Cyber Security is an incredibly important matter for users across the internet, but especially for businesses who have seen a growth in online engagement over recent months since remote working has become somewhat of a new ‘normal’. Coronavirus has introduced a number of hurdles to businesses across the nation, including the threat of cybercrime and ensuring that companies are staying safe as they do more digitally.
When it comes to cybercrime, perhaps the image of a teenage computer whiz sitting in their bedroom with a can of energy drink, hacking away at your malware security comes to mind? While that might be the case, cybercrime is considered a tier 1 national threat in terms of the severity and consequence that these types of attacks pose to individuals and companies alike. In fact, the people behind these crimes are very clever at what they do and are usually part of larger organised crime groups, so it’s so important to know how to protect yourself and your business online.
What is Cybercrime?
Cybercrime is an umbrella term used to describe criminal activity, of which there are two brackets.
- Criminal activity that targets; and,
- Criminal activity that uses computers to commit other crimes.
Cybercrime that targets computers often involves viruses and other types of malware. Cybercriminals may infect computers with viruses and malware to damage devices or stop them working. They may also use malware to delete or steal data. Cybercrime that stops users using a machine or network or prevents a business providing a software service to its customers is called a Denial-of-Service (DoS) attack.
Cybercrime that uses computers to commit other crimes may involve using computers or networks to spread malware, illegal information or illegal images.
Sometimes cybercriminals conduct both categories of cybercrime at once. They may target computers with viruses first before moving on to use them to spread malware to other machines or throughout a network.
Cybercriminals may also carry out what is known as a Distributed-Denial-of-Service (DDos) attack. This is like a DoS attack, but cybercriminals use numerous compromised computers to carry it out.
Some specific examples of the different types of cybercrime include:
- Email and internet fraud.
- Identity fraud (where personal information is stolen and used).
- Theft of financial or card payment data.
- Theft and sale of corporate data.
- Cyberextortion (demanding money to prevent a threatened attack).
- Ransomware attacks (a type of cyberextortion).
- Malware (malicious software that sits in the background and records keyboard pattens, search habits etc.)
- Cryptojacking (where hackers mine cryptocurrency using resources they do not own).
- Cyberespionage (where hackers access government or company data).
How are Cybercrime Victims Targeted?
Essentially, cybercrime targets human error to find as much information as possible about a person or business that allows cybercriminals to prove authenticity and get a foot in the door.
As individuals, we are very quick to add our personal information to public platforms like Facebook or LinkedIn. While your relationship status or where you went to school may not seem like a big deal, it’s important to understand that any information about you as an individual gives a cybercriminal or crime group a snippet into who you are and what makes you tick.
On a business level, information such as your name and job role (this is more relevant to LinkedIn) give criminals an insight to the position you hold within the company and, therefore, an idea of the access levels you are likely to have across the business systems, as well as the influence and powers you have amongst the rest of the team.
Likewise, displaying your work email address on a public forum provides the opportunity to cybercriminals to open a direct line of communication with you. This allows them to:
- Send you something malicious, such as ransomware.
- Strike up a conversation to steal your email signature so that they can impersonate you and target others either in or outside of your company.
Which links us right back around to the personal information that you share, as any email they send will need to appeal to your interests as this will increase the chances of the email being opened. Just as emails sent to your colleagues need to appear as authentic.
The Scale and Impact of Cybercrime
19,000 attacks are reported to the police by UK businesses every day. However, there are 75,000 attempted attacks on UK business every second, according to a report by Hiscox Insurance. Bear in mind that Hiscox Insurance is only one insurance company in the UK and so this number represents only a small percentage of businesses nationwide.
Last year alone, 178,000 fake business domains and email addresses impersonating other people were taken down. It’s thought that this is around 0.5% of the actual number of fake domains that are out there, which would suggest that the real number is closer to something in the region of 35.6 million.
What can I do to Protect Myself or my Business from Cybercrime?
Cybercrime is clearly and ongoing threat, and the idea of how easy it is for cybercriminals to prey on individuals and businesses is confronting. But there are ways to help protect yourself and your business from falling into the trap and to stay safe online.
Read about our ISO 27001:2013 certification.
Stay Up to Date
Out of date software is one of the most common causes of successful cyber-attacks. An example being the breach at the Equifax credit bureau in 2017 that exposed the financial information of almost every Adult in America.
Issuing regular updates to protect against newly emerging vulnerabilities and keeping your software and operating systems updated is such an easy task, and yet is so effective in protecting you against cybercrime.
Most software offers automatic updates which run as soon as an update becomes available. Also, be sure to install software to scan your system for viruses and malware to catch anything that might get through.
Don’t let your Password be Compromised!
Remembering passwords isn’t fun – we’re all right there with you. But the simple fact is that passwords are there to offer security and protection and should, therefore, be secure.
Unique passwords are a must as they aren’t as easy for cybercriminals to hack (or for anyone who might have access to your phone or computer guess!) as common words or sequences such as ‘123456’ or ‘password’. Try picking three or four words, for example ‘duck’, ‘ball’ and ‘iron’. Once you have put these together and added a capital letter and special character, you have a strong 13-character password.
Get into the habit of changing your passwords regularly to further minimise the chances of your password being compromised.
You should also try to reframe from using the same password for all accounts, but at the very least, never use the same password for your email account. Once a hacker has access to your emails, they have access to any other website or system you have an account with.
A password manager program such as LastPass can help you create and remember complex, secure passwords.
Enable Two or Multi-Factor Authentication
Two or multi-factor authentication is becoming more widely used as time goes by, with many websites requiring users to enter both a strong password and a separate code from an external authenticator app, text message or email when logging in.
While it’s not a 100% guarantee that you won’t be hacked, two or multi-factor authentication makes it much harder for a cybercriminal to break into your accounts.
Want to find out about Two-Factor Authentication in Staff Squared? Read more here.
Encrypt your Data
Wherever possible, encrypt the data that’s stored on your smartphone and computer. When data is encrypted, all that a hacker will get is a load of nonsense rather than sensitive data such as contact information or financial records.
No person, business or computer can ever be 100% secure, and anyone can be a victim of cybercrime but the more protected you are, the less likely it is that you will be subject to a successful cyber-attack.
What can I do if I’ve Been a Victim of Cybercrime?
However, if you believe that you have been a victim of a cyber facilitated crime, you should report it to the police by going to your local station or calling 101 where you will be advised on what to do next.
NB: If you have been a target of cybercrime and are being asked to pay a ransom, please do not do this. While you may have been hit by a one-off scam, there is no guarantee that it will be the end of the attack, or that the malware has been removed from your device. Always go straight to the police.