Author Gary Hibberd
Day 25: Cyber Advent Calendar
So this is Christmas … and what have you done? Another year over and (almost) a new one has begun.
This last 25 days we have given you a range of tips and ideas to make your Christmas a safer and happier one by looking at all aspects of Cyber Security. But if you’ve been paying attention and you’ve read them all you’ll notice that many of them aren’t about computers at all. They’re actually about people and processes. So our final ‘tip’ this Christmas morning is going to pull all these things together and give you something to look at for 2016 so that it becomes your happiest and most secure year ever!
Happy reading .. thank you for liking and sharing this post and HAPPY CHRISTMAS FROM THE AGENCI TEAM!!!
Festive Cyber Tip 25: Put ISO27001 in place
Information Security isn’t only about cyber – it’s about people and processes too.
ISO27001 is the international standard for Information Security and covers Confidentiality, Integrity and Availability of information held by you. It’s applicable to businesses large and small and is a useful tool in clearly demonstrating that your business has put security at the heart of what you do.
Why is it important?
Without an ISO standard like this you have no idea how to protect your business (or yourself) from security threats. Clients and customers want to know that you are doing all you can to protect them and the information they trust with you.
As we share more information the number of data breaches are on the increase and the number of ways it can be stolen is on the rise too. ‘Crime as a service’ is real. Criminal gangs are turning to technology to steal information (and money) in vast quantities and the only way you can protect yourselves is by looking at security as a business problem – not a technology problem.
ISO27001 encompasses all areas of your business and helps you deliver a higher quality of security that can be verified by measuring your successes in this area.
If you want to know more about the standard then click here to visit our page on the topic and contact us about a gap analysis which will tell you how good (or bad) things are in your business.
Information Security isn’t just important – it’s VITAL. It doesn’t matter if you’re a sole trader or a large corporation – your customers expect you to keep their information confidential. They expect you to keep it up to date and accurate and they expect to be able to gain access to it when they need it (or they need you). Information Security and ISO27001 enable you to demonstrate you can meet this need.
If you’re confident your customers don’t want ISO27001 – ask them!
Festive Cyber Tip 24: Talk to your kids about Cyber
A good parent wants to protect their children from danger – online and off-line.
Today children (of all ages) across the UK and the world will be eagerly counting down the hours to when they can unwrap new toys and gadgets that Santa has brought them. Christmas is a fantastic time for families to spend together and a great opportunity to strengthen the bond between parent and child. One way to do this is for parents to learn along side of their children, and to see up close how they are engaging with technology.
The internet has changed so much in our world, not least of which how we think and how we communicate and I believe it is safe to say that the gap between the generation of ‘pre-internet’ and ‘post-internet’ has never been wider. Consider for example what the world looked like just 10 years ago…
- Buy a book? – Go to a store
- Buy a movie? – go to a store
- Buy music? – go to a store
- Meet new people? – go to a bar or event
- Buy a book? – Download it
- Buy a movie? – Download it
- Buy music? – Download it
- Meet new people? – Go online
We need to understand that the concept of ‘ownership’ has changed as ‘owning’ a book, a game or a film simply means downloading it – the physical nature of it has gone. So telling your kids that someone they have met online “isn’t a real friend because they’ve never met in person” doesn’t make sense to them. Whilst it may be true, to them that ‘friend’ IS real. Just as real as the book or game they connected with last week.
Social media (aka the way we communicate) is one of the major game changers for us all,over the last 10 years. With the risk of cyber bullying, cyber stalking, cyber radicalisation all on the increase our online world impacts us all in a very real way. Indeed psychologists tell us that ‘cyber-depression’ is now a very real thing as people negatively compare their lives to those they see on-line where people are more likely to exaggerate (“Look at me and X having an AMAZING time at X’s party!!”) FOMO (Fear Of Missing Out) is also a major cause of anxiety and depression in our modern age. This is anxiety that an exciting or interesting event may currently be happening elsewhere, often aroused by posts seen on a social media.
As parents we need to be aware be of the dangers and educate ourselves before we start thinking that we can educate our children. So this christmas follow some simple tips and improve your childrens chances of having a healthy relationship with the internet.
- Spend time with your children – Explain that you want to understand this ‘new world’ and get them to show you what it’s all about
- Set-up Privacy Settings – Ask them to show you how to set up security settings or set them up for them.
- Talk to them – I know this may be a difficult one! But talk to your children about their online lives. What sites do they visit? Who do they talk to? Ask them what they think about ‘cyber bullying’? What is it? How would they deal with it? What’s their experience of it? What do they share online? Pictures? Posts? Comments? Seek their advice – don’t challenge them.
As parents we need to change our approach to this online world and understand it better. We need to change our mindset and embrace the technology rather than ‘hope’ and ‘trust’ our kids will not fall prey to the negative elements of the Internet. Personally I think this is like sending your children to school without a winter coat on,in December. They’ll probably be ok. But maybe they’ll pick up a virus or two along the way – or maybe someone, a kindly stranger will help them and give them a ride in their car?
Festive Cyber Tip 23: Loose lips sinks ships!
Be aware of your ‘personal space’ and remember your voice expands beyond it.
Despite what you might think, Cyber security isn’t only about computers it’s about the processing, delivery, transmission and storage of electronic, written and spoken word.
Many believe that security is focused on computers and forget that data breaches can occur when you’re sat on a train discussing business deals either to the person sat with you or on mobile phones. I’m sure we’ve all been annoyed by the person who speaks loudly on their phone, but rather than getting annoyed – I listen intently to what they say! And in so doing I’ve learned of business meetings and deals taking place, holidays being organised and even credit card information being shared!
So today’s tip is to simply this; Don’t ignore your surroundings when holding conversations. Many of us have what we would regard our ‘personal space’ and we feel uneasy if someone we don’t know ‘invades’ it. But we forget our voices extend beyond this and people sat two or three rows behind you could be listening to what you have to say. They could be competitors. They could be customers. They could be criminals!
When you’re having a conversation that is ‘private’ then keep it that way. Don’t share it with strangers – be aware of your environment. Don’t extend your meeting from the Board room, into the lift or on to the train. Because someone could be listening in, and as they say in the panto’s … “He’s behind you!”
Festive Cyber Tip 22: Know your suppliers
Don’t let your supplier be the weak link in your supply chain.
Did you know that Apple, one of the most successful and innovate companies in the world has only a small handful of suppliers? They have very clear rules about the companies which can supply services to them. This isn’t just for quality control, but also to minimise (or control) the risk of a supplier making a mistake and impacting upon THEIR reputation.
Making sure your suppliers can be trusted is a big part of security because they could represent a real risk to you and your business, so follow a few steps to protect your business by getting to know your suppliers.
- Who are your suppliers – You need to know who your suppliers are, so make a list.
- Look at your spending habits – If you’re not sure who your suppliers are, look at where you’re spending your money. The companies you spend most with should probably be the first you take a close look at.
- Questions to ask – You should start by asking your suppliers how they can demonstrate that they are a safe and secure business by providing evidence of certification to security standards like PCI DSS, ISO27001 or Cyber Essentials.
- Take a visit – If the supplier provides services/products that are integral to your business, then a visit to their premises may be a good idea.
Taking a risk based approach to your suppliers will ensure you’re not caught out if something goes wrong with THEIR business. Security is only as strong as your weakest link. Just make sure that weak link isn’t in your supply chain.
Festive Cyber Tip 21: Prevent Identity Theft
You can be a victim of identity theft even if you never use a computer.
Malicious people may be able to obtain personal information (such as credit card numbers, phone numbers, account numbers, and addresses) by stealing your wallet, overhearing a phone conversation, rummaging through your trash (a practice known as dumpster diving), or picking up a receipt at a restaurant that has your account number on it. If a thief has enough information, he or she may be able to impersonate you to purchase items, open new accounts, or apply for loans.
How do you know if your identity has been stolen?
Companies have different policies for notifying customers when they discover that someone has accessed a customer database. However, you should be aware of changes in your normal account activity. The following are examples of changes that could indicate that someone has accessed your information:
- unusual or unexplainable charges on your bills
- phone calls or bills for accounts, products, or services that you do not have
- failure to receive regular bills or mail
- new, strange accounts appearing on your credit report
- unexpected denial of your credit card
What can you do if you think, or know, that your identity has been stolen?
Recovering from identity theft can be a long, stressful, and potentially costly process. Many credit card companies have adopted policies that try to minimise the amount of money you are liable for, but the implications can extend beyond your existing accounts. To minimise the extent of the damage, take action as soon as possible:
- Contact companies, including banks, where you have accounts – Inform the companies where you have accounts that someone may be using your identity, and find out if there have been any unauthorised transactions. Close accounts so that future charges are denied. In addition to calling the company, send a letter so there is a record of the problem.
- Contact the main credit reporting companies (Equifax, Experian, TransUnion) – Check your credit report to see if there has been unexpected or unauthorised activity. Have a fraud alerts placed on your credit reports to prevent new accounts being opened without verification.
- File a report – File a report with the local police so there is an official record of the incident.
Becoming a victim of crime is never a nice experience, but Identity Theft can be a crime which impacts you for a long time. Take precautions that are listed in this blog and know what to do when it happens to minimise the damage.
Festive Cyber Tip 20: Get your Cyber Essential certificate
Cyber Essentials is needed for most government contracts. They want it. So you need it.
Cyber Essentials was introduced in June 2014 as a UK Government initiative to offer some guidance to companies who were struggling to understand what they needed to do to protect themselves from cyber threats. Central government in the UK requires businesses to achieve this certification before undertaking any work on its behalf and therefore has become very popular in the UK. It focuses heavily (if not entirely) on the Cyber elements of security and whilst it looks simple on the face of it, it is a highly technical and ‘rule based’ standard, which means you need help in getting it right! But it’s a standard worth exploring because it helps protect against 80% of known threats and will help you if you wish to win Government contracts.
The standard has 5 key areas of interest;
- Boundary firewalls and internet gateways
- Secure configuration
- Access control
- Malware protection
- Patch management
Good Information Security is about more than configuring computers. Just as good road safety is more then looking after your car! But Cyber Essentials puts you in the driving seat and gets you started in protecting your business. This is the LEAST you can do to protect your business but there are better and more rounded processes you can adopt, but that’s behind another door!
Festive Cyber Tip 19: Clean the old. Before you get the new
Old devices often turns up on eBay and the information is still in tact!
We are a world that seems slightly obsessed with ‘upgrades’ and having the latest gadgets isn’t just restricted to home. We update and upgrade our hardware on average every 18 months, and Christmas is a time when many of us starting looking at the new iPhone/Android, tablet or computer to replace our ‘old’ devices.
The reasons for replacing these things is wide and varied and range from simply wanting the latest device to replacing kit that simply doesn’t meet your needs anymore. This is all fine, but what do you do with your old kit? If ‘put it on eBay’ or ‘Give it to employees’ is your answer then you need to rethink your policy. There have been many instances which have hit the press where a person has purchased a computer off eBay only to find military plans for new tank designs still on the hard drive! And for every story that hits the press, there’s dozens more that don’t.
So follow these steps so that your personal (or company) information doesn’t fall into the hands of cyber criminals,competitors or the media.
- Back-up data – You back-up your data anyway, right? But make sure you back everything up before replacing it just in case.
- Wipe your drive – For laptops use a data shredder like ‘Eraser’ or ‘WipeFile’ to safely erase your hard drive. Simply deleting files doesn’t work, as these can easily be recovered using basic tools. For mobile devices like iPhones/Androids there’s a setting you can go to which will erase all files and restore factory settings. Google how to do this for your make and model of device and be safe in the knowledge the information is gone for good.
- Destruction – If you’re particularly concerned (and in particular if you’re a business) then destroying the hard drive might be the simplest solution. Open your PC, take out the hard drive, take the hard drive apart and destroy the ‘disk’ inside by taking a hammer to it! If you don’t feel confident to do it then take it to a business that does this for you. Even PCworld will do this if you ask.
Information exists on ALL your devices, including browsing history, emails, messages, pictures, bank details, customer records, employee files etc. Think about what you’ve used your device for and ask yourself would you be comfortable handing that over to a stranger?
Safe destruction or disposal of hardware is important to you as an individual, but for businesses it’s critical.
Festive Cyber Tip 18: The real risk is doing nothing
Risk Management is central to the success of your business.
It’s a fact of life that you can never be totally safe because you can never remove all the risks that exist in the world. But there are things you can do to reduce the negative impacts from risks that are around us (and in some cases increasing). For example most online attacks can be prevented or detected with basic security practices for your staff, processes and IT systems. But the first step is to pro-actively manage your risks by assessing them. If you’re not already conducting risk assessments then follow these steps and it’ll set you on the path to a more successful, safe and secure business in 2016.
- Identify what is at risk – Your money, your information, your reputation, your IT equipment and your IT based services. Information is an asset that can take many forms so identify WHAT you need to protect and where it exists.
- Who could threaten these assets? – Current or former employees, or people you do business with could threaten your business by accident, through negligence, or with malicious intent.
- Where could the threat come from? – Theft or unauthorised access of computers, laptops, tablets, mobiles are just a few of the ways that threats could be realised.
- What impact could an attack take? – Financial losses from theft of information, financial and bank details or money will have an impact on you. For example, estimate how much it would cost if your IT was unavailable for a week.
- What solutions can you put in place? – Now you know what could go wrong, who could do it, how and what the impact would be you need to think about what you need to do to manage the risk. It could be as simple as developing a plan to manage IT outages or testing your recovery services.
It doesn’t matter if you’re a large multi-national business or a one-man-band, risk management is integral to your business. Having a formal risk management process and documented risk register may not sound like ‘fun’ but it’s important. Don’t get caught out by a lack of knowledge.
Festive Cyber Tip 17: Incident Management needs people
Make sure your team and/or customers know who to call and be clear about roles and responsibilities
Some business owners believe Business Continuity is all about ‘Disaster Recovery Planning’, but this is actually only a third of what is important. In fact Business Continuity is made up of; Incident Management, Business Continuity and Disaster Recovery. You can’t get to the last without going through the first!
Your Incident Management plans need to be clear about roles and responsibilities in a crisis and must contain instructions on call trees and escalation plans. When something goes wrong people need to know who to call. So follow a few ideas to make sure that your customers and teams know who will be helping them when they need help the most.
- Start planning – Talk to your business and decide when you’re going to be open and who is going to be on call. This can include being on call for emergencies or simply on hand to deal with customer inquiries.
- Assign Roles & Responsibilities – Ensure everyone is clear about their role over the holiday season. If someone is on call, does it means that they must be available on the phone or be available to drive 25 miles to your Data Centre? Either way, they need to know. It’s no good calling your support team only to hear them singing ‘It’s Christmassssssss’ at full volume down the phone to you!
- Write IT down – Sounds obvious but you need to write a plan and make sure you have the number of the IT department who look after your website/systems. This is usually the area that goes wrong when the staffing is lowest.
- Communicate your plans – They say that communication is the key to all healthy relationships and I believe that’s true in business too. Make sure everyone understands the expectations placed upon them. Why not send a festive message to your customers and clients and remind them of your opening hours and what to do should they need your help in an emergency? It’s a great way to re-engage and shows you care.
As the saying goes “Business Continuity is not just for Christmas. It’s for life” (well it sort of goes like that)… So no doubt you have all of this in place anyway. But if you haven’t then make this year the year that Business Continuity comes to life and is used in a pro-active way rather than a re-active way.
Festive Cyber Tip 16: Don’t be Anti-social be Social Aware
Social Media policies have been around for a while – Christmas is a good time to review and retrain
We recently posted a blog which provides some tips on ensuring your social media doesn’t cause you embarrassment this Christmas (Click here to review our “Top 10 Tipsy Tips”) . So if you’ve not read it, go take a look after reviewing a couple of additional tips;
- Don’t drink and write – If you’re at a party, enjoy the time with the people there in the room. Don’t send ‘tweets’ or FaceBook updates after you’ve had a few drinks. Leave the updates until tomorrow, when you’ve a clear head.
- A picture paints a thousand words – Similar to the tip above, it’s fine to take snaps of your party, but wait until the following day before you share them on social media. ‘Jenny’ from accounts may not be thrilled that you’ve uploaded images of her sleeping on the bar and it may land you in hot water if she gets truly upset.
Providing advice to staff on the “Do’s and Don’ts” when attending your company party or when dealing with clients at Christmas it’s well worth including advice about the use of social media. It’s not about being Anti-Social .. it’s about being Socially aware.
Festive Cyber Tip 15: Keep IT personal
Looking for love online is no bad thing. But you need to take precautions!
There are an estimated 1,400 dating websites in the UK all promising to find you the love of your life , or maybe just ‘love for the night’. The online dating industry is worth approximately £1 billion (world wide) and their popularity is growing. It’s estimated that 1 in 4 marriages are the result of an online dating site. And why not? People are increasingly living online and it’s a great way to meet people. But wait … we do need to take precautions.
From the ‘traditional’ risk of meeting someone who turns out not to be what you expected through to the cyber criminal who’s sole purpose is to trick you out of money, the online dating game is just as perilous to navigate as our offline equivalent. But there are things you can do to make sure you stay safe online while looking for a little romance. Follow our tips and (as the song says) “love will surely come your way”.
- Check your security settings – Before going on dating websites make sure you have checked the security settings on your other social media sites (like FaceBook). Once someone finds you on the dating site, it won’t take them long before they’re reaching out on other sites to.
- Keep a little mystery in your life – Don’t ‘over share’ – It’s great to meet new people but don’t openly advertise EVERYTHING about you. Keep personal details, like your home address, private until you’re sure you can trust the person you’re talking to.
- If they ask for money, they’re not looking for love – Online scammers will deliberately target individuals and do all they can to get them to fall in love with them. They are generally known as a ‘cat fish’, people who create fake online identities in the hope of tricking their victims in some way. If the person asks you to send money – don’t! The request may come as a plea for help,e.g. “I’d love to come spend Christmas with you but I don’t have the train/plane fare. All I need is $249”. Send the money and chances are you’ll never see the person or the money again.
- Keep IT traditional – There are many tips below which you need to review and action for your own PC. Cyber criminals and just plain-old bad guys (and girls) can send you virus infected attachments in a bid to install ‘key loggers’ and other ‘malware’. They may simply want your bank details, or maybe they want to monitor what you’re doing online and who you’re talking to. Install Anti-virus software and be sure to keep security patches up to date.
- Make it a night to remember – not a night to regret – So you’ve found your man/lady of your online-dreams! Congratulations! You’ve exchanged photos. You’ve spent hours on the phone. Now it’s time to meet in the flesh… It’s safe right? Maybe…Maybe not. For your first date make your date a public affair. Meet in a public place, like a restaurant or a bar. If the dates not going as planned it’s far easier to leave. Also make the first date an afternoon event as it will reduce the likelihood of involving alcohol and also reduce the likelihood of any ‘expectations’ once the date/meal/film has concluded!
Online dating should be fun but the online (and offline) dating game is fraught with risks and we need to make sure we take precautions to prevent making heartbreaking or bank-breaking mistakes! Good luck with the hunt .. and enjoy the chase.
Festive Cyber Tip 14: Get a Window cleaner!
Know your weaknesses so that you can build your strength
Websites certainly have come a long way since Sir Tim Berners-Lee revealed his ‘HTML’ language to the world back in 1989. From mere ‘Digital Catalogues’ through to complex engines which can take purchases and track orders our websites are the ‘windows to the soul of our companies’ and as such we take great care in their design, layout and content.
So it often comes as a great surprise to me that business owners don’t know about the security of their website, how it was designed or how it is tested. Perhaps it’s because the web design is left to others in the company, but it’s YOUR company and it’s YOUR website – more importantly it’s YOUR reputation.
So here’s a few things you should be thinking about to ensure those Christmas shoppers get what they want this Christmas and your shop front stays open for business.
- Work with a reputable Web design company and ask them about Security of your site. Ask them about ‘OWASP‘ (Open Web Application Security Project) and the top 10 most common vulnerabilities.
- If you’re designing the site yourself, then use a reputable site-builder – and look for security features you can build in.
- Seek out professional support and have a ‘Vulnerability Assessment’ or ‘Penetration Test’ conducted on your site. The first will show you IF you are vulnerable to attack and the second will show you HOW these vulnerabilities can be exploited.
Your website is the store window on your business. It’s the place where you tell the 3 billion Internet users just how great your products/services are. It’s where you showcase your most precious items… for all the world to see. But be careful because, it’s only a matter of time before some one picks up a virtual house-brick, and …
Festive Cyber Tip 13: Backup Backup CHECKUP
Don’t just Backup – Checkup!
Let’s face it, things sometimes go wrong! At best, you’re going to delete the wrong files. At worst, you’re going to get a computer virus that deletes them for you! But you’re smart! You’ve ensured there’s a back-up process in place and for the last X months/years data has been backed up and stored securely in another location so all you need to do is restore it.
But this is where it all goes wrong. Backup software/systems are just as prone to problems as any other. It’s vital that you back up your systems, but it’s equally important to TEST your back up! Don’t leave it to chance so follow a few simple tips and you’ll get your back up when you need it, not get your backup in frustration!
- First tip – Please make sure you have a back up process in place!
- Don’t trust your backup is working as expected – you need to test it by restoring files on a frequent basis
- Make sure your backups are stored securely – encrypt them if possible
- Backup not just your ‘data’ but the tools too (I’ve lost count how companies say “Our Customer data is backed up. But we don’t backup the customer database itself.”)
We know that contingency planning is important and the most basic step is to have a copy, a back up of the most important files that we need. Don’t leave it to chance. Don’t just have a back up – make sure you give it a check up.
Festive Cyber Tip 12: Security Training is important
Staff need to understand the importance of Security
Many businesses see the seasonal rush at Christmas as a great business opportunity and therefore often need more staff to cope with demand. Hiring new people is always a challenge as you need to ensure they will represent your business well and serve the customers in the right way.
But there is a saying in Cyber Security that people are often the weakest link when it comes to securing a business and as the rush to hire new people is underway, we need to remind employers that EVERYONE needs training on Security. New recruits are brought in to meet a specific need, but don’t make them the weakest link in your business.
Criminal also know that you’ll need more staff so will often target businesses so they can get some inside information on them.
So to stay safe follow some simple steps;
- Remember that Information Security Training is important for ALL staff – New and old.
- If you don’t have a security training process – get one! Take a look at the tips in this blog – it’s a good start!
- New staff know they may only be there for a short period of time – they may use this to their advantage.
- Change passwords and security codes if you have to let people go following the Christmas rush.
Many think of cyber security as a need to protect ‘computers’ from criminals, but in truth, it’s what computers hold that is the target. Criminals will target businesses, large and small to gain access to physical stock as well as computer information. Good training will make everyone aware of the importance of staying safe both on, and off-line.
Festive Cyber Tip 11: Charity starts at ‘click’
Cyber scammers don’t have a heart
If you’ve been following these tips, you’ll already know the dangers of clicking on links that look suspicious but this particular tip is intended to protect you from a scam which is a little darker than most.
At Christmas cyber criminals know that charitable donations are more likely to rise than at any other time of the year, and with all the terrible things we see on the news they know that people are more likely to let their guard down in an attempt to help those less fortunate than themselves.
Cyber criminals will think nothing of setting up fake charity websites that contain malicious software or sending you emails explaining how, “for just a small donation you could save a child this Christmas. Simply donate £5 and this child’s life will be saved.” These scams look genuine. They often contain graphic images and words in order to get you to hand over your bank details or to click on a link.
Don’t fall for it. Follow our simple tips to stay safe.
- If you wish to donate to a good cause, don’t be led by an email campaign.
- Go direct to the charity page of your choice and contact them yourself if you wish to make a donation
- Don’t use a debit card, use a credit card instead. These have greater levels of protection when using online
‘The Wizard of Oz’ is a family favourite at Christmas, so think of it like this; Make sure you’re not the ‘Scarecrow’ – you DO have a brain. The Cyber criminals are like the tin man, they really don’t have a heart when it comes to Christmas and they are hoping your charitable nature will make it easier to trick you. Don’t give them the ruby slippers!
Festive Cyber Tip 10: Don’t trust flashy E-cards
Adobe recently stopped using ‘Flash’ because of the security issues
We all appreciate the thought that goes into writing a new Christmas card and the joy this brings is still evident when a child brings home a card for a parent. It’s a traditional part of Christmas (well, since 1843 anyway). In more modern times people turn to the internet to send cards because it’s easier, it’s environmentally friendly and cards can include fun things like moving images and music. But wait! cyber criminals know this and they can exploit it.
Cyber criminals will send out mass ‘e-cards’ which contain viruses and ‘trojans’ that can take over your computer. E-Cards that contain Adobe ‘Flash’ could contain more than best wishes. Flash has been popular for a long time but has a lot of known vulnerabilities that criminals can exploit, but it does offer some great animation!
So here’s our simple tips to ensure you receive nice messages this Christmas;
- Ensure your Anti-Virus and Malware is up to date
- Ensure your computer is upto date with latest security patches
- If you’re using ‘Flash’, make sure it’s the latest version (some e-cards may try and direct you to a rogue site when asking you to download the card
My final tip to avoid this is to thank the person who sent you the e-card and delete it. You don’t really need to see the dancing ‘Rudolf’ do you?
Festive Cyber Tip 9: Children are the future
Give your kids the gift of education and knowledge
The Internet is a wonderful thing, something to be embraced and utilised – safely. If your son or daughter are of an age that an iPad or computer is the ‘must have’ gift this year then make sure you’re also giving them some education on it. I’m sure if you’re reading this that a) you’re used to using the Internet and b) you’re intelligent enough to know that the internet is not just full of work related material.
As you hand your kids their gift please make sure you have a plan of action to help educate your children on the opportunities and also risks of using the internet. Teaching them the right way to search for information as well as the do’s and don’ts of giving out personal information will help keep them safe in the long run. They also need to understand the shield of protection the internet provides people. They may not always be what or who they claim.
Giving them the skills to maneuver through it and the knowledge of how to maintain their safety is vitally important. So do the following and you’ll be giving your kids more than just an expensive (or dangerous) toy this Christmas;
- Make sure you install Anti-Virus and Malware protection software and the latest security patches BEFORE you wrap it
- Spend time with your kids and ask them to show you round the computer
- Talk to them about the Do’s and Don’ts of using the internet (like keeping passwords secret, not posting images of themselves without your permission and talking to strangers)
- If you’re buying a desk top computer why not set it up in a place in the house that everyone can access it?
- Develop a plan where you sit with your children on a daily basis and spend time with them so that they can share with you what they’re doing online. Over time this will change, but it’s the perfect opportunity for you to spend some quality time with them and also guide them in the new online universe (and you’ll probably learn a thing or two yourself!
Festive Cyber Tip 8: I Spy with my little WiFi
WiFi connections aren’t always secure connections
Last minute shopping for those ‘must have’ items sometimes forces us to do things we wouldn’t normally do. If you’re sitting in a coffee shop or on the train, or in a hotel you make this this is the perfect time to do a little shopping online. Of course, it probably is…But wait! How are you connecting to the internet? Using the ‘FREE’ WiFi could cost you more than you think.
Criminals know that people are like a bargain and coffee shops and other public places are a great place to set up a ‘Man in the Middle’ attack. In this kind of fraud the criminal simply uses tools (which are freely available on the internet) to carry out a variety of attacks, including ‘DNS spoofing’ where they set themselves up as a ‘router’ on to which you connect.
Think it can’t happen? When you last connected to Free WiFi last, did you ask the Coffee shop owner if they had Wifi? And what it was called? Or did you simply connect to the first one that said ‘FREECoffeeShop101’? If you did, there’s a chance your every key stroke was being logged and recorded by the guy sat in the corner sipping his latte.
So what can you do? Simple…
- Try and avoid using FREE WiFi when doing anything confidential.
- Don’t enter bank details or passwords unless you’re using Virtual Private Network (VPN) software.
- Ask the owner of the premises you’re in what their WiFi is called and connect to it.
Festive Cyber Tip 7: Start planning
It’s no good saying “we’ll cross that bridge when we come to it.” Because the bridge may be gone.
Good security is all about Confidentiality, Integrity and AVAILABILITY. Will your services, your products, your company be open and available when your customers expect it? Every November/December the UK news stations are full of stories about floods and heavy snow falls which paralyses parts of the country. So what can you do about it? You can plan!
You can’t control the weather, but you can build an effective response to it. Here are some simple things to think about;
- Conduct a risk review of your premises. How likely are your premises to be flooded in the first place?
- If you’re at risk, look closely at where your physical assets are stored (do you keep all your paper archive in the cellar? Or worse still, is that your Computer room? If it is, then move it to higher ground).
- Ask your staff about their own journey to work. It’s no good thinking ‘My office/factory is on high ground. We’re ok’, if all your staff live in the valley! Sorry to burst your bubble – but if your employees homes are flooded, your project/deadline will have to wait!
- Ensure you have up to date contact details for your staff.
- Offer advice and guidance to staff about keeping appropriate clothing/boots in the car and remind them that their safety is your priority.
- Ensure you have an up to date list of contact details for key clients/customers. Should the worst happen, you want to call your customers and explain what you’re doing to recover your business – Don’t leave it to the BBC to show photographs of YOUR factory 5ft under water!
- Speak to your suppliers. Ask them about their Contingency plans. I worked for a company who’s CEO ‘laughed’ when I spoke of flood risks and Contingency plans. “Gary, we’re in the middle of a city with no rivers in the immediate area and we’re on the 9th floor of a tower block.” He wasn’t laughing two months later when the Data Centre they relied on, who were based 30 miles away were flooded and unable to provide services for the following 5 days.
The bottom line is that ‘bad things happen’. You can’t plan for everything, but you can plan for anything. Assess the risks and consider what you will do when the rain/snow falls.
Festive Cyber Tip 6: Don’t lose out to thieves
Thieves are banking on you being more ‘relaxed’ with your valuables.
It’s good to catch up with friends at this time of year but all to often this means catching up after work, when you’ve got your laptop and other mobile devices with you. Theft of laptops increases at this time of year but also the amount of laptops which are lost increases too.
When planning on going out after work, make sure you keep an eye on your valuables. Don’t leave your phone on the table/bar and place your bags under your table. If possible lock your devices/valuables in the boot of your car so you don’t run the risk of losing your valuables.
Festive Cyber Tip 5: Don’t forget your ‘Flu’ Jabs
Remember: Viruses affect man AND machines
The second most popular method of infiltrating your computer system is to use a computer virus (the number one method is behind another door!). Most likely, cyber criminals don’t know you but they’re hoping you’re like a majority of people and that you don’t keep your ‘Anti Virus’ (AV) software up to date.
Cyber criminals can send out a virus to millions of people in the knowledge that at least a percentage will have forgotten to install AV software or haven’t kept it up to date… and this includes companies too.
Once a virus hits your computer it can do a multitude of things. From logging every key stroke you make to blackmailing you by encrypting your information.
No matter what they decide to do.. they’re in!
But you can prevent this by installing AV software on your devices and keeping it up to date. If you own a business this is just as important (if not more so!). Speak to your IT teams or Cloud provider about making sure they keep up to date with AV and ‘Patch management.’.
Cyber criminals rely on weaknesses. They hope you are lazy and forget to update such systems. Don’t give them the easiest route to your business, your money and your life.
So keep AV software up to date and make sure computer systems are ‘patched’ with the latest security fixes.
Festive Cyber Tip 4: It’s not always good to share
Remember: Care about what you share
It’s an exciting time of the year and there’s gifts and trips aplenty! Some of us will be planning on getting away from the cold and heading to warmer climbs, or maybe we’re travelling to visit friends and family across the country. This is great news for your friends and families, but make sure it’s not great news for burglars and other Christmas Grinch’s!
Follow these simple steps to protect yourself and to remind yourself that it’s not ALWAYS good to share!
- Check your security settings. Check settings on Social media sites (like FaceBook, twitter, instagram etc) and make sure only friends can see your posts.
- Think before you share. Think about the information you’re sharing on social media about your holiday plans. Criminals are looking for information like “Can’t for Christmas shopping in New York on Saturday!” And they can search for terms like ‘Christmas trip’.
- Think before you click! We’re so used to sharing pictures of things we do and eat(!) on Social Media, we might forget that posting pictures of our gifts, including games consoles, pandora bracelets and new clothes might not be the best idea! You’re advertising to the world all these new shiny things and the world is watching!
- It’s good to talk: If you’re planning on going on a trip, tell your neighbours. Ask them to keep an eye on your house and that you’ll not be home for a while. This has the added benefit of giving you a perfect opportunity to get to know your neighbours! (Why not take them a Christmas card while you’re there!)
- Christmas Lights: You can buy inexpensive devices which will turn on lamps at pre-set times around your home which gives the appearance that you’re home. So plug a few in and make sure your home looks occupied even when you’re out.
There’s nothing wrong with being excited about Christmas and it’s good to share, but make sure you’re only sharing with the one’s you love.
Festive Cyber Tip 3: Let’s go phishing
Remember: Think before you click.
Cyber-crooks are obviously aware of this increase in online trade over Christmas and therefore step up their attacks. Consumers can be attacked on several fronts. One of the main strategies is phishing, which consists of spoof emails that purport to come from an online bank or shop. Users are asked to click on a link and enter their bank details. If they do, any data they enter could end up in the hands of cyber-crooks.
These phishing attacks are easy for the attackers to distribute and they don’t care who they target. A common approach is to send an email that says something like;
“Your order is being processed. The total outstanding balance is £787 (inc VAT). Please click on the link below to view your order. You have 48hrs to cancel this if required.”
Obviously you’re immediate reaction would be to who has been using your card?! Maybe you’ve been hacked?!!! Your mind is screaming “CLICK THE LINK!” But wait. THIS is the hack! THIS is the scam…
Take a close look at the email address. Does it look like a real address? Copy and paste the address into Google and investigate it. If you’re really concerned, contact the company (who sent you the email) and talk to them.
Don’t giver scammers what they want this Christmas. Think before you click.
Festive Cyber Tip 2: Checking your statements
Remember: Check your bank statements for strange transactions. Treat it like the naughty list!
“He’s checking it once. He’s checking it twice …He’s going to find out who’s been using his bank account!”.
Ok… So I know that’s not how the song goes, but take a tip from Santa. He knows the importance of ensuring the information is accurate on his ‘Naughty list’, so shouldn’t you do the same on your bank statement?
It’s easier for Cyber criminals to steal £1 from 1 million bank accounts than try to take 1 million from 1 account, and that’s what they do. Cyber crime cases increased to 5.1 million online fraud last year, with an average of £1000 taken from each incident, which is an increase of 5%.
People are ‘cash rich but time poor’ and the criminal plays on this, in the hope that you won’t notice a small amount leaving your bank account each month.
So think of the song … and keep ‘Checking it once .. Checking it twice! Take care of your bank account and report any strange transactions to your bank.
Festive Cyber Tip 1: Passwords are Key
Remember: Passwords are like underwear …Change them often and don’t share them!
I know you’ve heard this over and over again, but it’s the simplest and most effective ways to prevent your information falling into the wrong hands. Having the same password for many areas of your life is like having a single key to open your house, your car, your business.
- Instead of using one word consider a phrase or a line from a song
- Include those pesky special characters such as numbers and punctuation, examples @ ! –
- Have different passwords for different websites
- Never share your password
- Change your password often