GDPR is relevant for all ways in which personal data is handled, but holding personal data online creates specific risks - in particular cybercrime.
According to the Office of National Statistics there were 3.6 million cases of online fraud in 2017. Basic human error may open the door to cybercrime, find out more on the simple mistakes that could be avoided.
The National Crime Agency reminds us that specialist criminal groups are targeting individuals, small businesses and large corporate networks to steal personal information in bulk in order to profit from the compromised data available to them. And it’s not always for financial reasons – many ‘attacks’ have been purely to create disruption and may be politically motivated.
The FCA has warned the industry that the risk of cybercrime is growing and tackling it is one of its key objectives. It’s one of the biggest risks the industry faces, as we increasingly use online services to communicate and transact with customers. And when it does happen, we realise how at risk we are. But by then the damage has invariably already been done to our customers and our businesses.
Of course we often think that cybercrime is in some ways about criminals ‘hacking’ into mainframes. This is correct. But very often basic human mistakes can swing the door open for criminal activity and makes it easier for them to operate.
We give our views here on how you can reduce your exposure:
Avoid loss of hardware. Losing a device with sensitive information could be catastrophic – it could lead to regulatory action, financial loss, not to mention reputational damage. So take extra care when on the move, back up information whenever possible and remove sensitive information from local hardware. Preferably don’t ever store sensitive information on laptops or any other mobile device.
Avoid giving sensitive information over the phone. Impersonation of a legitimate person or organisation is a common way of gathering information from the unsuspecting. It’s even possible for someone to gain access remotely to a PC or laptop by convincing the listener to press a combination of a few keys whilst online, believing the caller wishes genuinely to fix an apparent problem.
Limit personal information on social media. Beware that social media is the perfect place for criminals to gather sensitive information. For example, letting people know it’s your birthday and the year you were born; where you live; what you think about your bank. These extracts can be ‘pieced together’ with other information to easily enable identify fraud.
Use strong passwords. Where possible use a combination of letters, numbers and special characters and change it frequently. Also, don’t use the same password for all systems – doing so increases the risk of many systems being compromised.
Update firewalls. These act as the first line of defence to keep intruders out from your system, including ‘weeding out’ emails which contain viruses which may corrupt or compromise your hardware.
Take care when reading emails. If you receive an email from someone out of the blue, act with extreme caution, either delete it or ask your IT team to quarantine it, off the main server, for further analysis. Always be vigilant and look for clues that an email might be malicious, such as requests for sensitive information for no apparent reason. Also look for basic grammatical errors and incorrect or inappropriate tone of voice. Increasingly criminals gather pieces of information about a person which enables them to communicate quite convincingly to extract highly sensitive information.
Encrypt emails. When sending sensitive information it’s important to encrypt emails to reduce the risk of information being lost if accidently misdirected.
Take care when surfing the web. Fake versions of legitimate websites are popping up across the internet, often with only a few differences in characters. This is called “typo squatting” and is quite common.
Reportsuspicious activity. We all have lots to do and things to think about. But if you see something which looks suspicious, report it immediately to your firm’s IT helpdesk/support team.
Use common sense. Regardless of how ‘online savvy’ you believe yourself to be, the chances are that cyber criminals are a step ahead. So when working online, be on your guard and consider the safety of information to be your first priority.