Category: The Authorities

July 29, 2022

NCSC Early Warning Service

The National Cyber Security Centre (NCSC) has set up an early warning service to help organisations investigate cyber attacks on their network by notifying them of malicious activity that has been detected in information feeds.

Early Warning is a free NCSC service designed to inform your organisation of potential cyber attacks on your network, as soon as possible. The service uses a variety of information feeds from the NCSC, trusted public, commercial and closed sources, which includes several privileged feeds which are not available elsewhere.

https://www.ncsc.gov.uk/information/early-warning-service

Early Warning is open to all UK organisations who hold a static IP address or domain name.

Organisations will receive the following high level types of alerts:

Incident Notifications – This is activity that suggests an active compromise of your system.
For example: A host on your network has most likely been infected with a strain of malware.

Network Abuse Events – This may be indicators that your assets have been associated with malicious or undesirable activity.
For example: A client on your network has been detected scanning the internet.

Vulnerability and Open Port Alerts – These are indications of vulnerable services running on your network, or potentially undesired applications are exposed to the internet.
For example: You have a vulnerable application, or you have an exposed Elasticsearch service.

Early Warning does not conduct any active scanning of your networks itself, however some of the feeds may use scan derived data, for example from commercial feeds.

How Early Warning works

Cyber security researchers will often uncover malicious activity on the internet or discover weaknesses in organisations security controls, and release this information in information feeds. In addition, the NCSC or its partners may uncover information that is indicative of a cyber security compromise on a network. The NCSC will collate this information and use this data to alert your organisation about potential attacks on your network.

Your organisation can then use the information passed on by Early Warning to investigate the issue and implement appropriate mitigation solutions where required. The NCSC’s website provides advice and guidance on how to deal with most cyber security concerns.

July 15, 2022

FCA ScamSmart

The Financial Conduct Authority (FCA) warn that scammers are targeting consumers searching for investments online, in particular through search engines like Google and Bing.

Scams are increasingly sophisticated. Fraudsters can be articulate and financially knowledgeable, with credible websites, testimonials and materials that are hard to distinguish from the real thing.

Warning Signs of Scams

Cold-calls by phone, email, social media, post, word of mouth or even in person at an exhibition
A limited time opportunity – they might offer you a bonus or discount if you invest before a set date or say the opportunity is only available for the next 24 hours or similar
Lots of testimonials – all fake of course
Unrealistic returns – some fraudsters offer the same returns as legitimate businesses do, but many want to attract more attention and offer impossibly high and even guaranteed returns.
False authority – using convincing literature and websites, claiming to be regulated, speaking with authority on investment products.
Flattery – building a friendship with you to lull you into a false sense of security.
Remote access – scammers may pretend to help you and ask you to download software or an app so they can access to your device. This could enable them to access your bank account or make payments using your card.

FCA Authorised Businesses

Almost all financial services firms must be authorised by the FCA – the exceptions are for specific traded items such as wine

Check the Financial Services Register on the FCA website to see if a firm or individual is authorised or registered with us.

Check if the firm’s ‘firm reference number’ (FRN) and contact details are the same as on our Register.

If there are no contact details on the Register or if the firm claims they’re out of date, call our Consumer Helpline on 0800 111 6768.

If you use an unauthorised firm, you won’t have access to the Financial Ombudsman Service or Financial Services Compensation Scheme (FSCS) if things go wrong – and you’re unlikely to get your money back.

Check the FCA Warning List

Use the FCA Warning List to check the risks of a potential investment – you can also search to see if the firm is known to be operating without our authorisation.

You should seriously consider seeking financial advice or guidance before investing. You should make sure that any firm you deal with is regulated by us and never take investment advice from the company that contacted you, as this may be part of the scam.

You can report the firm or scam to the FCA by contacting their Consumer Helpline on 0800 111 6768.

The Financial Conduct Authority is at https://www.fca.org.uk/

If you have any experiences with these scams do let me know, by email.

July 8, 2022

The Data Reform Bill

In 2022, the government consulted on plans for data reforms and has now publishing its response to those comments.

It sets out how the Data Reform Bill announced in this year’s Queen’s Speech will strengthen the UK’s high data protection standards while reducing burdens on businesses to deliver around £1 billion in cost savings that they can use to grow their business and boost the economy.

The Data Reform Bill will more clearly define the scope of scientific research and give scientists clarity about when they can obtain user consent to collect or use data for broad research purposes.

The Information Commissioners Office (ICO)

The plans will modernise the ICO i.e. the data regulator, so it can better help businesses comply with the law.

The ICO received 130,000 complaints last year about unwanted calls and messages, but was only able to issue fines totalling £2.8 million.

The ICO will be given more enforcement powers – they will be able to take action over high volumes of unanswered calls by using heavier fines.

Reducing Business Burdens

Data-driven trade generated nearly three quarters of the UK’s total service exports and generated an estimated £234 billion for the economy in 2019.

The European Union’s highly complex General Data Protection Regulation (GDPR) has many positive features in protecting data but it also has drawbacks restricting the innovative use of data.

This bill will remove the UK GDPR’s prescriptive requirements giving organisations little flexibility about how they manage data risks – including the need for certain organisations, such as small businesses, to have a Data Protection Officer (DPO) and to undertake lengthy impact assessments.

It means a small business such as an independent pharmacist won’t have to recruit an independent DPO to fulfil the requirements of UK GDPR, provided they can manage risks effectively themselves, and they will not have to fill out unnecessary forms where the risk is low.

Organisations will still be required to have a privacy management programme to ensure they are accountable for how they process personal data. The same high data protection standards will remain but organisations will have more flexibility to determine how they meet these standards.

Protecting consumers from nuisance calls

The fines will increase from the current maximum of £500,000 and be brought in line with current UK GDPR penalties which are up to four per cent global turnover or £17.5 million, whichever is greater.

Those Annoying Cookies

Currently, users have to give their consent for cookies (the data points which allow sites to remember information about an individual’s visit) to be collected. To do so users have to opt in to cookie collection every time they visit a new site.

If you have any experiences with these scams do let me know, by email.

June 29, 2022

Pension Wise Service

https://www.pensionwise.gov.uk

In these days of pension fraud, if you’re over 55, it is wise to assess your pension situation using government advice.

The website Pension Wise was set-up by government to provide free advice

They say they can help you if:-

you are aged 50 or over
have a personal or workplace pension
want to make sense of your options

There is plenty of advice on the site from what happens if you live abroad to taxation to the different ways you can take money from your pension pot.

There’s also advice on how to avoid the pension scammers.

If you feel the need to talk to an expert, there are free calls of up to 60 minutes that can be booked.

If you need pension advice – this website is a good start.

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

June 15, 2022

Safer Internet Centre

https://www.saferinternet.org.uk

The safer Internet Centre is a partnership of three leading organisations: Childnet International, Internet Watch Foundation and SWGfL, with one mission – to promote the safe and responsible use of technology for young people.

South West Grid for Learning (SWGfL) Trust is a not-for-profit charitable trust providing schools and other establishments with safe, secure, managed and supported connectivity and associated services, learning technologies to improve outcomes, and the toolkit for being safer online.

The partnership was appointed by the European Commission as the Safer Internet Centre for the UK in January 2011 and is one of the 31 Safer Internet Centres of the Insafe network. The centre has three main functions:

Awareness Centre: to provide advice and support to children and young people, parents and carers, schools and the children’s workforce and to coordinate Safer Internet Day across UK
Helpline: to provide support to professionals working with children and young people with online safety issues
Hotline: an anonymous and safe place to report and remove child sexual abuse imagery and videos, wherever they are found in the world

The UK Safer Internet Centre is funded under the Connecting Europe Facility (CEF) programme of the European Commission. As such we contribute to the Better Internet for Kids (BIK) core service platform to share resources, services and practices between the European Safer Internet Centres and advice and information about a better internet to the general public.

The website pages are – About, Safer Internet Day, Blog, Training & Events, Research, Get Involved, Translate

Advice Centre, Hotline, Helpline, Pupil powered e-safety

It contains a lot of advice and information, largely to do with young people, parents and carers but much applicable to anyone so it is a useful resource.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

June 10, 2022

The UK Gov Cyber Essentials Scheme

https://www.cyberessentials.ncsc.gov.uk/

The government says Cyber Essentials helps your business to guard against the most common cyber threats and demonstrate your commitment to cyber security

Self-Help for Cyber Essentials

The guide explains how to:

Secure your Internet connection
Secure your devices and software
Control access to your data and services
Protect from viruses and other malware
Keep your devices and software up to date

The Three levels of engagement

Not everyone has the time or resources needed to develop a full-on cyber security system. So we’ve designed Cyber Essentials has been designed to fit with whatever level of commitment you are able to sustain. There are three levels of engagement:

The simplest is to familiarise yourself with cyber security terminology, gaining enough knowledge to begin securing your IT.
Basic Cyber Essentials certification.
Cyber Essentials Plus certification.

1. Self Help

The self-assessment option gives you protection against a wide variety of the most common cyber attacks. This is important because vulnerability to simple attacks can mark you out as target for more in-depth unwanted attention from cyber criminals and others.

2. Certified Cyber Security

Cyber Essentials Certificate £300 approx. (+VAT)

Certification gives you peace of mind that your defences will protect against the vast majority of common cyber attacks simply because these attacks are looking for targets which do not have the Cyber Essentials technical controls in place.

In the process of obtaining Cyber Essentials Certification is simple, you can opt to buy as much or as little help as you need from the company you choose to certify you.

Cyber Essentials shows you how to address those basics and prevent the most common attacks.

Reassure customers that you are working to secure your IT against cyber attack
Attract new business with the promise you have cyber security measures in place
You have a clear picture of your organisation’s cyber security level
Some Government contracts require Cyber Essentials certification

3. Cyber Essentials Plus Certificate

The cost for this is only available on application.

It has all the benefits of Cyber Essentials PLUS your cyber security is verified by independent experts.

Cyber attacks come in many shapes and sizes, but the vast majority are very basic in nature, carried out by relatively unskilled individuals. They’re the digital equivalent of a thief trying your front door to see if it’s unlocked. The advice is designed to prevent these attacks.

Cyber Essentials Plus still has the Cyber Essentials trademark simplicity of approach, and the protections you need to put in place are the same, but this time the verification of your cyber security is carried out independently by your Certification Body.

The more rigorous nature of the certification may mean you need to buy additional support from your Certification Body.

Cyber Essentials and Government Contracts

If you would like to bid for central government contracts which involve handling sensitive and personal information or the provision of certain technical products and services, you will require Cyber Essentials Certification.

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.