Top Tips for managing your vulnerability in an online world

Cyber crime continues to increase in both its scale and complexity. The news regarding the conflict in Ukraine has highlighted one aspect of cyber attacks, with examples both by Kremlin-linked hacking groups and those sympathetic to Ukraine and which the UK’s National Cyber Security Centre described on 12th May  as “the most sustained set of cyber operations coming up against the best collective defence we have seen”. Hacking also featured in an attempted attack on the voting system in the recent Eurovision – always an event more about politics than singing!  Cyber crime is, however, a very present concern not only at the geopolitical level but also at the corporate and personal level, relevant to us all, and with the ability to cause both financial devastation and also significant disruption to our lives. 

The scale of cyber crime is huge, recently estimated to cost approximately 1% of global GDP annually with the cyber criminal underworld populated by international networks with vast organisational and financial resources. As names and organisational acronyms briefly pass through our consciousness when reported in news, it can leave us feeling vulnerable. What can we as individuals do in the face of REvil (temporarily dormant but now apparently back in business), Lazarus Group or Fancy Bears, particularly if major companies such as Facebook/Meta, Dixons Carphone, British Airways, Equifax and Tesco, to name just a few, have suffered embarrassing large scale breaches of personal data in recent years? 

The good news is that we are not defenceless. As in the physical world, there are some key security steps we should ensure we ingrain as habits, both in our home and business lives to make ourselves more secure and less attractive as a target against the most common threats.

1. Create strong passwords – three random words: Passwords remain such a fundamental part of our online experience, still confounding the forecast by Bill Gates in 2004 of their inevitable demise. Cyber Aware advice from the National Cyber Security Centre in UK suggests focussing first on your email and using three random words (together with numbers and symbols).  Three random words linked together is an approach which is much less easily cracked by brute force attacks than a single word. Limit reuse of passwords for multiple logins as much as possible and where offered use multi factor access for further protection
2. Treat unsolicited email with caution: Avoid opening attachments or clicking on links in spam email. A little know side fact – the word spam, used in the context of unsolicited messages sent by email, is recognised as coming from the corresponding 1970 Monty Python sketch.  Adopt the same approach with unsolicited text messages (often purporting to be from delivery companies, utilities or government departments), or telephone calls where the caller asks for personal details as part of “taking you through security”. If in doubt, call the company/department back on the public number on their website (preferably using a different phone) and take them through security to prove who they are.
3. Never send funds without checking the destination account: Emails can be very easily intercepted.  Trained hackers automatically monitor activity and then intercept emails in a way that is incredibly difficult to spot, just changing for instance an account number so monies to the wrong place.  This has happened to some of our clients.  Always phone to confirm the bank details of where you are sending any money.
4. Keep software and the operating system updated: Vulnerabilities are regularly discovered in software, and it’s important to benefit from the latest security patches to protect your computer.  Use anti-virus software and keep it updated: this way you ensure you benefit from the best scanning and removal of threats

Ultimately, while the context is the digital world, some of the most powerful elements of defence are building and maintaining good behavioural discipline and don’t in themselves require deep technological know-how.