The Police Digital Service Centre is a not for profit company that is owned by the police and its mission is to reduce the vulnerability of organisations to cyber crime. Since the Covid-19 crisis begun, cyber crime has increased by 400% in the UK and has remained consistently at that level over the length of lockdown. There has been an increasing number of ‘phishing attacks’, whereby an email or text message is disguised as a legitimate company in order to steal data or gain access to internal systems.
From spoof shopping websites, to fake ‘trace and track’ emails to innocuous ‘cut and paste content’ that contains hidden code on social media, the cyber criminals have been busy trying to maximise the advantage they have as many more businesses and people go online. Furthermore, with so many employees now working from home that it’s gained its own acronym (WFH), there is also an increased risk to businesses as this can inadvertently lead to more exposure to the risk of cyber crime.
In response to this, the Police Digital Service Centre has provided a free course, with lots of essential information and useful resources, that businesses can use, whether to share with their management, staff or even consumers. Croydon BID has uploaded all of it here, so it’s easily available for our business community.
Neil also highlighted for us the key measures that all businesses should take, as soon as possible, to avoid risk.
He said that it is vital to “secure the perimeter”. So, we should consider the end point security. Many of us might wrongly assume that cloud-based security is integral. However, whether it’s Microsoft Azure or another, the cloud maybe protected, but not your data. Each business should take its own steps to protect the data within it.
These are Neil’s three top tips for securing your perimeter:
1) Multi factor authentication is essential for any cloud-based server. Two or more password controls should be necessary to enter the system. Neil suggests using a trustworthy password manager like Dashlane, Last pass (Android) or 1password (Apple), all of which have free trials and will reduce the risk of passwords being repetitively used or over simplified.
2) Consider the end point security; Neil recommends that people should work from work laptops/computers/smart phones and not use their own so that anti-virus software or malware can be incorporated, and so that there is no likelihood of your business data finding its way onto personal and non-secure equipment. It also prevents a non-work related activity infecting the business system.
3) Always auto-update and ask your staff and colleagues to do the same. It’s so easy to ignore those update requests but apparently, that is when the cyber criminals know they can take advantage of the vulnerability as the updates patch holes in the security. Interestingly, cyber criminals tend to focus their attacks on Microsoft as it’s more widely used than Apple, unless Apple are communicating a particular update.
Clearly, with increased concerns from so many people working from home, wider safeguarding issues as children spend more time online and the fear factors across social media (and the rumours and counter rumours that circulate), the need to focus on the facts around cyber security is really important. Neil suggests running a training session with your staff and use logic to put in place sensible measures to reduce the risk. Immediate investment in securing your perimeter is the insurance you and your business need against the risk of a potential and costly cyber crime in the future.
Thank you to Neil for taking the time to talk to us, and to him and the Police Digital Service Centre for providing us with the free course for our business community