Defending yourself against cyber attacks

Cyber security is becoming a recurring news feature and Personal Data Security was one of the few ‘ordinary’ items in an otherwise thin Queen’s speech. The GDPR (General Data Protection Regulations) come into force in 10 months’ time on 25th May 2018 and these are the most far reaching and detailed regulations regarding data ever produced.
Look at the Information Commissioner’s web page here and you will get some idea of the scale.
At Interface, we have always taken data security very seriously and I was pleased that my compliance officer complimented us this week when she said that we are already farther ahead regarding data security than most businesses. Our development programme is fully on track and we aim to be fully compliant before the end of 2017, a full six months ahead of the deadline.
Like it or not almost everything is now online and there is no getting away from the fact that you have to be as well. For example, this is the last year in which tax returns will be completed and from April 2018 you will only be able to submit your details to HMRC via your own online tax account. We are helping our clients to set these up and they can be managed by us if you appoint us as your agent.
At Interface we can do all that we can to protect your data but it is up to you as clients to play your part. If a stranger knocks on your door and asks if they can come in and look around and help themselves I am sure that you would refuse. You also would not leave your key in the front door and your burglar alarm code written on the wall next to it. However, when it comes to Internet security I have been stunned by how lax some people are. Last weekend the headline news was ’90 MPs affected by security attack’ but the ones that were affected where using ‘password’ as their password or something equally guessable such ‘LondonMP’. How safe are your passwords? And do you have them written down in an exposed position? Do you use the same password or if you use only three or four are they simply variations on the same theme?
In one of my blogs earlier this year I asked you to look at How Secure is my Password – for your own sake please try it. If your password can be obtained by a hacker in less than a year, then change it. This site refers to Dashlane which is a password storage facility. We use a different password manager, RoboForm for Business, which seriously protects our business (and yours!). This uses one master password which would take 150 years for the hackers to obtain and I now access using my fingerprint.
Sarah and Nicola have their own master passwords which provide access to a limited range of log ons and they do not know the individual IDs and passwords. If I change their master passwords they no longer have access to anything.
Ransom Ware is in the news on a regular basis so please be aware and vigilant. Think of it like the old scam letter asking you for money or the phone caller who tries to con you out of your hard-earned cash. Viruses used to get into your system via floppy discs but now they get in via emails or from an infected website. When you visit our website, you will see that the web address starts with https:// this is because it has a security or SSL certificate. In addition, you will see the ‘Site Lock’ logo in the bottom left hand corner. Site-Lock scans the site daily to ensure that the site has not been hacked and it would immediately remove any suspect or malicious code. The SSL certificate ensures that any data that you enter such as passwords and personal data is protected and secure. When you are surfing the web take a look at the websites you are using to see if they have similar security – if they do not use them with caution.
Email is probably your biggest danger so if it looks suspicious, do not open it, do not open any attachments, and do not click on any links. Some emails are obviously rubbish but the scammers are getting clever and I have kept several examples of emails which use all of the logos and format of genuine suppliers. The stranger at the door may have an official uniform and a credible ID card but you wouldn’t say “come in and help yourself” (I hope!)
Think before your click: your bank does NOT send you an email to ask you to confirm your log on details. See if you can set up your system to preview messages and attachments without opening them. If you are unfortunate enough to click something malicious then turn off your computer immediately – pull out the plug if necessary – and call an expert for help. Ransom ware spreads like wildfire and can infect all of the files on your computer in less than an hour. If you haven’t got backups you will have lost everything.
Yesterday I received an email with the following: “I’m lawyer to my late client Mr. George Moran. He was a citizen of your country, the former Director Oryx Petroleum Benin. Before his died, he had an account valued at about Eight Million Five Hundred Thousand Dollars deposited with Bank Benin …”. I receive an email like this at least once a week and they make me smile because they are so obviously scams. However, the email that I received on Monday pretending to be from Barclays bank was amazingly convincing – it took a hard look and a ‘think before you click’ moment even for me. Please be aware.
In order to comply with the GDPR and data security we no longer send any messages or attachments by email so if you receive one that seems to be from Interface please treat with suspicion.
Most of our clients are now registered on The Personal Finance Portal and all messages and attachments are sent securely via PFP. The only messages that you are likely to receive from us will ask you to log in to PFP to read – we haven’t been scammed yet but we are reviewing the message that you receive and the ‘click here to read’ may soon disappear so that you log on independently of the email.
If you would like to learn more about making sure your small business or organisation is GDPR compliant, try this beginners guide to GDPR compliance.
Internet security is a big topic and while this article is longer than I intended it could have been much longer. Please get in touch if you want any help.