Dear Business Proprietor,
We are writing to you as part of our Wiltshire Police #CyberLife campaign, which has been running throughout July.
Along with members of the public business can be impacted by cybercrime and over the next few days we are reaching out to local businesses to give you tips and advice to better protect yourself .
A recent report on the BBC that stated more than half of British firms have reported a cyber-attack in 2019. The evolution we see in cybercrime is an ever-growing concern but there are things you can do to help reduce the risk of your business falling victim to these crime types.
The most common method Cybercriminals use to scam their targets is phishing emails. This is a trend we see both locally and nationally, where its is easier to gain access to a network by compromising your staff than it is to hack into it. Training your staff is key to keeping your business secure.
Obvious signs of phishing include:
Misspelling and bad grammar within the email,
addressing you as "customer" or by your email address, rather than using your name, and
links that lead you to sign into personal accounts.
Double check the email address that has sent the email, there could be a slight change to make it look like a supplier you deal with or it could be spoofed and the real email address is hidden.
If you or a staff member spot a phishing attack or fall victim of one, please report these attempts to Action Fraud.
We advise that you configure email accounts on your networks to reduce the impact of successful attacks. Configuring staff accounts to the lowest level of user rights required to carry out their role will reduce the amount of damage that can be caused if they were to fall victim of an attack.
It is now common place that we pick up our work emails by using smartphones and tablets. We store more and more data on these devices enabling us to be connected wherever we go.. We want the convenience to pick up those important emails and get access to the documents that we need but will sometimes trade security for convenience.
We should focus on security for these devices asthey are much more likely to leave the safety of the office or home so should have even more protection than 'desktop' equipment. As an absolute minimum switch on password/pin protection, make sure lost or stolen devices can be tracked, locked or wiped, keep your device up to date, keep your apps up to date and don't connect to unknown Wi-Fi hotspots!
Having a strong password on your device is very effective and a relatively easy method in keeping your business network secure. It is important to make sure that passwords are on all possible devices and a password policy is in place. Using two factor authentication where possible for your "important" accounts is also advisable as this will add a large amount of security.
Avoid using predictable passwords, they should be easy for you to remember but difficult for others to guess! It is also important to remember that your business IT system should not require staff to share passwords or accounts to carry out their role, as this will lead to vulnerabilities. Finally change all default passwords on all devices, as manufacturer's passwords can be leaked online and exploited by cyber criminals.
Malware is defined as a form of malicious software or web content that can harm your organisations internal network. Fortunately there is some easy to implement actions that can significantly improve your security. Installing antivirus software is a great first step; it is often included free with operating systems and should be used on all devices. It's also important to keep all devices up to date (patching) as this will protect your software from known bugs and vulnerabilities, meaning it is more difficult for cyber criminals to gain access. If devices are left a long time without and update, they are vulnerable to old, known methods used by cyber criminals.
Finally, and also an important step to cyber security, is backing up your data. Imagine sitting at your computer in the morning and being met with a screen telling you that all your data has been encrypted and you must pay a ransom... Scary but a very real prospect!
For some this is just a simple problem that will require them to grab their up to date backup and restore their systems. No panicking about what to do or worrying about lost data, it could mean a few hours of downtime, but will leave you safe in the knowledge that you can restore your systems and then carry on as normal.
When you sort out your backup strategy consider what data you need to back up. Identify that business critical data first and only then look at what else you need.
Backing up isn't very interesting, but once it's sorted you can setup i an automated process that will help you keep your data up to date when changes are made. You should look to make backing up part of your daily business, helping you to minimise the loss of data. Most importantly keep your backups separate from your computer, whether it's on a different drive, USB stick or even consider using cloud storage for this
As Cyber Protect Officers for Wiltshire Police, we are able to provide further advice to you and your employees. If you need advice please email: DIIU@wiltshire.pnn.police.uk.
Lee Stripe and Kieran Hall
Cyber Prevent and Protect Officers | Wiltshire Police