‘I don’t do cyber!’ – this was a comment from a business owner I met recently, and it really brought home the challenge of getting everyone to realise that cyber security needs to be part of all our lives, whether as a business owner or in our personal lives.
What does the term cyber mean? Well, it is defined as relating to, or involving computers or computer networks (such as the Internet). I think it is fair to say that the vast majority of us do cyber! So, as we mark International Internet Day, as well as celebrating one of the most important inventions in our history, we all need to understand the cyber security risks of the internet age, many of which fall under the term cyber-crime.
A few months before the first landing on the moon, a student at the University of California sent the very first internet message to a colleague at Stanford, California. They were working on the forerunner of the internet which was called ARPANET (Advanced Research Projects Agency Network) which was funded by the US Defence Department. The first test was to send the word: ’LOGIN’.
Unfortunately, only the ‘L’ and ‘O’ were sent when the system crashed, somethings don’t change. Yet an hour later they succeeded in sending the full message. Just over fifty years on and the internet is everywhere; we access it on our phones, televisions, tablets and computers. We have public Wi-Fi so we can access when we are at restaurants, cafes, and on trains.
It Is this aspect that International Internet Day seeks to celebrate, and all the benefits that it has brought to our lives. We can now video conference, which became so important to so many during the pandemic, we can access information and transmit it virtually instantaneously. We now even have the metaverse where users can travel a virtual world that mimics aspects of the physical world and purchase land using digital currency. And as these have developed, so has the opportunities for the cyber-criminal.
The first use of the internet was to send a message. We now refer to these as emails, and they are the most prominent form of communication used by businesses. Unfortunately, criminals also use emails in an attempt to deceive us into taking action that is detrimental to the business. That could be downloading some malware or making a fraudulent payment. The most common type of method used to deceive is the phishing email, it is estimated that over 3.4 billion phishing emails are sent out every day across the world, so there is a good chance one is on its way to you.
The good news is there are ways to recognise phishing emails. Many will contain bad spelling or grammar, come from an unusual email address, or feature imagery or design that may not look quite right.
Yet criminals are constantly improving their attacks and can sometimes be quite difficult to spot. Look out for the following signs as the perpetrator will seek to quickly gain your trust and pressure you into taking an action you may later regret:
· Does the message seem like it is official, maybe from the bank or a government department? Criminals will try and make the email seem important so you will follow instructions.
· Is there pressure to respond quickly? This time pressure could be accompanied with a threat of a fine or another consequence if you do not act immediately
· Is this an opportunity too good to miss out on? Maybe offering something in short supply, or a free gift.
· Were you expecting the email? Exploiting current news stories, big events or specific times of year (like tax reporting) can make the email more believable, or even the fact that you are expecting that parcel and want to avoid a delay on delivery!
If you have any doubts about the authenticity of an email, then do not open any attachments. The easiest way to check if the email is genuine is to contact the sender organisation. Don’t use the contact email address or phone number that might be contained within the email but get the details from their official website.
By putting in cyber security protections you are protecting your information security. One simple step is to provide cyber security training for all those in your organisation. So, if someone you know says ‘I don’t do cyber’, get them to think again because if they are using the internet, whether for their online accountancy or marketing their products, then they are using a computer and a network…… so they are in fact “doing cyber”!
At the Cyber Resilience Centre for Wales, we believe it is important for businesses across the Wales to recognise the security risks and helping you to become more resilient to cyber security threats is the aim of the WCRC. So whether you are a cyber security beginner or already advanced in your IT security, the WCRC is for you.
We offer a range of membership options depending on what level of support businesses need. Free core membership provides businesses with access to a range of resources and tools to help them identify risks and vulnerabilities, as well as providing guidance on the steps they can take to increase their levels of protection. Get in touch with a member of our team for more information.
Comments