We give our views here on how you can reduce your exposure:
Avoid loss of hardware. Losing a device with sensitive information could be catastrophic – it could lead to regulatory action, financial loss, not to mention reputational damage. So take extra care when on the move, back up information whenever possible and remove sensitive information from local hardware. Preferably don’t ever store sensitive information on laptops or any other mobile device.
Avoid giving sensitive information over the phone. Impersonation of a legitimate person or organisation is a common way of gathering information from the unsuspecting. It’s even possible for someone to gain access remotely to a PC or laptop by convincing the listener to press a combination of a few keys whilst online, believing the caller wishes genuinely to fix an apparent problem.
Limit personal information on social media. Beware that social media is the perfect place for criminals to gather sensitive information. For example, letting people know it’s your birthday and the year you were born; where you live; what you think about your bank. These extracts can be ‘pieced together’ with other information to easily enable identify fraud.
Use strong passwords. Where possible use a combination of letters, numbers and special characters and change it frequently. Also, don’t use the same password for all systems – doing so increases the risk of many systems being compromised.
Update firewalls. These act as the first line of defence to keep intruders out from your system, including ‘weeding out’ emails which contain viruses which may corrupt or compromise your hardware.
Take care when reading emails. If you receive an email from someone out of the blue, act with extreme caution, either delete it or ask your IT team to quarantine it, off the main server, for further analysis. Always be vigilant and look for clues that an email might be malicious, such as requests for sensitive information for no apparent reason. Also look for basic grammatical errors and incorrect or inappropriate tone of voice. Increasingly criminals gather pieces of information about a person which enables them to communicate quite convincingly to extract highly sensitive information.
Encrypt emails. When sending sensitive information it’s important to encrypt emails to reduce the risk of information being lost if accidently misdirected.
Take care when surfing the web. Fake versions of legitimate websites are popping up across the internet, often with only a few differences in characters. This is called “typo squatting” and is quite common.
Report suspicious activity. We all have lots to do and things to think about. But if you see something which looks suspicious, report it immediately to your firm’s IT helpdesk/support team.
Use common sense. Regardless of how ‘online savvy’ you believe yourself to be, the chances are that cyber criminals are a step ahead. So when working online, be on your guard and consider the safety of information to be your first priority.
You can receive more guidance on how to avoid cybercrime by visiting the https://www.nationalcrimeagency.gov.uk/what-we-do/crime-threats/cyber-crime website.