September 2019
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
5Strong passwords Another huge risk for<br />
anyone with a connected device, especially<br />
in today’s online world and the<br />
proliferation of online banks and the move to<br />
paperless interaction with HMRC, is their<br />
password.<br />
It is essential that the same passwords are never<br />
reused. It’s entirely understandable that we reuse<br />
passwords or variants of them in combination<br />
with the same email address or username. But<br />
those that do and who are unfortunate enough to<br />
have been compromised will find that any<br />
account they have is also at risk.<br />
As to how to create a strong password, avoid<br />
names, places, pets or dates of birth. Use a long<br />
mixture of upper case, lower case, numbers, and<br />
symbols. Search for an online password<br />
generator.<br />
Lastly, change passwords frequently and<br />
especially when any member of staff leaves.<br />
6Put sites off limits Human error is the<br />
biggest cause of security vulnerabilities so<br />
it’s important to ingrain caution within<br />
staff, ideally by a policy that covers what they can<br />
and cannot do online. This means detailing which<br />
websites can be visited, that no software is to be<br />
downloaded or installed (it could be pirated and<br />
compromised), and that email with attachments<br />
should be quarantined and scanned. Again,<br />
having decent and current anti-virus software in<br />
place will mean that anything that is downloaded<br />
will be scanned before being opened or run.<br />
7Be private Remembering that human error<br />
is one of the biggest risks, staff should be<br />
made aware of ‘social engineering’ and that<br />
a plausible caller can get someone to give away<br />
whatever is held precious. It’s this that is behind<br />
authorised push payment fraud – where a caller<br />
tells an individual that their accounts are at risk<br />
and that they should move their monies to a new<br />
and ‘safe’ account. The harsh reality is that these<br />
“At the end of the day, computers can and do get compromised so planning for disaster should be part of business housekeeping”<br />
individuals have sent their monies to the fraudster<br />
and so will get little help from the banks.<br />
Never give any private information out without<br />
being 100 percent certain of the person or<br />
organisation asking. Be careful with what the<br />
business (and individuals) post online or via<br />
social media. Apply the same principles to paperbased<br />
information. All someone needs to<br />
compromise your systems is enough of the right<br />
bits of information.<br />
As the evidence shows, using social engineering<br />
is much easier than expending effort on hacking<br />
systems.<br />
8Public WIFI It’s so tempting to want to be<br />
online at all times and it’s just as tempting<br />
to use public, or open, WIFI networks.<br />
Partly because mobile data may be unavailable<br />
but also because it may be free. The reason is<br />
very simple – just as you can connect a laptop to<br />
a free WIFI hotspot, so can anyone else. If they’re<br />
criminally minded, they can access your data and<br />
plant viruses.<br />
9Staff devices Another threat to counter is<br />
one from staff who connect their own<br />
devices such as phones, to company<br />
network or their computer. Thought should be<br />
given to limiting access to the firm’s WIFI or<br />
physical network. The same applies to USB<br />
devices – it’s a well-known trick for a fraudster<br />
to drop a USB stick in a car park for an individual<br />
to pick up and connect to their computer to see<br />
what’s on it.<br />
up At the end of the day,<br />
computers can and do get<br />
10Back<br />
compromised so planning for<br />
disaster should be part of business<br />
housekeeping. Backing up data onto several<br />
separate devices, regularly (at least once a day)<br />
and keeping them off site at different locations is<br />
critical. Consider a combination of methods such<br />
as external hard drives, a computer elsewhere<br />
and cloud storage services such as Dropbox.<br />
Remember to encrypt devices in case they fall<br />
into the wrong hands.<br />
To end<br />
Assuming that you are unlikely to be attacked is a<br />
foolish stance and one that will lead to disaster.<br />
All it takes is a lucky find by a hacker combined<br />
with easy access for the rest to be history.<br />
See https://www.cyberessentials.ncsc.gov.uk for<br />
more information.<br />
SEPTEMBER <strong>2019</strong> TC 23