Author: Cyber Security Helpdesk

Categories
Cyber Security Cyber Security Recruitment Cyber Security Training Cybercrime UK News

Cybercrime Failure Costly

In today’s news, the National Audit Office has criticised police, the government and banks for failing to tackle cybercrime after it was revealed just one in 150 police officers is dedicated to investigating cyberfraud.

The NAO says the cost to the economy as a whole was £144bn last year.

Sir Amyas Morse, head of the National Audit Office, said: “For too long, as a low-value but high-volume crime, online fraud has been over-looked by government, law enforcement and industry. It is now the most commonly experienced crime in England and Wales and demands an urgent response.”

Categories
Business Advice Cyber Security Tips & Tricks

Cyber crime Warning for SMEs

Small businesses are being urged to take steps to protect themselves from the threat of cybercrime after hackers targeted the NHS earlier this month, compromising its highly sensitive computer systems through a Ransomeware attack on 12 May 2017.

The “Wannacry” ransomeware attack was a worldwide cyberattack by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. Hackers were effectively threatening to delete files unless a ransom was paid.

Research from the Federation for Small Business (FSB) claims 7 million cybercrimes are committed against SMEs in the UK every year, equating to more than 19,000 a day.

FSB figures show the average cybercrime incident costs a small company £3,000 and takes 2.2 days to recover from.

Mike Cherry, FSB chairman, said:

“We are urging all small businesses to take steps to reduce the risk of an attack.

“Businesses should immediately check for updates to their operating systems and anti-malware software and download them where needed.

“We advise small firms to make sure their data is backed up – if the worst happens, data cannot then be held to ransom.”

What is ransomware?

Ransomware is a type of malicious software designed to block access to your computer system until an amount of money is paid.

It often arrives in the form or a phishing email, otherwise known as spam, or a fake software update.

Like other computer viruses, it usually finds its way onto a device by exploiting a security hole in vulnerable software or by tricking somebody into installing it.

Security experts warn that ransomware is the fastest growing form of computer virus, which threatens to delete your files unless you pay the blackmail.

Protecting your business

Small businesses are particularly vulnerable to cyber-attacks, but what can you do to protect your company from the growing threat of ransomware?

The National Cyber Security Council recommends your company takes the following steps:

  • do not open suspicious-looking email attachments or hyperlinks from unknown contacts
  • applying patches for Microsoft Windows will protect against ransomware
  • ensure antivirus products are up-to-date and scans your software regularly
  • use network segregation techniques to minimise the chance of compromise.

What to do if your computer is infected

If you believe your business has been compromised by ransomware, the National Crime Agency advises:

  • do not to pay the ransom as you don’t know the hackers will clear your system of the virus
  • back up your files regularly as this will be the only way to access your data
  • if you have been the victim of online fraud, report it at: www.actionfraud.police.uk

How Can Cyber Security Helpdesk Help You?

We are the UK’s number 1 National Multi-Disciplinary Cyber and Data Breach Incident Response Service; enabling UK Businesses to deal with Cyber breaches, properly and promptly.

SUPPORT – Our support teams work around the clock for our clients and are available 24/7/365.

SPEED – Our First Response team ensures every cyber incident receives a rapid service time without compromising quality.

CONFIDENTIALITY – Every enquiry is dealt with on a confidential basis by our professional team using secure technology.

EXPERT – IT, Data Protection, Legal, Communications experts adopt a meticulous and systematic approach to each incident.

OUR GOAL is your Business Continuity.

If you have suffered a Cyber or Data Breach, contact Cyber Security Helpdesk now.

[fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][fusion_button link=”https://www.cybersecurityhelpdesk.co.uk/contact/” color=”default” size=”” stretch=”” type=”” shape=”” target=”_blank” title=”CONTACT CYBER SECURITY HELPDESK NOW” gradient_colors=”|” gradient_hover_colors=”|” accent_color=”” accent_hover_color=”” bevel_color=”” border_width=”1px” icon=”” icon_divider=”yes” icon_position=”left” modal=”” animation_type=”0″ animation_direction=”down” animation_speed=”0.1″ animation_offset=”” alignment=”left” class=”” id=””]CONTACT US NOW[/fusion_button][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

Categories
Cyber Security Cyber Security Training Information Security UK News

Nearly 500 law firms targeted by fraudsters in new email scam

The Law Society Gazette published a report confirming that fraudsters have attempted to infiltrate the IT systems of hundreds of firms.

In an update published by the Solicitors Regulation Authority, the regulator said it has seen increasing reports of attempted cyber-crime and warned solicitors to be wary of falling victim.

Firms have reported being sent emails saying their services are required: after they respond, the scammers send attachments or links to websites.

These attachments and links might contain malware which allows the perpetrators to control or undermine IT systems.

The SRA said some of the emails relate to a property sale and are sent from a ‘Margaret’ or ‘Mary Smollins’. The email [email protected] has been used to send rogue messages.

The SRA said: ‘While genuine potential clients might indeed send information in this way, law firms should be wary of the risks of malware infecting their IT systems, and take action appropriate to their business.’

Once malware is on a system, it can record everything typed over a long period to obtain passwords or financial details, copy or modify data on the system, and allow hackers to get into the firm’s network.

Firms are advised to use cloud-based computing for storing, accessing and processing information and to inform the police and SRA immediately if they have been contacted via these emails.

Other steps can include keeping software up to date, using an anti-virus system and using encryption on mobile devices. Files should also be backed up on a regular basis including at least one back-up that is not directly and regularly connected to the main systems.

In 2016 the SRA had reports of around £7m of client money being lost to cyber-crime. Almost half of all cyber attacks are aimed at small businesses.

IF YOUR FIRM HAS BEEN TARGETED IN A PHISHING OR SPOOFING ATTEMPT, OR WORSE STILL, HAS BEEN A VICTIM OF CYBER CRIME, CONTACT CYBER SECURITY HELPDESK LTD TODAY TO DISCUSS HOW WE CAN WORK TO MITIGATE THE DAMAGE CAUSED AND RESOLVE THE PROBLEM EFFICIENTLY

Categories
Cyber Security Cyber Security Training Infosec

Hackers ‘can bypass cyber security defences within 12 hours’

Nearly nine in ten hackers say they can break through any cyber security defences they target within 12 hours of launching an attack, according to a new report by Nuix.

The Nuix report found that 88 per cent of attackers were confident they could bypass protections on systems they turn their attention to in half a day.  81 per cent of the professional hackers and penetration testers surveyed at DEFCON said they could identify and take valuable data from their target system within another 12 hours.

But the damage could be even greater for companies targeted by attackers, as most breaches stay undiscovered for hundreds of days, giving cyber criminals plenty of opportunity.

“Data breaches take an average of 250 to 300 days to detect – if they’re detected at all,” said Chris Pogue, chief information security officer at Nuix. “But most attackers tell us they can break in and steal the target data within 24 hours. Organisations need to get much better at detecting and remediating breaches using a combination of people and technology.”

According to the report, hackers are almost never slowed down by measures like firewalls and anti-virus solutions, but endpoint security technologies presented more of an obstacle.  This is because more than half of those questioned change their methods with every target, meaning defences based on known files and attacks are less effective.

A third of the hackers surveyed said organisations never detected their activities.

These findings come just a few months after another report found that half of IT professionals are more concerned about.  73 per cent said they were most concerned about malware installed by careless employees, while 66 per cent were worried about stolen or compromised credentials and 65 per cent were concerned about stolen data.

For more from the report, see the Nuix website.

This Nuix report further underscores the importance of not only having an incident response or business continuity plan following a Cyber Attack, but to ensure that any such plan is implemented properly, quickly and efficiently.

CONTACT CYBER SECURITY HELPDESK TO TALK TO ONE OF OUR CYBER INCIDENT RESPONSE TEAM ABOUT HOW WE CAN HELP YOUR BUSINESS.

Categories
Cyber Security Manchester Cyber Security News UK News

Cyber Security News In The Manchester Region

Cyber attacks cost Manchester economy £41 million, according to a study carried out by Alto digital, aimed at discovering how far UK businesses have developed in terms of office security.

Almost 62% of businesses in the city have been targeted by hackers in the last 12 months.

The study revealed that firms are seriously compromising their confidential data, unknowlingly committing security violations because of a lack of training and knowledge of their IT systems and document security.

It was calculated that these hacks equated to down time equivalent to five to seven days per annum for UK business, with 69% of staff members affected.

An analysis of Manchester’s most common cyber security risks are:
· Companies not having a firewall (up to 36% from 24% in 2013)
· Failing to change old passwords (up to 55% from 32% in 2013)
· Not protecting data stored on printers or photocopiers at all (82%)

The primary reason for IT hacks on Manchester’s businesses in 2016 was phishing emails – when fraudsters attempt to obtain sensitive information for malicious reasons.

Targets include professional services firms such as accountants, mortgage brokers and law firms.

23% of those questioned have also experienced a hack via their telecoms systems, with the most common methods being via remote voice mail access (41%), remote programming (49%) and IP phones (36%).

Sensitive Data Collection and Processsing

When it comes to scanning or photocopying documents, 51% of Manchester’s businesses admit to regularly processing highly confidential documents such as birth certificates (42%), client confidential documents (29%) and even company insurance documents (18%), yet an overwhelming 69% are unaware that a photocopier will store every single document that it scans – a serious hacking risk when connected to a company network.

When asked about the barriers to investing in a sophisticated security strategy, 52% of companies said it’s too expensive (48% in 2013), 59% stated that it’s too time consuming (23% in 2013) and 62% even mentioned that it’s just too confusing (32% in 2013).

It’s not all bad news though, only 24% of UK employees admitted that there’s a lack of concern at management level to invest in a reliable security infrastructure – a large reduction from 2013, when it was a more significant 36%.

Even more positive is the result that an impressive 80% of IT Directors questioned revealed that they always wipe their internal hard drive before getting rid of obsolete printers, a 27% increase from 2013.

Whilst it is clearly important to focus on training and proactive cyber security and data security policies aimed at prevention, the number of phishing or spoofing attempts on Manchester businesses, which are becoming more sophisticated, it is also important to have a trusted Cyber Security Incident Response team who can ensure that any cyber incident is managed properly and professionally with the minimum of downtime and loss to the business.

Categories
Business Advice Cyber Insurance Cyber Security Cybercrime Legal Sector Professional Practices UK News

Legal Profession: Beware of ‘Friday afternoon fraud’ risk

Over the past year, we have noticed a rise in the number of law firms being tricked into giving bank details to fraudsters in so-called ‘Friday afternoon scams’.

The Solicitors Regulatory Authority) confirms that it is a growing problem and itself continues to receive regular reports of scammers stealing from firms despite repeated warnings to professionals not to disclose sensitive details.

Criminals tend to target conveyancing firms with large amounts of money in client accounts and are increasingly sophisticated in how they persuade people to release information.

Instances of so-called ‘Friday afternoon fraud’ are of huge to concern to solicitors and their insurers and with the average house price nearing the £300,000 mark, it is easy to see why such frauds have such a potential impact on a firm’s claims’ record.

These “Friday Afternoon Frauds” appear to follow a particular pattern. They are calculated and highly sophisticated, employing legal industry experience, banking industry experience, (usually) a well financed setup (taking place in what appears to be a call centre established for this purpose), psychology of the firm’s staff and a discreet knowledge of a specific firm’s financial or client details.

They typically take place on a Friday afternoon (hence the name!), starting with a telephone call to the firm’s accounts department or FD, purporting to be from the fraud unit of its own bank. The caller is able to provide (apparently by hacking the firm’s online banking access) details of the genuine transactions made that day, thereby giving the impression of legitimacy. This is also known as a “Vishing” scam. The fraudster will claim that suspicious transactions have been made from the account and that it has been frozen, and will offer the firm assistance with any urgent payments that it needs to make in the meantime. The firm will be required to provide its online bank details, which the caller then quickly uses to defraud the firm with individual payments typically being for slightly less than £100,000, to avoid detection for as long as possible, and where multiple payments are made they will be for differing amounts, in order to avoid raising the bank’s suspicion.

Once each payment is made it is quickly transferred to other accounts and often moved out of the jurisdiction. As these payments are usually made on a Friday afternoon and may not be discovered until the following Monday, catching the criminals by chasing the flow of funds can be next to impossible as they will have long since been dissipated. Many scams also occur either side of the Christmas break, taking advantage of the holiday period.

Other examples of online fraud committed against law firms is “Phishing” scams where a fraudster may hack into a client’s email account or that of another third party involved in the transaction such as a mortgage broker and direct a solicitor or client to transfer proceeds from their sale to a different bank account or a solicitor’s own email account or server may be hacked or impersonated so clients are directed to send monies to accounts other than the solicitor’s client account. The hacking can occur from something as simple as a predictible password being used by a firm employee, lack of robust authentication to log in to a firm’s systems or Malware (malicious software) being unwittingly downloaded from e.g. an unsolicited email communications giving the perpetrators the ability to intercept communications and attempt to hijack money from client accounts.

The SRA has confirmed that law firms and clients have being the victims of scams and schemes totalling millions.

We would advise firms to take the following basic precautions:

  1. Never reveal banking security information over the telephone, even if the caller appears to be genuine and to have knowledge of your account. Independently validate callers by contacting somebody they already know at the bank, preferably using a separate telephone line, for example a mobile. (There have been examples of scammers keeping the line open to intercept any follow-on call to check.)
  2. Employing two-factor authentication on any remote access availability and ensure all user passwords are both sufficiently difficult to predict and are changed regularly.
  3. Always confirm bank details with clients by telephone or in person.
  4. Ensure that all Cyber or Data Warnings to clients are prominently displayed on ALL email correspondence, paper correspondence and repeated by telephone during the course of a matter.
  5. Circulate this advice to all staff, so they are aware of the issue. Ensure staff understand these risks and have undergone cyber and data security training.
  6. Respond swiftly. If you suspect or become aware that you have been a victim of such fraud, contact your bank and broker or insurer as soon as possible. The quicker action is taken, the greater the chances of recovering the money taken.

The potential losses (and consequentially the financial, reputational and regulatory impact on the firm) are significant and a number of firms have already been affected, so management and staff should be advised to remain vigilant.

Should you require any assistance with Cyber or Data breaches, contact us to discuss our incident response service. As one of the UK’s leading integrated incident response service providers, we can advise on technical, legal, regulatory and reputational matters.

Categories
Cyber Security

Ransomeware in Professional Practices

Lawyers and law firms have increasingly become targets of deadly Ransomware attacks.

The level of attention of this type of threat worldwide has risen dramatically.

When we use the term “attention”, we mean unwarranted attention because the problem is really simple to solve. And while normally there are no silver bullets for fixing information security problems, there is a silver bullet against Ransomware.

The simple answer to completely immunizing yourself and your firm from Ransomware infections is to have a great information backup process in place. If the information backup at your firm or your laptop is done in the right way, you never lose that information.

So even if you do get infected by Ransomware that encrypts your critical files and asks you to pay up if you want the decryption key, you can have the last laugh. All you’ll need to do in such an event is restore all your information from a clean backup. And it’s much better than paying the ransom because if you go that route there is always the risk of “remains” left behind from the Ransomware attack that might leave a door open for the attackers to come back for “another sip”.

We strongly recommend that you have an experienced cyber security expert perform an independent review of your firm’s backup processes so that you have the right process in place to completely kill the so-called “threat” of Ransomware attacks.

If you have any questions or need guidance or support in performing a Backup Process Review, feel free to get in touch to discuss cyber security recruitment, training and best practices for your business.

CONTACT US TODAY

Categories
Business Advice Cyber Security Cyber Security Regulation Data Protection

Cyber security in critical national infrastructure

Regulators across the world are focusing on the cyber security threats on critical national infrastructure.

Roads, rail, port operations, telecoms, utility networks are some of the infrastructure networks and assets that governments classify as critical infrastructure and which have the potential to be affected by new regulation.

The threat of cyber attacks continues to increase and is an area in which an infrastructure owner, operator or investor must address to ensure you are protected, both from the threat of cyber attacks and from the regulatory developments.

Cyber Security Helpdesk can assist in discussing and implementing key steps to take and best practices to follow in order to minimise the risk of cyber attacks as well as ensuring clients meet the regulatory developments in the UK.

At Cyber Security Helpdesk, our specialist teams offer a multi-disciplinary approach to advice on cyber and data protection issues, including compliance with relevant regulatory regimes and dealing with cyber incidents.

We would be happy to discuss with you how this may affect your business.

Categories
Cyber Security Cyber Security Recruitment Cyber Security Training

Cyber Security Threats to Professional Practices

In today’s interconnected world, cyber attacks are a threat to all businesses and law and accountancy firms are particularly attractive sources of information for criminals.

Commercial data, IP information and sensitive client data may all be targeted.

The Information Security Breaches Survey 2014, commissioned by the Department for Business, Innovation and Skills and carried out by PwC, found that 81% of large organisations and 60% of small businesses had suffered a security breach during the previous year.

The average cost of an organisations’ worst breach was between £65,000 and £115,000 for small businesses and between £600,000 and £1.15 million for large organisations.

If you are a professional firm, then Contact Cyber Security Helpdesk Today to discuss training for your firm’s staff.

Our courses, which are UK Government approved, as part of their National Cyber Security Strategy, have the support of both the Law Society and ICAEW.

They aim to:

• Increase your awareness of cyber security issues so that you can apply the knowledge in your own context.

• Help you to protect both yourself and your business.

• Help you to be more aware of security issues and more confident of discussing these with clients.

The course covers:

• What cyber security is

• How it affects you and your clients

• Why you should care about it

• Cyber threats to your business and you

• Cyber attacks (phishing and hacking) and their impacts

• Mitigating the impacts Course Format Designed for both lawyers and accountants this online course is designed to last for one hour and is structured into four modules.

• Introduction to cyber security

• Cyber security – your responsibilities

• Managing the cyber risk

• Scenarios

The courses are interactive and include a series of brief quiz questions will test your understanding of the learning materials as you progress through the course.

Contact Cyber Security Helpdesk Today to discuss your Cyber Security Recruitment and Training requirements

Categories
Uncategorized

Cyber Security Guidance For Businesses: Malware prevention

Produce policies that directly address the business processes (such as email, web browsing, removable media and personally owned devices) that are vulnerable to malware. Scan for malware across your organisation and protect all host and client machines with antivirus solutions that will actively scan for malware. All information supplied to or from your organisation should be scanned for malicious content.