Category: cyber security

The government says Cyber Essentials helps your business to guard against the most common cyber threats and demonstrate your commitment to cyber security

Self-Help for Cyber Essentials

The guide explains how to:

Secure your Internet connection
Secure your devices and software
Control access to your data and services
Protect from viruses and other malware
Keep your devices and software up to date

The Three levels of engagement

Not everyone has the time or resources needed to develop a full-on cyber security system. So we’ve designed Cyber Essentials has been designed to fit with whatever level of commitment you are able to sustain. There are three levels of engagement:

The simplest is to familiarise yourself with cyber security terminology, gaining enough knowledge to begin securing your IT.
Basic Cyber Essentials certification.
Cyber Essentials Plus certification.

1. Self Help

The self-assessment option gives you protection against a wide variety of the most common cyber attacks. This is important because vulnerability to simple attacks can mark you out as target for more in-depth unwanted attention from cyber criminals and others.

2. Certified Cyber Security

Cyber Essentials Certificate £300 approx. (+VAT)

Certification gives you peace of mind that your defences will protect against the vast majority of common cyber attacks simply because these attacks are looking for targets which do not have the Cyber Essentials technical controls in place.

In the process of obtaining Cyber Essentials Certification is simple, you can opt to buy as much or as little help as you need from the company you choose to certify you.

Cyber Essentials shows you how to address those basics and prevent the most common attacks.

Reassure customers that you are working to secure your IT against cyber attack
Attract new business with the promise you have cyber security measures in place
You have a clear picture of your organisation’s cyber security level
Some Government contracts require Cyber Essentials certification

3. Cyber Essentials Plus Certificate

The cost for this is only available on application.

It has all the benefits of Cyber Essentials PLUS your cyber security is verified by independent experts.

Cyber attacks come in many shapes and sizes, but the vast majority are very basic in nature, carried out by relatively unskilled individuals. They’re the digital equivalent of a thief trying your front door to see if it’s unlocked. The advice is designed to prevent these attacks.

Cyber Essentials Plus still has the Cyber Essentials trademark simplicity of approach, and the protections you need to put in place are the same, but this time the verification of your cyber security is carried out independently by your Certification Body.

The more rigorous nature of the certification may mean you need to buy additional support from your Certification Body.

Cyber Essentials and Government Contracts

If you would like to bid for central government contracts which involve handling sensitive and personal information or the provision of certain technical products and services, you will require Cyber Essentials Certification.

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

May 30, 2022

Fake Cyber Protection Scam

Data breaches at major companies, hacking incidents where the personal information of millions of people has been stolen and new edicts pushing companies to improve their cyber defences have all been in the news regularly.

So, the scammers latch onto this and try to pump up the fear levels even more and then benefit from it.

Email with titles such as ‘Your Company is at risk of Cyber Attack NOW!” have been appearing.

“Take action now to prevent Cyber Attacks” exhorts people to click to find out further information.

Then content in huge letters such as

“It is your responsibility under the law to protect your clients details”

And “It is an offence not to protect your clients data”.

Now, cyber-attacks are a very serious problem and all businesses must protect themselves and especially any client information against such attack, but do not pay attention to these messages or similar phone calls – find a reputable business or expert to help you with security needs, not from an unsolicited email or cold call.

If you have any experiences with scammers, spammers or time-waster do let me know, by email.

October 6, 2021

Cyber Security Breaches Survey 2021

https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2021/cyber-security-breaches-survey-2021

The Cyber Security Breaches Survey is a study of UK businesses, charities and education institutions. It was carried out in winter 2020/21

In the survey, micro business means 1-9 employees, small is 10-49, medium is 50–249 and large is 250 upwards.

On average, 39% of businesses and 26% of charities report having cyber security breaches or attacks in the last 12 months. The figures are higher in medium and large organisations as they are more often targeted by criminals.

However, evidence from the study suggests that the risk level is potentially higher than ever under COVID-19, and that businesses are finding it harder to administer cyber security measures during the pandemic.

Key Points For Business That Have Identified Breaches or Attacks

27% of these businesses and 23% of these charities experience such attacks at least once a week. The most common by far are phishing attacks (83% and 79% respectively), followed by impersonation (27% and 23%).
A sizeable number of these organisations report that costs are substantial.
21% and 18% respectively of businesses and charities end up losing money, data or other assets.
35% of businesses and 40% of charities report being negatively impacted e.g. because they require new post-breach measures, have staff time diverted or suffer wider business disruption.
The mean cost of all the cyber security breaches these businesses have experienced in the past 12 months is estimated to be £8,460. For medium and large firms combined, this average cost is £13,400.

77% of businesses say cyber security is a high priority for their directors or senior managers, while 68% of charities say this of their trustees.

If you have any experiences with these scams do let me know, by email.

September 10, 2021

Maintain Online Privacy

One of the wonderful things about the Internet is the capacity to share information quickly and with a lot of people.

Conversely, one of the big problems with the Internet is people with malicious internet obtaining your confidential information. Everyone from the ‘Big Brother’ of Facebook, Google and others watching everything we do to scammers trying to steal from us.

Here are some actions you can consider to protect your online security

Have up to date anti-virus and anti-malware on all of your computer devices
Don’t give out information that you don’t want scammers to have, unless you are sure of the person or website you are giving it to.
Be careful – if something looks too good to be true then it’s likely to be a scam
Never click on a link or open an attachment unless you are sure it is safe
Avoid public WI-FI if you intend to access online banking or anything else that needs to be secure.

Website Browsing

There are a number of things you can do to make your website browsing more private and safer.

Use the privacy/incognito mode
Block web activity trackers
Block your ads
Use encrypted messengers
Get a VPN
Avoid non-https:// websites for input of confidential information
Clear your cookies regularly
Use secure/encrypted email providers

The guide at https://thebestvpn.com/online-privacy-guide/ contains a lot more information on what you can do to maintain your online privacy.

July 30, 2021

Avast Secure Browser

Avast Secure Browser is a web browser developed by Avast that focuses on Internet security and privacy. It is free and available for Microsoft Windows, macOS, iOS and Android.

Features

Block malicious webpages and browser extensions
Advert Block
Bank Mode
A password manager.
Video Downloader
Anti-tracking and anti-fingerprinting
Anti-Phishing

Bank Mode

Bank Mode creates an isolated Windows desktop session while you do your online banking. This is stop keyloggers from recording your keyboard access.

Bank Mode can give you secure privacy whenever any sort of payment info or sensitive data comes into play. Use it for:

online banking
online shopping
managing investments
managing cryptocurrencies

If you have any experiences with secure browsers by any maker, do let me know, by email.

February 24, 2021

What is Doxing

Doxing means to analyse information posted online by someone in order to identify and later harass that person. It is typically used to shame or punish people who would rather stay anonymous, because of their controversial beliefs or because they are making trouble in some way.

Doxing can be called a cyber attack involving uncovering the real-world identity of an Internet user. The attacker then reveals that person’s details online. This can then lead to other people attacking the ‘victim’ online and this can be malicious.

However much we may wish to hide out r identity online, we all leave a trail of breadcrumbs that the determined investigator can use to try to find out our real identity.

Typical methods used to determine someone’s identity may include:–

searching publicly available databases
searching social media websites
hacking
social engineering.

The key point of doxing is to find and publish personal information about the victim but it can be done for a wide range of reasons, including: harassment, online shaming, extortion or vigilantism.

Examples

Newsweek writer Leah McGrath Goodman revealed the identity of the anonymous creator of Bitcoin, Satoshi Nakamoto although she was heavily criticized by some for her actions.

Some believe a journalist using doxing is crossing the legal line into harassment, by publishing information about an individual’s private life against their wishes.

The Des Moines Register published racist tweets made by a 24-year-old Iowa man whose beer sign on ESPN College GameDay resulted in over $1 million in contributions to a children’s hospital, readers retaliated by sharing social media comments previously made by the reporter, Aaron Calvin, which contained racial slurs and condemnation of law enforcement.

The newspaper later announced that Calvin was no longer an employee.

3. In July 2016, WikiLeaks released 300,000 e-mails called the Erdoğan emails (named after the Turkish leader). However, Included in the leak was a lot of personal information about Turkish citizens. The files were removed due to privacy concerns, as they included spreadsheets of private, sensitive information of voters.

If you have any experiences with these scams do let me know, by email

Fightback Ninja Blog