Loading…

Cyber security – be careful out there

October is Cyber-Security Awareness Month – the opportunity for anyone who uses the internet or email for work, recreation or making their lives easier to take stock of how secure they feel when online and what they can do to improve their personal cyber-security.

October is Cyber-Security Awareness Month – the opportunity for anyone who uses the internet or email for work, recreation or making their lives easier to take stock of how secure they feel when online and what they can do to improve their personal cyber-security.

It is no surprise that more and more individuals are trusting internet service providers with their personal data so that they can take advantage of the convenience that they offer. The latest survey from the National Security Alliance showed that 47% of participants had 10 or more online accounts incorporating sensitive personal or financial data - 15% admitted that they had actually lost count of the number of sensitive online accounts that they have. But, sharing sensitive personal data online has its risks – criminals use it to target you, your family or your place of work for scams, to give them illegal access to your finances or to plant malware onto the systems and hardware that you use. No wonder that 84% of survey participants were particularly concerned about maintaining cyber-security and 50% considered themselves a likely target for cyber-crime. 

Cyber-crime is everywhere

It’s predicted that cyber-crime cost the global economy around $7 trillion in 2022, and this number is expected to rise to $10.5 trillion by 2025. The UK had the highest number of cyber-crime victims per million internet users at 4,783 in 2022 – up 40% from 2020. In comparison, the country with the next highest number of victims per million internet users in 2022 was the USA, with 1,494 per million users. It is often assumed that successful attacks on larger organisations such as government agencies or big companies holding lots of customers’ personal data are the reason behind this. In fact, a significant number of cyber-crime victims are individuals or small organisations targeted personally via their online presence.

Good cyber security is doing the basics

Cyber-Security Month 2023 is highlighting five key behaviours for individuals using email or the internet that spell good cyber-security and will help to protect their personal data from digital forms of crime:

  • Ensuring good password hygiene
  • Using Multi Factor Authentication
  • Installing the latest device updates to keep cyber-protection software programs stay updated.
  • Checking messages for signs of phishing and reporting them
  • Backing up data

Anyone who has had cyber-security training will recognise these as the basics of good self-protection against cyber-attack. But, the National Security Alliance survey shows that not everyone is following the basics and that some people have a long way to go:

  • 32% of respondents used sensitive personal information as part of their password
  • 33% used the same password for all their online accounts.
  • 40% do not install software updates when the need to
  • 40% don’t make regular data back-ups.

Don’t be bait for phishing

The National Security Alliance survey identified phishing as the most frequent form of cyber-attack (47% of reported attacks) followed by online dating scams (27%) and identify theft (26%). Phishing attacks – attacks where fraudsters trick people into providing information or installing dangerous software to steal money or data from them – are increasingly targeted through the work environment as well as via private email / internet. 

Some phishing attacks are very simple, for example an email or text asking you to click onto a link or attachment. But phishing is becoming much more sophisticated as criminals use the information that individuals and forms put online to target victims with bespoke communications designed to convince the victim that they are genuine.

If you receive an email you weren’t expecting, ask yourself: 

  1. Do the ‘From:’ details match the sending details? 
  2. Does it ask you to carry out an action you wouldn’t usually do? 
  3. If you know the person who the email says it is from is it written in their normal style?
  4. Does it threaten or encourage you to act immediately when there isn’t usually a need to do so?
  5. Does it include a link or attachment you don’t recognise?  
  6. Can you contact the sender by some other means to verify that it is really them?

For organisations, it is also very important to give employees enough time to be suspicious about phishing during their working day and to make it easy for individuals to report when they have been targeted by phishing attacks. This includes a suitably supportive culture so that nobody is scared into not reporting suspicious correspondence. 

Happy Cyber-Security month……and be careful out there!

You may also be interested in...

BSA Card
  • BSA.IndustryResponse Industry Response
  • Conduct Risk & Regulation

FOS Consultation on charging Claims Management Companies & other professional representatives

The BSA strongly supports the principle of charging a fee to CMCs.

BSA Card
  • BSA.Event Event
  • Conduct Risk & Regulation

Annual Update & Networking for Boards

This autumn, the BSA is running its first event designed specifically for Board Members (Exec and Non-Exec) and Board attendees. This in-person e...

BSA Card
  • BSA.Event Event
  • Conduct Risk & Regulation

Consumer Duty: Navigating Board Reports

A free webinar hosted by BSA Associate, docStribute docStribute and Woodhurst are collaborating to bring you this webinar series. Following our pre...

BSA Card
  • BSA.Event Event

Building Societies Annual Conference 2024

Building Societies Annual Conference 2024 8th -9th May, Manchester   The Building Societies Annual Conference is the leading event in the secto...

BSA Card
  • BSA.Event Event
  • Audit & Taxation

Audit, Risk & Regulation Autumn Series

This year's annual update returned in a brand new format with a series of topical webinars covering key areas of audit, risk and regulation. This...

BSA Card
  • BSA.Event Event
  • Conduct Risk & Regulation

Consumer Duty: Linking Customer Outcomes to Customer Experience

A free webinar hosted by BSA Associate, Protiviti This webinar will explore ways firms can effectively test, monitor, and report customer outcomes ...

BSA Card
  • BSA.Event Event
  • Conduct Risk & Regulation

BDO's Financial Services' NED event: Consumer Duty Board Champions

BDO’s Financial Services’ team is delighted to invite you to our first FS NED event for 2024, to discuss the Consumer Duty’s ("the CD") next phase of ...

BSA Card
  • BSA.Event Event
  • Prudential Regulation

Preparing for successful regulatory visits

Two half-day sessions on 24 & 25 January 2024

  • BSA.IndustryResponse Industry Response
  • Conduct Risk & Regulation

GC23-2 FCA Guidance consultation on financial promotions on social media

Our response to FCA GC23-2