Category: Fight Back

Cybersecurity Best Practice for Entrepreneurs

A post by Lindsey Weiss

At Fightback Ninja Blog, we know that cyber threats are more common than most people think. While many aspiring entrepreneurs think they don’t have to worry about cybersecurity until their businesses really take off, no one is immune to these threats. In fact, hackers often single out small companies because they’re easier to infiltrate. Small businesses tend to lack the sophisticated cybersecurity systems employed by large companies, and cyber criminals have a better shot at success by targeting weak systems. To ensure your new business is safe from cyber threats, we’re here to share a few essential tips!

Understand Your Vulnerability

Why should you care about cybersecurity? A cyber-attack or data breach at your business can lead to significant losses. A cyber-attack can destroy your reputation and erode your customers’ trust in your brand, leading to loss of customers and loss of sales. Beyond this, a cyber-attack can directly result in financial losses arising from theft of financial information, ransomware demands, and website downtime. Not to mention the costs associated with repairing systems and devices as well as the legal consequences that follow a data breach.

Clearly, there’s a lot at stake. Let’s discuss some ways to prevent these losses and ensure your business is safe from threats.

Save Sensitive Email Information in PDFs

Businesses all over the world send countless emails every day, many of which contain sensitive information like financial data that cybercriminals would love to get their hands on. Email security is essential. To reduce the risk that a criminal can exploit information shared in a business email, try to convert emails to PDF files. Keeping sensitive information in your inbox leaves it vulnerable and prone to data loss. By converting emails to PDFs, you can save important information on your local computer and protect documents with passwords to ensure an additional level of security.

Follow Password Best Practices

We all know that it’s important to create strong passwords, but what does this really mean? Small Business Trends explains that password best practices go beyond the creation of strong passwords through a mix of letters, numbers, symbols, and upper and lowercase characters. While this is an important first line of defence against hackers, there’s more you can do. Use two-factor authentication to ensure you have to verify long-in attempts involving your username and password. This will keep criminals out of your accounts, even if they gain access to your log-in information.

Use Reliable Cybersecurity Software

Antivirus software is crucial for protecting your business from threats. TechForce recommends strongly against relying on the software that came with your computer as this is likely designed to protect consumers rather than businesses. Invest in an antivirus solution that offers the level of protection required for your business. Do your research and read online reviews from other entrepreneurs to make sure the software you choose will meet your needs.

Establish a Recovery Plan

Even if you implement strong safeguards to shield your business from cyber attacks, it’s important to establish a recovery plan so you know what to do in a worst-case scenario. The faster you act after an attack, the more you’ll be able to minimize your losses. First and foremost, be sure to maintain regular backups of your business data so you can get back up and running as soon as possible after a data loss event.

Once you establish a reliable backup and data recovery plan, make note of all the other steps you’ll need to take in the event of an attack. For example, plan how you’re going to identify those affected by the breach and notify your customers. You may also want to consider investing in cyber liability insurance to help you recover from a cyber security attack.

If you plan on launching your own business in the near future, take the time to learn about cybersecurity. Implementing good cybersecurity practices like using two-factor authentication, converting emails to password-protected PDF files, and purchasing robust anti-virus software will ensure your business will withstand anything cyber criminals throw at it!

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

How to End Scam Calls

Most people just put the phone down when they receive a call from a scammer.

Others may say or shout rude things then slam the phone down and some try to convince the scammer to stop their illegal activities.

It doesn’t matter really what you do but you may as well have some fun at the scammer’s expense – after all – she phoned you to steal your money

George suggests – One good way I found was to say “you need to talk to the boss, I’ll just get him” put the phone down and carry in with your work. Come back 10 minutes later and hang up, the line will be dead.  Also, you could say “there’s someone at the door, I’ll just let them in”, put the phone down and hang up 10 minutes later.

Repetition, repetition, repetition.  brush with the law. What I say to scammers (and it works every time) is “can you please hold on for a second?” which they do… then I say “sorry about the wait just had to connect your call with the police… so carry on! What were you saying to me?” Straight away they will put the phone down on you!!!

Stanley says When I can be bothered to answer them, I usually say something along the lines: “How interesting, my husband/son/daughter works for the same company, they can sort it out in the morning. If they have not hung up on me, I’ll carry on with “not knowing what they actually do but it’s something secret which could be to do with investigations”.

It seems work quite well I don’t usually get very far into my tale! I have fun and hopefully they have a few moments of worry.

Ellie said A simple question is the answer. I find that responding to cold callers with “Did l ask you to call me?” has a 90 per cent good result. The phone goes dead or sometimes they respond “no”. One even managed to express his anger with a rather rude expletive.

Harry prefers to Play the easy target. If I am in a playful mood my first comment after their initial spiel is to ask if they would like my bank details? You would be surprised how many reply, “Yes please”!

Take on a new identity. I answered: “City Morgue, please supply number of corpse and date of death.” That worked, no problem.

Anne prefers silence. Once you have picked up the phone, wait for the caller to speak. Normally automated systems kick in on a voice activation which then gets picked up by a person from the calling centre. If you don’t like what you hear just hang up without saying anything. If it’s a genuine caller, they will call you back.

Paul goes for the polite response. With call centres now presenting me with calls several times a week appearing to be from various parts of the UK (and even appearing to be from personal mobiles) I am always polite if I happen, rarely, to answer the call. I realise many of these people are probably working for peanuts under terrible conditions so if they are not scammers, I can tolerate them long enough to say “No thank you. Goodbye.”

David is more confrontational and tries to poke holes in their offer.

Some years ago I was informed that I had won a large amount of money in a competition, but before they could send me the money, I would have to transfer a sum to them to cover transfer and administration costs. I told them how pleased I was and would be happy to pay them – this would be very simple, just deduct the amount from my winnings. They put the phone down.

Andrew Warren, Arundel says Does your mother know?

I once had a scammer call me who seemed really nice but I wasn’t fooled. I asked him if his mother knew what he did for a living and when he replied yes I asked if his mother was proud of him. He told me that his mother was very proud of him, my response to that was that if I were his mother I would be very, very ashamed of him. With that I said goodbye and disconnected the call.

Julie Farr suggests Too much information is a good answer.

Play the scammers at their own game and have a bit of amusement as well. When the opening try-on was “how are you today”, I treated it as a ‘polite’ enquiry.

My response was: “nice of you to ask but I am having a terrible day my haemorrhoids are really causing me a lot of pain and the diarrhoea is dreadful. I haven’t been able to get out for days so it is lovely to get your phone call and I can really talk to someone…”

The conversation ended suddenly as he rang off and never called again.

Have fun

If you have any experiences with these scams do let me know, by email.

NCSC Early Warning Service

The National Cyber Security Centre (NCSC) has set up an early warning service to help organisations investigate cyber attacks on their network by notifying them of malicious activity that has been detected in information feeds.

Early Warning is a free NCSC service designed to inform your organisation of potential cyber attacks on your network, as soon as possible. The service uses a variety of information feeds from the NCSC, trusted public, commercial and closed sources, which includes several privileged feeds which are not available elsewhere.

https://www.ncsc.gov.uk/information/early-warning-service

Early Warning is open to all UK organisations who hold a static IP address or domain name.

Organisations will receive the following high level types of alerts:

Incident Notifications – This is activity that suggests an active compromise of your system.
For example: A host on your network has most likely been infected with a strain of malware.

Network Abuse Events – This may be indicators that your assets have been associated with malicious or undesirable activity.
For example: A client on your network has been detected scanning the internet.

Vulnerability and Open Port Alerts – These are indications of vulnerable services running on your network, or potentially undesired applications are exposed to the internet.
For example: You have a vulnerable application, or you have an exposed Elasticsearch service.

Early Warning does not conduct any active scanning of your networks itself, however some of the feeds may use scan derived data, for example from commercial feeds.

How Early Warning works

Cyber security researchers will often uncover malicious activity on the internet or discover weaknesses in organisations security controls, and release this information in information feeds. In addition, the NCSC or its partners may uncover information that is indicative of a cyber security compromise on a network. The NCSC will collate this information and use this data to alert your organisation about potential attacks on your network.

Your organisation can then use the information passed on by Early Warning to investigate the issue and implement appropriate mitigation solutions where required. The NCSC’s website provides advice and guidance on how to deal with most cyber security concerns.

Sign up for early warnings – it’s free.

Fightback Ninja Signature

 

Avoid Pension Scams with FCA Advice

The Financial Conduct Authority (FCA) warn that scanners are targeting people’s pensions and offer advice on how to stay safe.

Scammers usually contact people out of the blue via phone, email or text, or even advertise online. Or they may be introduced to you by a friend or family member who is also unknowingly being scammed.

They may claim they are authorised by the FCA or that they don’t have to be FCA authorised because they aren’t providing the advice themselves. Some even claim to be acting on the behalf of the FCA or MoneyHelper’s Pension Wise.

The Warning Signs of Scams

  • free pension reviews
  • higher returns – guarantees they can get you better returns on your pension savings
  • help to release cash from your pension even though you’re under 55 (an offer to release funds before age 55 is highly likely to be a scam)
  • high-pressure sales tactics – the scammers may try to pressure you with ‘time-limited offers’ or even send a courier to your door to wait while you sign documents
  • unusual investments – which tend to be unregulated and high risk, and may be difficult to sell if you need access to your money
  • arrangements where there are several parties involved (some of which may be based overseas) all taking a fee, which means the total amount deducted from your pension is significant
  • long-term pension investments – which mean it could be several years before you realise something is wrong

How to protect yourself from pension scams

1. – Reject unexpected offers

If you get a cold call about your pension, the safest thing to do is to hang up – it’s illegal and probably a scam. Report pension cold calls to the Information Commissioner’s Office (ICO).

If you get unsolicited offers via email or text, you should simply ignore them.

Don’t be talked into something by someone you know, even a friend or family member. They could be getting scammed. Check everything yourself.

2. Check who you’re dealing with

Check our Financial Services Register to make sure that anyone offering you advice or other financial services is FCA authorised, and that they are permitted to provide you with those services.

If you need any help checking, call the Consumer Helpline on 0800 111 6768.

Check the FS Register

If you use an unauthorised firm, you won’t have access to the Financial Ombudsman Service or Financial Services Compensation Scheme (FSCS) so you’re unlikely to get your money back if things go wrong.

Check the directors’ names and whether the firm is registered with Companies House. Search the company name and the directors’ names online to see if others have posted any concerns.

You can also check the FCA Warning List to find out if there are any risks of a potential pension or investment opportunity. This will allow you to see if the firm is known to be operating without our authorisation.

3. Don’t be rushed or pressured

Take your time to make all the checks you need – even if this means turning down an ‘amazing deal’. Be wary of promised returns that sound too good to be true and don’t be rushed or pressured into making a decision.

4. Get impartial information or advice

You should seriously consider seeking financial guidance or advice before changing your pension arrangements.

  • MoneyHelper provides free independent and impartial information and guidance.
  • If you’re over 50 and have a defined contribution pension, MoneyHelper’s Pension Wise offers pre-booked appointments to talk through your retirement options.
  • You can also use a financial adviser to help you make the best decision for your own personal circumstances. If you do opt for an adviser, make sure they are regulated by the FCA and never take investment advice from the company that contacted you, as this may be part of the scam.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

 

Stop Badware

There used to be a useful website at https://www.stopbadware.org/  but it disappeared in 2021.

It was a resource to educate people and companies about “badware” and worked with various organizations that try to protect against various forms of badware.

The post below tells you about what the organization stood for.

Badware.org claimed that “Our work protects people and organizations from becoming victims of viruses, spyware, scareware, and other badware”. That sounds useful.

The StopBadware project started at Harvard University and was turned into an independent nonprofit organization in 2010.

What is Badware?

Badware is software that overrides a user’s choice about how his or her computer or network connection will be used.

Some badware is specifically designed for criminal, political, and/or mischievous purposes.

These purposes might include:

  • stealing bank account numbers, passwords, company secrets, or other confidential information
  • tricking the user into buying something that they don’t need
  • sending junk email (spam)
  • sending premium text messages from a mobile device
  • attacking other computers to prevent them functioning properly
  • distributing badware to other computers

Badware is sometimes referred to as malware. It includes viruses, Trojans, rootkits, botnets, spyware, scareware, and more.

The StopBadware programme:

 

  • provides Internet users with important and timely information about badware
  • helps website owners, particularly individuals and small businesses, protect their sites from badware; offers resources and community support to owners of compromised sites
  • engages web hosts and other key service providers to help them effectively and transparently address badware websites within their zones of control
  • encourages companies to proactively share data and knowledge with one another; leads collaborative information-sharing efforts that create greater security for all stakeholders
  • conducts high-impact research on malicious websites, cybersecurity econometrics, and critical infrastructure, to name just a few

Some badware may not have malicious intentions, but still takes away the user’s control.

For example, a browser toolbar that helps you shop online more effectively but does not mention that it will send a list of everything you buy online to the company that provides the toolbar. In this case, you are unable to make an informed decision about whether to install or use this software.

Another example is when you install a piece of software, and that software installs additional software that you weren’t expecting. This can be especially troubling if the additional software does something you dislike or doesn’t uninstall when you remove the original software.

STOP BADWARE!

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Three Tools That Block Online Tracking

A lot of our activities online are tracked by a variety of organisations. The various tools described below operate in different ways and none can guarantee to eliminate 100% of trackers so it’s trying them to see if they suit what you want.

Sometimes this is just so they can display relevant adverts or to offer location specific answers (e.g. local restaurants), sometimes to learn about their customers and sometimes for less acceptable reasons. However, if should be our choice how much is tracked – not the software makers and users.

Ghostery https://www.ghostery.com/products/

This has a large database of tracking entities i.e. software that will track you. You install the browser add-on then it can detect these entities and block them as you browse.

On each website, Ghostery displays a list of trackers from that site in the upper right corner of the screen.. You can then go to the settings page and block individual trackers or block all trackers.

The browser add-on is available for the most browsers.

Disconnect https://disconnect.me/

The browser add-on blocks trackers as it finds them, but allows requests that it considers to be necessary for loading content.

Disconnect detects trackers based on the number of requests they’ve made for your information, and displays them in one of four categories: advertising, analytics, social and content. You can choose to block or allow each tracker.

Privacy Badger https://www.eff.org/privacybadger

This tool is belongs to the Electronic Frontier Foundation and uses an algorithm to “learn” which social or ad networks are tracking you over time.

It initially allows third-party trackers until it detects patterns in third-party requests. Then it will start automatically blocking what it considers “non-consensual invasions of people’s privacy”. This approach may mean the tool identifies new trackers more quickly than its competition but it takes longer to be effective.

Privacy Badger is available for Google Chrome and Firefox.

You can see these tools operate in a different manner, all attempting to block online tracing without stopping anything you find useful.

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature