This informal CPD article Spotlight on Cyber Crime was provided by Lauri Almond, Data Protection Officer at Essex County Council, a county council that governs the non-metropolitan county of Essex in England.
Cyber protection and resilience
I am sure we are all aware of the terrible events in the Ukraine. Apart from the human suffering and universal financial implications, there is another risk we need to be aware of, which is playing out across the world.
The number of cyber related data breaches reported to the ICO is up nearly 20% and rising. The National Cyber Security Centre (NCSC) has advised organisations to act following Russia’s attack on Ukraine. Russia based ransomware group Conti issued a warning to Kremlin foes. The Government has urged all Public Bodies to make sure they have comprehensive, up to date incident response plans and continuity measures.
It is more important than ever that we take some basic steps to ensure we are protecting our data appropriately. There is a wealth of advice and guidance available to organisations for example advice from the NCSC’s Cyber Essentials, and practical steps to keep IT systems safe and the new guidance around ransomware from the ICO.
Cyber security is as much about people controls as it is about technical controls. There is only so much technical controls can do to protect from cybercrime, in particular what we call ‘zero day’ attacks, where a new cyber threat emerges, and we do not yet know how to protect against it. Essentially we don’t know what we don’t know. So our people are our last line of defence.
Tips on how to improve your cyber security
Here are some things we can all do to improve your protection and your chances of evading a cyber attacker:
- Don’t use easy to guess passwords
- Use caution when opening any unusual email attachments – if it looks wrong, or seems too good to be true, it probably is!
- Be vigilant when browsing the web
- Watch for ‘tailgaters’ when on site
- Don’t use your work password for anything else
- Don’t add numbers to an old password – this is the most common way hackers are able to get into your environment. If you use the same password, especially across multiple sites/systems and just update it by changing a number, it is highly probable it will already have been harvested, so the hackers just need to keep trying numbers incrementally until they hit payload
- Watch out for password stealing ‘Phishing’ emails - Hackers love it when you just give them your password!
- Be suspicious even if the email looks as though it came from within your organisation – this is what spear phishing is – cyber criminals harvest names and roles and email addresses in order to make you think emails are legitimate. Always hover over the sender email address to see if it is masking one you do not recognise
- Put up cyber awareness poster to help staff understand the risks better
- Make sure your business continuity arrangements are up to date and tested – if you become a victim of cyber crime you may lose all your systems without notice – how will you deal with that?
We hope this article was helpful. For more information from Essex County Council, please visit their CPD Member Directory page. Alternatively please visit the CPD Industry Hubs for more CPD articles, courses and events relevant to your Continuing Professional Development requirements.