October is Cyber-Security Awareness Month – the opportunity for anyone who uses the internet or email for work, recreation or making their lives easier to take stock of how secure they feel when online and what they can do to improve their personal cyber-security.

It is no surprise that more and more individuals are trusting internet service providers with their personal data so that they can take advantage of the convenience that they offer. The latest survey from the National Security Alliance showed that 47% of participants had 10 or more online accounts incorporating sensitive personal or financial data - 15% admitted that they had actually lost count of the number of sensitive online accounts that they have. But, sharing sensitive personal data online has its risks – criminals use it to target you, your family or your place of work for scams, to give them illegal access to your finances or to plant malware onto the systems and hardware that you use. No wonder that 84% of survey participants were particularly concerned about maintaining cyber-security and 50% considered themselves a likely target for cyber-crime. 

Cyber-crime is everywhere

It’s predicted that cyber-crime cost the global economy around $7 trillion in 2022, and this number is expected to rise to $10.5 trillion by 2025. The UK had the highest number of cyber-crime victims per million internet users at 4,783 in 2022 – up 40% from 2020. In comparison, the country with the next highest number of victims per million internet users in 2022 was the USA, with 1,494 per million users. It is often assumed that successful attacks on larger organisations such as government agencies or big companies holding lots of customers’ personal data are the reason behind this. In fact, a significant number of cyber-crime victims are individuals or small organisations targeted personally via their online presence.

Good cyber security is doing the basics

Cyber-Security Month 2023 is highlighting five key behaviours for individuals using email or the internet that spell good cyber-security and will help to protect their personal data from digital forms of crime:

• Ensuring good password hygiene
• Using Multi Factor Authentication
• Installing the latest device updates to keep cyber-protection software programs stay updated.
• Checking messages for signs of phishing and reporting them
• Backing up data

Anyone who has had cyber-security training will recognise these as the basics of good self-protection against cyber-attack. But, the National Security Alliance survey shows that not everyone is following the basics and that some people have a long way to go:

• 32% of respondents used sensitive personal information as part of their password
• 33% used the same password for all their online accounts.
• 40% do not install software updates when the need to
• 40% don’t make regular data back-ups.

Don’t be bait for phishing

The National Security Alliance survey identified phishing as the most frequent form of cyber-attack (47% of reported attacks) followed by online dating scams (27%) and identify theft (26%). Phishing attacks – attacks where fraudsters trick people into providing information or installing dangerous software to steal money or data from them – are increasingly targeted through the work environment as well as via private email / internet. 

Some phishing attacks are very simple, for example an email or text asking you to click onto a link or attachment. But phishing is becoming much more sophisticated as criminals use the information that individuals and forms put online to target victims with bespoke communications designed to convince the victim that they are genuine.

If you receive an email you weren’t expecting, ask yourself: 

1. Do the ‘From:’ details match the sending details? 
2. Does it ask you to carry out an action you wouldn’t usually do? 
3. If you know the person who the email says it is from is it written in their normal style?
4. Does it threaten or encourage you to act immediately when there isn’t usually a need to do so?
5. Does it include a link or attachment you don’t recognise?  
6. Can you contact the sender by some other means to verify that it is really them?

For organisations, it is also very important to give employees enough time to be suspicious about phishing during their working day and to make it easy for individuals to report when they have been targeted by phishing attacks. This includes a suitably supportive culture so that nobody is scared into not reporting suspicious correspondence. 

Happy Cyber-Security month……and be careful out there!