With more people working and socialising online due to Covid-19 (Coronavirus) unfortunately there comes a greater risk of cybercrime. Criminals will try to exploit people’s fears to try to obtain information or money or to spread malicious software.
We want individuals and businesses to stay safe online and therefore we hope the following 10 tips will help reduce the chances of you becoming a victim of cybercrime in both your personal and professional lives.
Why is this important?
Many organisations including charities often view cybercrime and cybersecurity as a purely technical issue. This is in our view is the wrong approach. These are business risks and as such need to take account of your business systems, processes and most importantly people. If you miss any of these elements then your strategy is likely to fail.
Building digital resilience into our personal lives and those of our staff and customers will translate into people being more digitally aware in the workplace. This is therefore good for both the organisation as well as the individuals, their families and friends.
Secure your online presence.
- Secure your emails and in particular the email address you use for resetting passwords on key online accounts such as social media, banking and shopping.
- As a simple first step you can check whether that email address has been compromised in a data breach by using the free checker at Have I been pwned? The chances are that it will have been in which case as a minimum you will need to change the admin password for that email address immediately (See strong password tip below).
- Also check your email filters and forwarding rules. It is a common trick for the cybercrimal to set up an email forwarding rule that sends a copy of all your received emails to them. Information on how to do this should be found in your provider’s help pages.
- Use online secure portals or secure email services to share confidential or sensitive documents and never use unsecured email.
- Use Strong Passwords the latest advice from the National Cyber Security Centre (NCSC) and Police Digital Security Centre is to use 3 random words. You just put them together, like ‘coffeetrainfish’ or ‘walltinshirt’. You can choose words that are memorable but should avoid those which might be easy to guess, such as ‘onetwothree’ or are closely related to you personally, such as the names of family members or pets. You may need to insert or exchange numbers for letters to meet some website password requirements. But the principal of 3 random words should be adhered to. Keep in mind that if your password is easily remembered by you then it is unlikely that this password is strong enough. (See below for using a password manager)
- Enable Two Factor Authentication (2FA) or stronger whenever you can. 2FA is a way for the service provider to check its you logging in by using a real-world source such as sending a security code to your mobile phone. This helps protect you because it is unlikely that a cyber criminal who has managed to obtain your password will have this “second factor”.
- Use a password manager to help you remember passwords. The average person has 21 passwords to remember. This is impossible if they are strong passwords. The use of a digital password manager is not without its own risks but the benefits should outweigh those risks. Further advice on password managers is available from NCSC.
- Update your software and apps across all your devices to make sure latest security patches have been applied. In particular the operating software and any installed anti-virus software should be set to install auto updates (but also double check this is happening as often the device needs to be connected to a power source for the updates to take place).
- Secure your device as most devices that connect to the internet (printers, security cameras, speakers, TVs etc.) arrive with a default admin password which is the same on every device sold. This can leave your device and network vulnerable to attack as these default passwords are widely known. Change all device admin password as soon as you have purchased them! Most of the big tech companies have additional information available to help you secure your device:
- Be more anti-social in what information you provide and share online. Personal details can be used by cybercriminals to build trust with you which they can then exploit by getting you to reveal further details that may enable them to scam you. Only give limited information when creating accounts (complete mandatory fields only) and only create accounts where necessary i.e. use guest checkout facilities for sites you visit only occasionally.
- Be careful where you shop as criminals can set up very good ‘lookalike’ sites. Looking for a padlock in the browser can help but is not a guarantee – it just tells you the site is secure it doesn’t verify where your details are being sent. Criminals can exploit this by setting up secure fake sites! If you are suspicious or something seems too good to be true then ‘take five’ and think carefully before proceeding. Access sites from trusted links rather than facebook ads or other sources where a web link has been provided to you.
- Use a credit card for purchases if you have one, as most major credit card providers insure online purchases. You will need to check your card’s Terms and Conditions for exact details.
- Dispose of old devices securely and remove all data from them before selling or disposing of them. It is not sufficient to simply delete the files as this does not generally remove them from the hard disc it just lets the computer use that space to overwrite a file with new data. Until it is overwritten the file will still be available (just not visible on searches).
For businesses the National Cyber Security Centre has a small business guide. You may also want to look at various cyber certification schemes including a new cyber-aware scheme aimed at smaller business which is promoted by the new Police Digital Security Centre. They also have a useful interactive guide to ‘test your businesses’ resilience to cybercrime’.
How we can support you
It can perhaps seem daunting to think of all of the things you need to cover in identifying how you or your organisation might be vulnerable to fraud and cybercrime and how you can protect it.
Our unique Fraud Management Resource Centre has a wealth or resources, guides and tools available free. For more general coronavirus scam warnings please also see our blog post criminals exploiting covid 19
We are also inviting you to ask us a question and we will provide our response and post these online during this crisis. Simply complete the form below to submit your question.
It’s important that we keep sharing / highlighting important information on this topic. We therefore invite you to join us in looking out for and sharing posts using #tell2.
Ask us a Question
Ask us a question about managing financial crime risks including fraud, cybercrime, bribery, corruption, money laundering, terrorist financing, sanctions, modern slavery or facilitation of tax evasion. Complete the form below.