Incident reporting is important, as is comprehensive staff training. The most effective response to cybercrime is a collective one.
Unfortunately, there are still tricks used by cybercriminals that can catch people out on a personal level. The best way to avoid this is to pay attention to the details: the sender address on emails, the file formats of attachments and the questions that just don't feel quite right.
Here are our top five rules to really help you reduce your cyber-risk.
A genuine bank or organisation will never ask you for your PIN or full password in an email, on the phone or in writing.
Always remember to ask yourself: what is being requested, why is it needed, and are you completely sure who you're talking to?
Just because someone knows your name and address, or details like your mother's maiden name, doesn't mean that they're genuine. Criminals can falsify phone numbers and pose convincingly as bank employees or trusted officials. Often, they'll try to trick you into revealing security details by telling you that you've been a victim of fraud.
Under no circumstances would a genuine bank or other trusted organisation force you to make an on-the-spot financial transaction or transfer. Nor would they rush you while you pause to think. Slow down, take your time, and consider your actions.
If something feels wrong, question it. Criminals aim to pressure you or to lull you into a false sense of security, while your defences are down. Whether you're busy with other activities or relaxing at home, think carefully about the information you're giving and pay attention to your gut if something feels wrong.
Have the confidence to refuse unusual requests for personal or financial details. It's easy to feel embarrassed or panicky when faced with unexpected or complex conversations. If you don't feel in control of a discussion, it absolutely O.K. to end it straight away.