We're hiring! if you'd like to join one of our award winning teams, read more on our Careers page.
How to avoid being a Cyber-crime statistic
Cyber-crime will always be a hot topic amongst businesses and individuals. Although defences are getting much better, there will always be a way to break that defence. It is imperative that we as business professionals and individuals educate ourselves on what the potential dangers are and what to look out for in terms of red flags when working online.
In this article I will explain one of the most common forms of hacking and what simple things businesses and individuals can do to help protect their personal data.
There are many different ways that a hacker can get a hold of your personal data, of which some are more lucrative to hackers than others. A popular tool of the hacker is the phishing e-mail. Phishing e-mails pose a great threat to business professionals and individuals as they come in many different forms and are becoming more and more convincing every day.
The most common type of phishing e-mails being sent to people are ‘spear phishing’ e-mails.
?: Spear phishing is a malicious e-mail designed to target a customer of a specific product or service.
These e-mails are designed to trick you into thinking that you are dealing with a legitimate e-mail from a legitimate source when in fact you are being lured into the lion’s den. Hackers will spoof many domain names and intercept e-mail going to and from individuals and businesses, they do this to acquire recognisable information such as e-mail letter head, watermarks and signatures to use in the phishing e-mails to better their chances in delivering their ‘payload’ to your device.
?: Domain names are essentially a way of identifying who you are online e.g.martintolhurst.co.uk is our domain name.
For more info on phishing e-mails and what to look out for click HERE
Although it is scary to think it’s that easy for hackers to get hold of your personal data there are however lots of actions that you can take to help prevent your data form being intercepted by hackers. At Martin Tolhurst Solicitors we consider cyber security to be a high priority as we understand the consequences of cyber negligence and the impact it can have on the business and its clients. To combat cyber threats, we have comprehensive policies in place and provide mandatory cyber security training to all staff.
Most other firms will have similar policies and procedures in place but what you may also not be aware of is the cyber security information that we place at the bottom of our signatures on all e-mail correspondence sent out by a member of staff. This is information that all clients should be aware of as this will briefly outline the dangers of phishing emails.
The information provided in the signatures is as follows:
WARNING – Property Cyber Crime. Property transactions are currently rated with a high risk of fraud. To minimise the potential for fraud on your transaction please note that if we need you to send us money, we will give you our bank details in a letter to your postal address as identified. If you receive an email saying our bank details have changed or giving alleged bank details from this Firm, do not trust it – Emails can be scammed. Please do not rely on email notification of our bank account or any bank account changes without direct verbal confirmation from a trusted source at this Firm- please speak to us on the telephone on numbers supplied by us on our notepaper in letters before sending any money. We will not be liable to you for any payments made by you to an incorrect account. This BBC article highlights the problem - http://www.bbc.co.uk/news/business-41897888
As an individual you should go the extra mile to ensure that you are aware of the dangers and what to do when you receive such e-mails in your inbox. Having this knowledge will bridge the gap between you identifying these emails and removing them as soon as possible or risking the chance of malware being installed on your system or worse, you losing a substantial amount of money due to a phishing email.
In terms of what you can do as a business/business professional or individual to go the extra mile to protect your data, I’ve listed below what I think you should be doing to better secure your data.
As an Individual
- Ensure that home PCs, laptops & tablets have the latest Windows, Mac/Apple & Android security patches.
- Install antivirus protection software onto your PC. There are many really good antivirus providers out there such as McAfee and Sophos Home that do not cost a substantial amount of money however most do offer a free version.
- Set a reminder to change your password at least once a month (invest in a password manager if you have lots of passwords for different sites) and remember to use a strong password.
- If you receive an e-mail in your inbox, just stop and ask yourself: Was I expecting this e-mail? Is there any identifiable information? Do I recognise the sender?
As a Business (or Business Professional)
- Invest in a highly configurable firewall, the more configurable the better in my opinion.
- Ensure that you have endpoint security in place such as Sophos, Symantec & McAfee.
- Staff training is paramount. There are many providers out there such as KnowBe4 or Bob’s Business. These training platforms educate staff on the current threat landscape and show them what they need to be looking out for.
I hope you found this article of some use, there are many resources out there that provide comprehensive information on many cyber threats and some that will keep you updated on the latest threat landscape. I have added some of these resources below.
Resources
- Sophos Naked Security blog (provides more information on the threat landscape) - https://nakedsecurity.sophos.com/
- SRA (Solicitors Regulation Authority) info on Cyber Security - https://bit.ly/2mCL8gm
- Law Society scam prevention - https://bit.ly/2JbcNM6
- Information on strong passwords and password managers - https://bit.ly/2mgeNas
- Info in Phishing emails and what to look out for - https://www.itgovernance.co.uk/blog/5-ways-to-detect-a-phishing-email
This article has been written by Chris Dalton-Vale, IT Systems Administrator.
Comments