Many people wouldn't think twice before opening an attachment on their work laptop, while sat using a cafe's wifi.

Eastern Daily Press: Darren Chapman, founder of cyber security consultancy company Cyber Scale and the NSCSC. Picture : ANTONY KELLYDarren Chapman, founder of cyber security consultancy company Cyber Scale and the NSCSC. Picture : ANTONY KELLY (Image: archant 2017)

But simply by doing so, employees could be opening a back door to hackers who could corrupt their business.

ELEANOR PRINGLE sat down with Darren Chapman and David Higgins, founders of the recently established Norfolk Suffolk Cyber Security Cluster, to learn more about what you can do to keep your data safe.

1. Hacking the human

Eastern Daily Press: Internet Security specialist David Higgins of 4ITSec and NSCSC. Photo by Mark BullimoreInternet Security specialist David Higgins of 4ITSec and NSCSC. Photo by Mark Bullimore (Image: Archant Norfolk 2015)

"Staff are one of your business's biggest assets; sadly they are also one of the weakest links within a business security perimeter," Mr Higgins said. "Social engineering is a skill that was mastered by the old fashioned con men years ago and has now been re-invented and refined in the forms of phishing and impersonation."

Such examples might be attackers posing as the user themselves and requesting password resets, or someone posing as a technical support administrator who needs user information to fix a problem.

The solution is simply to be vigilant and train staff to recognise and flag unauthorised requests for details.

2. Password problems

"For years people have managed to access data by using a user ID and password combinations," Mr Higgins, who runs north Norfolk's 4ITSec, said.

Because of their simplicity passwords are simple to expose and hack. This can lead to hackers purchasing harvested ID and password combinations from the dark web.

"Problems arise when people use similar and simple passwords across many accounts," his colleague, Darren Chapman said.

"The solution is to use another additional level of security alongside the usual user id and password - often known as 'two factor authentication'," he said.

These are freely available on Google, PayPal, Amazon, and most other common applications.

Mr Chapman, of Cyberscale, added: "Have a look at Authy.com - this will help set you this up on common websites. Alternatively buy and use a 2FA app which will send an additional code to your mobile which you use alongside the user id and password."

3. Encryption

"Encryption is not just for 'top secret' files," Mr Higgins said. "You should consider what is on the device if you lost it. All the data on those devices is in clear text and can be accessed once the device has been hacked or connected to."

He said: "Consider an encryption product that will scramble the data and demand a special key before allowing the device to boot up."

Such packages are available for about £15 online.

"Do not use encryption that comes free with the operating system or are downloadable from the web - they are free for a reason," Mr Higgins added. "Apple devices have encryption built into their operating system and is good - switch it on."

4. Public Wi-Fi

"When using public, free, or insecure Wi-Fi services, you must understand that everything you type is in clear text and can be read, accessed, recorded or taken over by anyone with the correct equipment," Mr Champan said.

The solution is to always use a Virtual Private Network (VPN) which will scramble the communications.

If VPN isn't provided by a business firewall then applications can be purchased for about £3 a month and will scramble all communications through insecure connections.

"Once a VPN is being used, there's no way the ISP or anyone else can read or record what you're browsing," he said.

5. PDFs attached to emails

This is called steganography - derived from the Greek language meaning 'covered writing', where a data file or malicious code can be hidden within another file.

Mr Higgins said: "A PDF file is often thought to be safe but could contain malicious code which will drop onto your device once it's been opened in a similar manner to clicking on a malicious link on a website.

"They are difficult to catch and check, so ensure that whatever PDF reader you use, your anti-virus or end point protection are up to date and that your email servers are running current and updated filters."

Software is also available that can test the PDF file before allowing it through to the intended user.