stay safer and more secure online. The initiative, which is led by the National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Agency (CISA) of the United States Department of Homeland Security, is in its 17th year.

Visit for more information about Cybersecurity Awareness Month 2020, and follow BUI on FacebookLinkedIn, and Twitter for daily cybersecurity resources! Throughout October, we will be sharing tips to help you and your teams be safer and more secure online.

Wondering how to cultivate cybersecurity awareness in your organisation?

Join our own Wayne Nel and Cyber Risk Aware CEO Stephen Burke for an exclusive live webinar on Thursday 15 October 2020.

Creating Your Human Firewall will show you how to transform your employees into cyber defenders. Reserve your seat!