autumn 2015 CYBER SECURITY StayInG Safe onlInE There is no 999 when it comes to cybercrime CYBER SECURITY 65 per cent of small businesses suffered an attack in 2014, meaning it is not a case of if but when a business can expect to be attacked The worrying message coming from all sectors dealing in cybercrime prevention is that many businesses are still not taking the risks seriously until it is too late. It is still not appreciated that there is no 999 when it comes to Cybercrime. Businesses often think that if they are hacked then they can just call the police. Trading Standards in Warwick recently hosted Phish and Chips, an event for local small and medium-size enterprises, in partnership with the police and the Federation of Small Businesses. To assist, experts including Dephrisk, The National Cyberskills Centre, The CCL Training Group and the National Trading Standards e-Crime Team were invited to make presentations. Dephrisk, which assess business systems, started off proceedings by demonstrating just how easy it was to hack into a few of our (volunteer) delegates websites. Afterwards, the silence in the room was deafening the penny had well and truly dropped. Some reassurance was then provided by the National Cyberskills Centre, with the message that all businesses can easily take some basic steps to reduce their exposure to the risk of an attack. About 99 per cent of cyber incidents are directed at stealing, altering or deleting data. This publication has previously outlined the top 10 basic tips for the prevention of cybercrime and they are well worth another look (see panel, Cyber security: the essentials). The CCL Group, specialists in training and forensics, then gave one of the most important messages of the day: 65 per cent of small businesses suffered an attack in 2014, meaning it is not a case of if but when a business can expect to be attacked. CCL gave a detailed lesson on the many rules of P, which are: CybeR SeCuRIty: the eSSentIalS l Prepare a plan to cope with a cyber event. This would include lining up who to call l Protect and preserve the crime scene when theres an incident l Professionally pursue your internal investigation l Post-event analysis this is vital to answer all of the questions raised The seminar was concluded by the National Trading Standards e-Crime Team, who went through some of the many issues they have been tackling. This served as a final reminder of the ever-present risks that are out there and a demonstration of how difficult and expensive e-Crime is to deal with, once it has already happened. The overarching message from the event was that businesses need to take steps to protect themselves. A government-backed, and industry supported, scheme Cyber Essentials has been designed to help businesses protect themselves against the common cyber threats seen online. The report, A guide to the cyber essentials scheme, contains practical advice for organisations that are looking to improve their basic cyber security controls and achieve a cyber security certification. Credit: Paul McCabe Images: HieroGraphic / Shutterstock Cyber Essentials is for all organisations of all sizes in all sectors. This includes companies in the private sector, universities, charities and public sector organisations. The government encourages all organisations to adopt the requirements as appropriate to their business. Cyber security: the essentials Cybercrime is estimated to cost the uk economy 27bn a year, and the average annual cost to small businesses of fraud and online crime is around 4,000, according to the federation of Small businesses (fSb). for free advice and information on how to protect your business, visit www.getsafeonline.org/ businesses and www.cyberstreetwise.com follow these top 10 tips and make a start toward protecting your business from online fraudsters. 1. ensure the computers you use have a firewall that is turned on and anti-virus software that is up to date. Companies may wish to consider using software designed specifically for business, as opposed to that commonly used by consumers. Secure your wireless network. 2. keep all your software up to date. When companies find vulnerabilities in their software, updates are used to patch these security holes. keeping the software thats running on your computers current will help you to protect yourself from malware. 3. back up all your data so it can be easily restored if something goes wrong. 4. use strong passwords. all passwords should be at least eight characters long and should incorporate both letters and numbers. use different passwords for each account, and change them regularly. do not share passwords or write them down where other people could access them. 5. limit staff access to online accounts only to those who really need it. 6. train your staff. many frauds happen because staff fall victim to phishing and similar scams, allowing fraudsters to download malware onto a business computer. malware can then automatically capture passwords and credit card numbers. have clear and concise procedures for email, internet and mobile devices. Staff should also be kept up to date on the latest scams. 7. Security test your business website on a regular basis. 8. ensure your business has a contingency plan if it falls victim to cybercrime and test these regularly. 9. keep your business computing and personal computing separate. do not allow your staffto use your business computers for personal use, for example, accessing social media websites, checking personal emails or surfing the web. We are all likely to be less vigilant when using computers for personal use, increasing the threat of a successful cyberattack. 10. If you are using cloud services to carry out your business, check the providers credentials and the contract you have with them. you can report cybercrime to action fraud at www. actionfraud.police.uk and check you are legally compliant by accessing free trading Standards advice at www. businesscompanion.info