Cyber Security – Are You Prepared? ACID-led piece

At a recent Furniture Makers Company event I attended, we heard expert briefings from the Cyber Griffin City of London Police initiative to keep ahead of the game when it comes to cyber security. Their experienced officers shared intel to mitigate cyber risks.  They reminded us that our people are both our greatest security asset and our greatest risk so, being aware, prepared and proactive can help reduce cyber risks by taking a few simple steps. Each year fraud and cybercrime costs the UK economy £193 billion.

Cybercrime is when fraudsters target us through our computers, tablets or smart phones or through the internet to steal valuable personal and or commercial information to make money, illegally. Today, our lives increasingly depend on technology providing criminals with easy targets.

City of London Commissioner Ian Dyson said, “About 80% of cybercrime in the City of London is from business, so it’s important that we work with businesses to make sure they don’t become victims of cybercrime in the future. Cyber Griffin is about making sure that people at all levels of those organisations and businesses have access to get the best advice in order to protect them and their businesses.”

“Armed with some simple tools, the challenge is winnable. If it doesn’t feel right, it probably isn’t!” said presenter Sgt Ian Brosnam, “A little common sense can go a long way in tackling this insidious crime.”

Cybercrime is not faceless, and we were reminded of the vulnerability of mobile devices and that 91% of cybercrime starts with an email. To put cybercrime into perspective and demonstrate its growth, 1 in 7 crimes are now cyber related and 1 in 47 are burglary. Clearly, the ease in which criminals make money through cybercrime is a cause for concern and action.

Phishing is the unlawful act of obtaining sensitive information such as usernames, passwords and credit card details by criminals faking themselves as a credible entity in an electronic communication.

What is malware? It is any software which is intentionally designed to cause damage to a computer, server, client, or computer network. So ensure you obtain malware protection such as Norton or McAfee.

Simple suggestions to keep your online presence safe:

  • Check your settings are secure.
  • Tweet or use Facebook in secure locations.
  • Ensure Location Services are switched off when not in use.
  • Keep personal and business email separately.
  • Download anti-malware software.
  • Beware of cleverly disguised emails from well known brands such as: TV licensing; Netflix; Microsoft 365; they may ask for personal information or payment details. Don’t open or respond to anyone who you may not be expecting to have correspondence with.
  • Avoid using public Wi-Fi when transferring sensitive information, such as payment details.

Ransomware is a type of malicious software that can infect a computer and restricts genuine users’ access until a ransom or payment is paid, often into an anonymous Bit Coin account.

Be aware of other online activities:

  • Ensure antivirus systems are up to date and that appropriate firewalls are in place, together with checking that legitimate software updates are current.
  • Did you know that 78% Apps fail basic security checks, so be aware!
  • 90% of hot spots are also insecure and easy targets for criminals.
  • Look out for antennae (called pineapples) in cafes and public places, disconnect immediately.
  • Gangs often operate in cafés, researching personal information through this means; be aware http:// is insecure; https:// is secure and make sure the padlock is green. If broken or greyish, it is probably not secure, so double check.
  • Don’t use a free VPN (Virtual Private Network), use a secure paid for VPN.

Do you have a company cyber policy?  A disgruntled ex-employee who has had access to sensitive information can wreak havoc, so ensure there is a policy for user privilege. For example:

  • Don’t share log-in details.
  • Discourage bringing personal devices into the office.
  • If equipment is stolen, ensure you have the capacity to “wipe” remotely.
  • If you use USBs ensure there is security and always use ones which you know. Some criminals can ascertain information at 200 words per minute, so be very careful about what you plug into your systems.

Passwords:  

  • Don’t use familiar names.
  • Date of birth.
  • Pet’s names.
  • Consider using permutations of random common words e.g. balloondesksun* or winehatblue$.
  • You can find out if your password has been hacked by going to Google and entering haveIbeenpwned? Fill in your email and it will tell you instantly.
  • Think about having all your passwords managed by password managers.
  • Use strong, separate passwords for email accounts.
  • Where available, use two-factor authentication on your accounts.

The Internet of things:

  • Devices like Alexa, Fridges, doorbell security systems etc., with smart capabilities are potentially insecure.
  • Programs used by hackers such as Botnek and Dolphin Whistle can hear frequencies that we can’t.
  • Don’t plug in a device that you don’t know and focus on network security.
  • Also, don’t buy any technology that will soon reach the end of its life because software updates will stop being available.

Your computer – always back up your most recent data. Never respond to unsolicited approaches for personal and financial information.

Useful numbers to know: 0300 123 2040 if you suffer a cyber attack or report via www.actionfraud.police.uk or sign up for fraud and cyber crime alerts at www.actionfraudalert.co.uk

Dids Macdonald, OBE., CEO of ACID said, “This was a real wake-up call to the threats posed by cyber and fraud crime and the specialist team from Cyber Griffin gave us all some valuable tips and advice that we can implement today. I thoroughly recommend attendance at any future presentations like these.”