Get cyber security savvy

3rd May 2019

By Mark Dickinson, Partner

Cyber-crimes are not going away and the number of cyber security attacks is constantly increasing.  In 2018, the UK Government reported that four in ten businesses and two in ten charities suffered a cyber breach or attack.  When it comes to larger businesses the statistic increases to 72% with an average cost of £9,260.

Different types of cyber security attacks

The level of sophistication that cyber criminals are using is increasing. Here are some of the take away areas to think about.

Social engineering or, in other words, the art of extracting confidential information

Be wary of social media and don’t share much information within your profile.  Scammers’ expertise lies in the different techniques that they use to collate your personal details such as name, email address, passwords, and answers to your security questions.

Spear phishing

This is an email or another form of electronic communication which has been sent to specific individuals, organisations or businesses.  The content may sound completely logical and trustworthy.  Some victims have had parts of emails already in their in-boxes copied and malicious text inserted like fraudulent bank details.

Pharming

It’s when criminals change the host’s file on a victim’s computer or exploit a vulnerability in the DNS server software in order to redirect a website’s traffic to another fake site so that a hacker can infiltrate and install malicious code.  The aim is of course to capture private and personal information, particularly bank details, credit card details, passwords etc.

Malware

The full name for this is malicious software.  It’s a program or file that has been specifically designed to damage a computer, its network or the server.  Ransomware is a specific type of malware that will lock a user out of their files or their device until a ransom is paid to restore access.

Vishing

Criminals use the phone in an attempt to scam the user into divulging private personal data.  The recipient believes they are speaking to legitimate organisations.  They frequently use Voice Over Internet Protocol (VoIP) now, for example caller ID spoofing which can change the caller’s telephone number.

Smishing

This form of cyber security breach uses SMS or text messages to encourage the victim to inadvertently give out private information, or to download malicious software or malware.  Criminals are using increasing levels of security and can now intercept old text threads and insert fakes numbers into them.

What can you do to be cyber security savvy and protect yourself and your business?

There some simple things you can do to protect yourself and your business.

Procedures

Above all, if you are the victim of a cyber attack, make sure that you have a process in place to deal with it and that staff know what they should do.

Firewalls and anti-virus software

Switch on your firewall!  Most operating systems will include a firewall, so make sure it’s up and running.  Anti-virus software should be used on all computers and laptops.

Software

Ensure that your software is always up to date.  When you receive a message telling you that a software update is available for your computer or device, do it as soon as possible because they are intended to patch flaws that have been found in the programme.  They are for your digital security!

Back-ups and the cloud

Back up your data regularly and keep it separate from your computer.  Cloud storage solutions are a cost-effective and efficient way of doing this.

Passwords

Ensure that your passwords are strong – use a combination of upper case, lower case, numbers and special characters.  If possible, use 2-factor authentication.  Be very wary of public WiFi and use 4G or a virtual private network (VPN).

Impersonation fraud

If you do receive an email requesting a payment or you are about to make a payment, check the details first.  Ring the company or organisation you are about to pay using the contact details that you have on file.  Don’t trust any links, attachments, texts or telephone numbers that may have been sent to you.

Knowledge is power and signing up for a free service such as the Action Fraud Alert is well worth it.  Services like these will send you information about scams and fraud in your area by email, recorded voice and text message, as well as advice if you are a victim of an attack.

Have you ever been the victim of a cyber-attack?  How did you deal with it?

We offer comprehensive IT solutions and are happy to help whenever you need it.

About the author

Mark is Head of Wise & Co’s charity and not for profit team.  He joined Wise & Co as a trainee in 1987 and over the years he has worked on a wide range of clients ranging from those in the charity and not for profit sector to owner managed businesses and legal practices.  He maintains a very practical approach to problem solving, dovetailing technical advice with an organisation’s or a business’ overall aspirations for the future.

Share article