Erhan’s 5 Cyber Bites. Head of Information Security at Bink
This week, we are talking to our Head of Information Security, Erhan Temurkan.
At Bink information security is a business priority. Our Head of Information Security, Erhan Temurkan is at the forefront of defending the organisation against the latest cyberattacks.
He has built a strong culture of learning and knowledge sharing to empower the team at Bink to support keeping the company safe. We asked Erhan to share his top 5 tips with our broader community.
Erhan’s 5 Cyber Bites
1. If in doubt, throw it out!
The number of phishing emails continue to increase, as cyber criminals attempt to trick us into clicking malicious links within emails in order to access our sensitive information. Always question an email you are not expecting, verify with the sender if possible, and beware of emails which portray a sense of urgency in order to get you to respond/click on a link etc. Remember, if in doubt, throw it out!
2. Passwords are not the panacea
Passwords are no longer enough to secure your accounts. Users can fall foul to a number of techniques: Social engineering where a user is tricked into revealing their password; or password reuse, where a user reuses the same password for other accounts resulting in the potential compromise of those accounts if a single account is breached.
Instead, utilise technical alternatives such as Single Sign On (SSO), enabling users to remember just one set of credentials to access multiple systems. Of course, a downside of SSO is that the compromise of the SSO account can result in access to multiple systems for an attacker. It is therefore recommended that you implement SSO with multi-factor authentication.
3. Multi factor authentication – a password’s best friend
As per the previous point, passwords are no longer enough to secure our accounts, therefore we must look to add additional controls. Multi factor authentication (MFA) provides an additional layer of security for your accounts.
This will involve a second layer of authentication via biometrics, a security key or a unique, one-time code via an app on your mobile device to confirm you are the authorised user attempting to access the account.
4. Data backup is not enough!
Data backup is key to business resilience, particularly as ransomware attacks continue to rise and become more destructive. It is imperative to consider the entire backup lifecycle.
For example: Have you encrypted your data backups? Are these backups stored separately to your Production network? Have you attempted to restore those backups? Have you considered the time to recovery? One of the first questions you will be asked during a cyber-attack is, “How long until we are back online?”
5. Do you know your Crown Jewels?
Lastly, they say, “You can’t protect what you don’t know”, therefore take a moment to consider your most critical assets. What are the assets that are business critical? Where is personal data stored? Overall, understand the systems, the data they hold and the business requirements they support.
Thank you for sharing these with us Erhan.