The Metropolitan Police has published a new edition of its Little Book of Cyber Scams. This new version expands on the original to include advice tailored as much to individuals as to businesses.
We live and work in a world where the rapidity of technological development is matched only by the increasing sophistication of the criminals attempting to abuse it. This guide is a collaborative effort between the Metropolitan Police, the National Cyber Security Centre and the National Crime Agency. So, what is in it, and why should you read it?
Small and Medium Enterprises (SMEs) make up an ever-increasing percentage of the UK economy. They exist everywhere, but in the uncertain economic climate in which we find ourselves, especially as we battle a global pandemic, it is often the case that due diligence ranks considerably lower on the list of priorities for such businesses than growth. Cyber security is often expensive and is seen as a burden that many business owners expect to get around to at some point, but not today. Unfortunately, this is an increasingly risky strategy, and when things go wrong the consequences can be disastrous. The real issue, therefore, is that as burdensome and expensive as cyber security might be, it is absolutely indispensable in today’s world.
We all use the internet, whether as businesses or as individuals. Every day people in their millions all over the world entrust valuable personal details to websites in the belief that they are going to be safe. No one wants criminals to have access to their bank accounts, everyone knows that such a situation is all too possible, but still most people choose to believe that cyber crime is something that affects other people.
The new guide provides clear descriptions of the two different categories of cyber crime – cyber-dependent and cyber-enabled.
There is a good grounding provided in the usual ways in which criminals use programmes to harvest information from the computers of individuals or businesses, which can then be used to access bank accounts, etc. Hacking, in common parlance. This may include the use of programmes that guess passwords, or programmes that are installed onto a hard drive without the user’s knowledge, usually as a result of opening an apparently official communication from a trusted source. There is advice on firewalls, software updates, strong password creation, and multi factor authentication.
The issues and the solutions just listed are familiar terms to most of us, but how many of us would know equally well what a Distributed Denial of Service (DDoS) was? Broadly, this is when criminals target particular websites to be overwhelmed with server requests causing a crash that can then provide leverage for financial extortion. If you are the owner of an SME and you don’t know more than this about a DDoS, then you should be reading this guide. In it you will find much more information and advice on how to protect your business.
In the area of protecting the individual there is good, clear advice on the concept of ‘social engineering’ or the manipulation of the human being’s natural inclination to trust. Here again we are probably largely familiar with the term phishing, but what about smishing and spear fishing? How can we check the validity of an email received? What about payment fraud? You will find all of these answers in the guide.
There is further advice on firewalls and antivirus software tailored specifically to individuals, along with many helpful hints on how to keep your data secure and how to make intelligent decisions about the types of data you share in particular locations and on particular types of wifi network or data signal.
Finally, the guide provides a section on business risks. It gives good, clear, easy to follow advice on what are the most common issues. The catch-all term ‘data’ is readily understood in the abstract, but many SME owners and individuals would struggle to define precisely what data we are talking about. Yes, having someone take unauthorised control of your bank accounts is a nightmare, but what about your client lists, payment information, product details, company information, etc. – loss of control of these can cause irreparable damage to the hard won but fragile reputation of your business.
The guide not only provides guidance on what you might do to protect yourself from these problems, it also provides useful help on how to be clear-eyed on where threats may come from. We all have an instinctive image of a cyber criminal hunched over a computer terminal in a cluttered and shadowy basement piled high with IT equipment, but what about our business competitors, or even disgruntled members of staff?
There is, of course, advice on the European General Data Protection Regulation (GDPR) – now all too often viewed as the bane of our lives for many SMEs. It needn’t be that at all, if you take the time to understand it and invest the money and energy necessary to make sure your business is compliant with it. A good introduction is provided here.
The guide is deliberately not lengthy. At a mere 40 pages it is designed to cover salient points in sufficient detail to enable individuals and businesses to understand the basics and identify where they need to find out more. It concludes with a very useful and extensive list of resources where precisely such additional information can be found, and the people to contact when things go wrong.
In conclusion it is worth noting that we are living through unprecedented times in which businesses large and small have been impacted in profound ways by Covid-19. Many of the owners of businesses that have survived consider themselves fortunately merely to have done so, and all of the attention currently is focused on the need to rebuild. The criminals know this. In the world of cyber crime there has never been a time when so many people can be relied upon to have their eye off the ball. It is well known that every crisis provides an opportunity for someone to make money. Don’t let this one provide criminals with an opportunity to make it straight out of your pocket. This is an excellent guide that should be widely read by everyone.