In a 2017 UK Government Cyber Health Check Cyber risk is now seen as a top, or group-level risk amongst the majority of Boards (54%). Only 13% of respondents now say cyber risk is viewed as a low, or an operational-level risk for their Boards. This signifies a change in perceptions among Boards of the magnitude of cyber risk to their organisation.
The first element of managing Cyber Risk must involve the owners and Board members of a company however large or small who must "buy" into the fact they need to manage Cyber Risk and even though this may be delegated it is important that Board directors and Senior Managers are aware of the risk and the organisations approach to Cyber Risk.
In the recent 2017 Cyber Risk survey around 53% of Board directors report receiving very little insight and only some information relating to Cyber Risk and Information Security. So it is encumabt upon them to encourage and require IT Security teams to educate other areas of the company at executive level and not, as used to often be the case, treat IT Security as their private domain.
Interestingly some FTSE 350 companies still operate without a Cyber Contingnecy plan and of those companies with a Cyber Incident plan 77% of Boards had little or no role. That is incredible.
Likewise over two thirds of companies at Board level receive or have not implemented any form of Cyber Risk training.
As a starting point we recommend that Businesses that have little expereince or resources relating to Cyber Risk go back to basics and ensure that their staff are made aware of the following types of advice, it takes 20 minutes once or twice a month to remind staff of best practice and how to avoid very basic erros that could invite Cyber criminals into your business.
Data Protection Tips You Can't Ignore
1. Do not give any personal information (name, address, bank details, email or phone number) to organisations or people before verifying their credentials.
2. Many frauds start with a phishing email. Remember that banks and financial institutions will not send you an email asking you to click on a link and confirm your bank details. Do not trust such emails, even if they look genuine. You can always call your bank using the phone number on a genuine piece of correspondence, website (typed directly into the address bar) or the phone book to check if you’re not sure.
3. Destroy and preferably shred receipts with your card details on and post with your name and address on. Identity Fraudsters don’t need much information in order to be able to clone your identity.
4. Make sure your computer has up-to-date anti-virus software and a firewall installed. Ensure your browser is set to the highest level of security notification and monitoring to prevent malware issues and computer crimes.
5. Sign-up to Verified by Visa or MasterCard Secure Code whenever you are given the option while shopping online. This involves you registering a password with your card company and adds an additional layer of security to online transactions with signed-up retailers.
6. If you receive bills, invoices or receipts for things you haven’t bought, or financial institutions you don’t normally deal with contact you about outstanding debts, take action. Your identity may have been stolen.
7. Be extremely wary of post, phone calls or emails offering you business deals out of the blue. If an offer seems too good to be true, it probably is. Always question it.
8. If you have been a victim of fraud, be aware of fraud recovery fraud. This is when fraudsters pretend to be a lawyer or a law enforcement officer and tell you they can help you recover the money you’ve already lost.
Remember THE DEVIL'S IN THEIR DETAILS
Online Fraudsters will often try:
Sending emails from fake accounts that appear to be from someone reputable (your bank, mobile phone provider, gas company, etc.) and ask you to follow web links or to call phone numbers.
So DO NOT FORGET
- Pointing you towards fake websites that closely mimic official sites, but that steal any data or personal information you put into them.
- Tempting you with sales, offers and deals for incredibly cheap products or services - remember if an offer looks too good to be true then it probably is.
- Getting your attention through fake online competitions that require you only to fill out a form or answer an extremely easy question to enter.
- Tricking you into downloading malicious software that then collects and shares all the personal information stored on your computer.
- Always check the web address (url) of sites that ask you to enter personal details. Misspelled company names (e.g. actonfraud.police.uk, instead of actionfraud.police.uk) can be set up to steal data and identities.
- Be particularly security-conscious if you are using a public computer or public Wi-Fi internet connection. Never enter personal information (date of birth, address, etc.) or passwords unless you are certain of a site’s security and authenticity.
- Always learn the security features of your internet browser. For example, a locked-padlock symbol in the address bar is when a site is verified as safe. When double clicked/right mouse clicked, the padlock should reveal details of the site certificate which should match the organisation you think you are dealing with.
- Always check the sender's email address – Never respond to a message from an unknown source. Know who you are dealing with – always access internet banking sites by typing the bank's address into your web browser.
- Never go to a website from a link in an e-mail and then enter personal details as the email could be fraudulent.
- When shopping online always sign up to American Express SafeKey, Verified by Visa and MasterCard SecureCode as well as looking for the padlock or unbroken key symbol when you first visit a site. Where possible make your purchase with a credit card or via a credible online payment system (PayPal) which protects you in the event of fraud.
- If you think you have been a victim of banking fraud then you should contact your bank or card company immediately.
If you have any concerns over your business's data security please contact us today. Call 0208 663 400 or visit our Contact Page