Cybersecurity and data protection – What you need to know
The internet has become more influential in daily life than anyone could have ever imagined. What was once a means of allowing US military computers to stay connected has transformed into an integral method of global communication.
But we don’t just use the internet to stay in touch with friends and family across the world. It’s also become key to how we operate businesses, store personal information and even manage our bank accounts.
With so much important data being transferred across public networks every day, it’s no surprise that a small section of the technologically gifted chooses to exploit the more vulnerable among us.
There are ways to protect yourself. Let’s assess how you might be at risk, whilst also explaining the steps you need to take to both prevent and recover from an attack.
What is cybercrime?
By its definition, cybercrime is the name given to any criminal activity that involves a computer or a networked device. Most often, a cybercriminal is someone who has a detailed knowledge of technology.
They’ll often target networks which are unknowingly left unguarded but can also take active steps to try and infiltrate pre-existing firewalls.
There are three primary types of cyberattacks:
- Crimes where a computing device has been stolen. In these instances, data is illegally obtained from the device in question.
- Crimes where a computer is being used as a weapon. A hacker might be able to take control of a computer and use it to carry out further crimes.
- Crimes where a computer is used as an accessory. A criminal might even use someone else’s computer to store data they’ve obtained illegally as a way of keeping it separate from their own personal device.
Ironically, it’s the accessibility and convenience that the internet provides which makes committing a cybercrime considerably easier.
A criminal no longer needs to place themselves in the vicinity of the act. They can even use proxy servers and other cloaking devices to hide their identity, stealing your data from hundreds, maybe even thousands, of miles away.
As a response to the threat of online crime, several inter-govermental and regional organisations have been set up to combat it:
- Asia-Pacific Economic Cooperation (APEC)
- The Organisation for Economic Cooperation and Development (OECD)
- The European Commission
- The Economic Community of West African States (ECOWAS)
The United Nations, G8 and Council of Europe also regularly discuss what can be done to fight this ongoing threat.
Worryingly though, not all countries have cybercrime legislation in place. At the last check, 30 nations had no laws in place. These were largely in less developed countries such as Afghanistan, Chad, Libya and Mongolia.
According to a 2019 survey for the UK government 32% of all businesses in the UK reported an attempted breach of their data in 2019. While that sounds high, it’s actually an improvement on the 43% who reported the same statistic in 2018. This was itself lower than the 46% of 2017.
The numbers seem to be swaying back in favour of the “good guys”. That’s perhaps thanks to the growing perception and understanding of these kinds of crimes.
The same survey found that 78% of companies viewed the protection of online data as a high priority for their business as a whole. This was particularly true in the case of larger and medium-sized organisations, where that number rose to 98% and 92% respectively.
But it’s not just professional bodies under fire. The average person is just as likely to worry about (and be targeted by) a cyber-criminal.
In fact, a National Cyber Security Centre report found 42% of people expect to fall victim to an online crime at some point in their lives. That’s despite as many as 80% saying protecting themselves against such an attack was a high priority.
Shockingly, 23.2 million UK citizens were attacked this year alone using the password “123456”. Other commonly attacked codes included:
- 123456789 (used 7.7m times)
- Qwerty (used 3.8m times)
- Password (used 3.6m times)
- 1111111 (used 3.1m times)
When it came to names, the most commonly used in British passwords were Ashley (432,276), Michael (425,291), Daniel (368,227) and Jessica (324,125).
Football teams were also a common theme, with findings showing the most popular clubs to be:
- Liverpool (280,723)
- Chelsea (216,677)
- Arsenal (179,065)
- Man United (59,440)
- Everton (46,619)
But while it sounds bad, the UK is far from the worst offender in Europe when it comes to susceptibility. In fact, it ranked among the five least vulnerable countries, along with Finland, Estonia, Germany and the Netherlands.
According to a report by WebsiteExpertBuilder, which ranked countries (currently) in the EU on how well cybersecurity is implemented, found the nations with the lowest level of protection were:
Ultimately, while cybercrime is still a very real threat, trends suggest people in the UK are beginning to take it very seriously. As a result, it’s getting harder for criminals to take advantage of innocent people.
Common methods cybercriminals use
There’s no one way a criminal will attack. Individuals will use a variety of methods to get the information they want. The most common forms of cybercrime include:
- This is the collective name given to software which is used to infiltrate your system. That includes the likes of spyware, ransomware, trojan viruses and worms. They’re often transferred via avenues like unknown links or email attachments. Once a piece of malware is on your computer, a hacker will be able to:
- Block access to certain parts of your device
- Install additional harmful software to strip data
- Secretly send data from your device back to theirs
- Disrupt your device and render it unusable
- This is the most commonly utilised method of online scam artists. They’ll send out an email through the guise of a respectable organisation, asking you to click on a link. The landing page you’ll be sent to will replicate that of the organisation they’re mimicking. If you enter any sensitive details into fields on this page, it could be sent straight to the cyber-criminal.
- This sees an attacker intercept a transaction of data between yourself and a second party. There are two common points at which these kinds of criminals will try to get your details:
- On unsecured public connections, an attacker can set up and sift through any data which is transferred
- If malware has already been installed, a criminal can add software to your machine which tracks all data you transfer, regardless of how private a connection is
Distributed denial of service attacks
- In these instances, a system, server or network is flooded with fake requests to the point where they’re unable to handle the amount of traffic coming their way. The result of this is the target in question shutting down repeatedly, as they’re unable to cope with any legitimate requests.
- When malicious code is added to a Structured Query Language (SQL) server, it can sometimes cause it to reveal sensitive information it’s not supposed to. Sometimes this is as easy as adding the code into a website’s search box.
Experienced hackers will know how to carry out all of these attacks. They’ll target millions of people in the hope that just a few will slip up.
What are the potential repercussions of an attack?
There are several repercussions which can have an impact on either a person or a business. These will differ depending on the nature of the crime which was committed against you:
- Digital. Unsurprisingly, there’s going to be a huge impact on the digital landscape which was targeted. That might mean needing to completely revamp a website, or at the very least changing the level of security you have in place. You could also lose a social media account.
- Psychological. Having your personal information ripped out from under you could have an impact on your mental health. Just as with any form of crime, you’ll feel vulnerable, as well as worrying about the threat of becoming the victim of another attack in the future.
- Economic. There’s a chance a criminal has used the information to take money from you. This could leave you in a tough situation, especially if you can’t get the money back straight away.
- Reputational. If you’re a company that stores the personal data of others, a breach can have a massive impact on how you’re perceived in your sector. Even if you’re an industry leader, people might be hesitant to work with you in the future after a public leak of information.
Cybercrime is scary to think about. But it doesn’t have to stop you in your tracks. There are ways to prevent, combat and recover.
Protecting your business from a cyber attack
If you run a business, you’ll know just how important it is to keep some of your more personal data private. But how do you do that?
Let’s take a closer look at what kinds of threats a business might face, as well as how to prevent and overcome them.
What information a cybercriminal is looking for
Cybercriminals will use all of these types of scamming techniques to get access to businesses’ most sensitive data. There are a number of reasons why someone might want to target your business.
Business financial details
- Arguably the most common target of an attack, a company’s financial information is something it naturally wants to keep as private as possible.
- If these fall into the hands of a scammer, they might be able to access funds themselves. If they can’t, but the data is still made public, it could have a large social or reputational impact on a business.
Customer financial details
- Similarly, a lot of organisations will store the sensitive data of their customers. This is especially true in the case of banks, betting websites or e-commerce stores. Allowing this information to leak could have an impact on the business’s own finances.
Customer or staff personal information
- Things like home addresses, telephone numbers or email addresses can be used to gain access to personal details. Again, this is something most businesses will regularly store.
- If you possess any trade secrets or designs which are exclusive to your business, a motive might be to make a financial gain by securing unwarranted access to them.
Social or political blackmail
- If a company represents an opposing viewpoint to a particular movement, a “hacktivist” might want to make a political point by disrupting the company.
Spying on competitors
- If a rival wants to know what you’re doing, or what you have planned, they might employ the services of someone to find out for them. While this is an extreme measure, desperation and jealousy can force the hand of struggling enterprises.
While financial gain is often the driving factor for most cybercriminals, any of these motives could come into play.
The best ways to protect your business data
Whatever the reason you’re being attacked, it’s important you find a reliable and secure way to keep your data hidden. But how do you do it?
GDPR is a term which has become prevalent in most offices throughout the country. This acronym stands for the General Data Protection Regulation. This regulation became law in May 2016, with businesses expected to have it implemented by May 2018.
This change in regulations highlighted the necessity for businesses to make their data as safe as possible. There are many effective ways to combat each type of cyber attack:
- Prevention and awareness are the key for tackling malware. Keep everything from your security policy to your antivirus protection as up-to-date as possible.It’s best to avoid downloading any files which come from someone you don’t recognise, or that are found online.
- Businesses should try to avoid giving out personal information to anyone they haven’t met with face-to-face, or have had extensive online communication with.If there’s a well-known phishing scam going around, tell your staff about it. Keeping them as informed as possible will go a long way to helping them spot a potential threat instantly.You’ll also want to keep your anti-virus and firewall as up-to-date as possible.
Denial of service attacks
- It’s hard to outright prevent this kind of attack. After all, you have no control over what an external force is sending to your computer or network system.As such, your best bet is to reduce the chances of your system becoming a target of such an attack. You can do this by restricting bandwidth to authenticated users, using an antivirus program.This is an extreme measure, however. A less detailed, but potentially effective approach would be to continually monitor and update your server configuration.
- Encrypting data (preventing it from being read publicly) is the most effective way to stop MITM attacks. That means making emails, documents and other information you send across the internet only readable to those with permission to access it.There’s also the option of adding certificate-based authentication on every device your business owns. That means they’ll be the only ones able to access what’s being sent.
Remove access attacks
- If someone takes control of your system from a remote location they’ll be able to infiltrate important files. There are a number of ways you can make it harder for someone to gain access:
- Make your passwords as strong as possible
- Implement security software which runs a deep scan for viruses
- Review software employees use to remotely access your system and disable where necessary
Also, be sure to encrypt your company website with a HTTPS (hypertext transfer protocol secure) connection. This is a huge deterrent for anyone trying to illegally access your site data.
What to do if you get targeted
Sometimes even your best efforts aren’t enough to stop a hacker getting what they want. These circumstances are rare, but they do happen.
There are three immediate steps to take if you’ve fallen victim to a cyberattack:
- It might be tempting to try and delete everything a hacker has access to. What you should actually do is identify what has been infiltrated and quarantine it from the rest of your devices.Once you notice one breach, there are a number of actions you can take to ensure the rest of your devices (or a greater network) remain safe:
- Disable all remote access
- Install any pending updates
- Maintain firewall settings
- Change passwords to any company accounts
Isolate the breach, disconnecting any devices associated with it from the internet.
- Once you’ve contained the issue, it’s time to work out how it actually happened. Look at which servers were affected, who has access to them and which networks were active when the breach itself occurred.Also work out how much of an impact it’s had on your staff, customers or clients. Has their data been breached? Are they at risk of losing out financially?This would also be a good opportunity to assess how you can train your staff to prevent an issue like this occurring again in the future.
- It’s time to be as transparent as possible. Let everyone who’s been impacted know what’s happened, and be clear about the possible data that’s been accessed.Show willingness to speak with whoever’s been affected. If needs be, you can even set up a dedicated hotline which people can call to discuss the situation. Being as open and honest as you can is the best way to salvage a good working relationship after a security breach.
You’ll also want to report the crime. The Met Police offers a variety of online resources which can help you. Some of the most relevant include:
When it comes to recovering lost finances or assets, taking out cyber liability insurance before an attack happens is the most effective way to get money back. Don’t assume you’ll be reimbursed for everything, though. Check the terms of whatever policy you take out.
Protecting your personal computer
We’ve seen the steps to take when a business falls victim to a cyber attack. But what if it’s your personal computer which is being targeted?
Let’s take a closer look at why that might happen, as well as the steps you can take to both prevent and recover from a cybercrime aimed at you personally.
What cybercriminals use your data for
The most commonly stolen form of data is PII (personally identifiable information). These are details like your name, address, email and phone number. Passwords are, unsurprisingly, another commonly targeted snippet of data.
There are a variety of reasons each of these might be taken:
Name and address
- A hacker could apply for loans and credit cards in your name. They might also use this information to transfer money illegally, or even blackmail you.
- In extreme cases, having your email address could mean a thief has the capability of gaining access to your online accounts.In less severe examples, you’ll be sent spam and other forms of unwanted marketing emails. You may be the target of phishing attacks in these instances. Be sure not to click on any links you don’t recognise.
- If a scammer gets hold of your phone number, you’ll likely be receiving a variety of annoying calls. These will usually be on the behalf of fake insurance companies, or even banks and the government.Most often, they’ll try and convince you you owe a large sum of money, or that you could be the recipient of a big payday if you hand over certain details. Remember, never give out your personal information over the phone.
- As you might expect, passwords are targeted with the intent of illegally accessing someone’s account. For an online thief, a password is akin to a golden ticket.
As well as using your identity to access your own accounts and funds, a scammer might also use it to cloak themselves. They’ll commit other cybercrimes under the guise of yourself, making it harder to track the source of the attack back to them.
How to protect yourself from an attack
We’ve seen the potential damage an attack can do. But what steps can you take to prevent them from becoming a reality? Here are some of the best ways to stop your personal computer from falling victim to a cyber-criminal.
- It might be easier to remember, but it’s best not to repeat your password across multiple websites. And don’t pick words or phrases which mean something to you. Generate random passwords, and write them down in a book so you don’t forget them.
- Every time you’re prompted to update your software, do so. Having your system as patched up as possible makes it a lot harder for a criminal to find a flaw they can infiltrate. Updates might be annoying, but they’re actually doing you a big favour.
- Keep your social profiles as private as possible. Don’t accept requests from people you don’t know, and hide information from strangers. Even putting something like your pet’s name on a social channel could give away the answer to one commonly-asked security question.
- Using an encrypted VPN (a virtual private network) will make it considerably harder for anyone to intercept messages you send out across the internet. It’s a particularly good idea to use this if you’re out in public using an unrecognised wi-fi connection.
- Educate your family on the dangers of cybercrime. Younger children, in particular, may not be familiar with the concept. Highlight dangers like downloading unrecognised files from the internet, or giving out any kind of personal information.
- It’s always wise to protect a personal computer with an antivirus system. These will, hopefully, block any unwanted files from reaching your computer. Don’t rely totally on them, however. Some hackers are skilled enough to create viruses which can go undetected by these programs. A famous example is the Trojan Horse Virus.
Your private life:
- Try to avoid posting anything about your private life on social media. Especially when you’re going on holiday. Don’t give anyone the chance to target you when your data is at its most vulnerable.
Stay up to date:
- If there have been any major leaks or breaches of data in the media, read into it. Learn if there was any particular reason it happened, and see if there are any similar problems with your own system which could be exploited.
Having these measures in place will go a long way to stopping your computer from becoming a target.
What to do if you’ve been the victim of cybercrime
For all your good work, it’s still possible to slip up. If your system does get attacked, make sure to act fast. Here’s what you should do next:
- Ideally, the first thing you should do is get in touch with local authorities. As the internet becomes more prevalent, police forces across the UK are placing increased importance on keeping people safe online.There are even dedicated bodies like Action Fraud, Victim Support and the Cyber Helpline you can turn to.
Change all passwords
- If the password on the account which was broken into was used on any other platform, be sure to change it on there too. It might even be a wise move to edit them all just in case.
Let providers know
- Get in contact with any organisations who are in charge of your accounts. Let them know what’s happened, and ask them to cancel any transactions you don’t recognise. You should get the money back in your account eventually.
Save any direct conversations you’ve had
- If you’ve been personally contacted by the individual, or group, who’s scammed you, be sure to save all the conversations. These can be used to track down the guilty party, as well as prove your own innocence.
However desperate the situation might initially seem, there are always measures you can take to help resolve it.
Useful sources and links
We’ve covered a lot here. But if there’s anything further you’d like to find out about the dangerous world of cybercrime, be sure to consult one of these useful sources.
We’ve covered a lot here. But if there’s anything further you’d like to find out about the dangerous world of cybercrime, be sure to consult one of these useful sources.
The BBC look at some key statistics surrounding cybercrime rates in the UK – UK cyber-crime victims lose £190,000 a day
The EU introduced GDPR in May of 2016. Find out what it entails and how it protects you
Panda Security highlights some of the most common methods used to target a personal PC
Search Security provides information on how to encrypt your website with an HTTPS connection
Strategy New Media assess the best ways to address and prevent a cyber attack