Cyber Security
What is cyber security?
Cyber security is the practice of ensuring the confidentiality, integrity and availability (CIA) of information.
Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access.
This include preventing:
- Attacks on Confidentiality – stealing, or rather copying personal information.
- Attacks on Integrity – seeks to corrupt, damage or destroy information or systems and the people who rely on them.
- Attacks on Availability – denial of services, seen in the form of ransomware.
What are the threats?
Cybercrime
Cybercriminals are generally working for financial gain. Most commonly, for the purposes of fraud: either selling illegally gained information to a third party. Key methods used include:
- Malware – malicious software that includes viruses, Trojans, worms or any code or content that could have an adverse impact on organisations or individuals
- Ransomware – a kind of malware that locks victims out of their data or systems and only allows access once money is paid
- Phishing – emails purporting to come from a public agency to extract sensitive information or to trick individuals into transferring funds or to link to malware.
Hacktivism
Hacktivists will generally take over public websites or social media accounts to raise the profile of a particular cause. Attacks denial of service (DoS) – when a system, service or network is burdened to such an extent by an electronic attack that it becomes unavailable).
Steps you can take to help reduce the risk of a cyber security incident:
- Make yourself a harder target
- Personal information about you that is easily viewed on your work and private websites, including social media accounts (and those of your family), can be used by criminals to make their phishing emails appear more convincing.
- Review your privacy settings and think about what information you post and publish online.
- Be aware what your friends, family and colleagues say about you online, as this can also reveal information that can be used to target you.
Tell-tale signs of a phishing email
- Have the confidence to ask ‘is this genuine?’. Here are some tricks used in phishing emails:
- Urgency: Using tight deadlines to create a sense of urgency that distracts you from the rest of the message and pressures you into acting quickly.
- Authority. Using the authority of the sender, such as by pretending to be a senior executive, trusted colleague or reliable company, to convince you that the message comes from a trustworthy source.
- Imitation. Exploiting 'normal' business communications, processes and daily habits to trick you into reacting to a message. Check who the email is addressed to, if it's 'friend' or 'valued customer', then this might be because the sender doesn't know you.
Keep passwords strong and secure
- Create strong passwords to make it hard for hackers to guess, and add layers of security to make it even harder to access an account.
- Using three random words is a great way to create a strong, unique password.
- Enable two-factor authentication (2FA) in your security to double check that you are who you say you are when you log in.
Keep your devices secure
Install system updates
The apps and software you use will have flaws in their systems. Hackers can exploit some of these flaws, leading to security problems. When these flaws are found, the manufacturers will normally fix them and send the fix out as a patch or as part of an update. Hackers rely on you to ignore those update notifications so they can get in before the update is made – so don't give them the chance.
Use a screen lock
This can be a PIN, password, biometric (fingerprint or facial recognition) or pattern. Pick any one of these that you can stick with. Some are better than others security-wise, but any is better than none!
Be aware of your surroundings
Be aware of others around you who might be overlooking your screen or listening in to your conversations. Consider using privacy screens, particularly if you're regularly using devices on the move.
Reporting incidents
Act quickly: the sooner you report an incident, the quicker it can be resolved and the less damage it will cause.
Don't be afraid: even if you think you caused an incident, always report it. Cyber incidents can be difficult to spot and mistakes do happen – letting someone know will help to limit the damage.
If you think you might have been a victim of cyber crime, please visit the Action Fraud website or contact them on 0300 123 2040.
For further advice on online fraud support, visit the Citizen's Advice website, call their dedicated helpline on telephone 0808 250 5050 or talk to someone online.
Further guidance
For further information and resources about cyber security visit the National Cyber Security Centre website.