The number of cyber attacks have been increasing year on year. So far, 2020 doesn’t look much better.

January proved ominous, with a series of successful cyber attacks on organisations across the globe. Here are just some of the attacks over the first month of 2020:

Royal Yachting Association (RYA)

The UK’s national organisation for the yachting community became aware of a digital attack on 17th January. Online user account data was compromised and as a result, all members of the organisation had to change their passwords immediately.

A statement issued by the RYA said: “On 17 January 2020 we became aware that an unauthorised party accessed and may have acquired a database created in 2015 containing personal data associated with a number of RYA user accounts.

“Our investigation into this matter is ongoing and we have engaged leading data security firms, including forensic specialists, to assist in our investigation.”

Mitsubishi Electric targeted by Chinese hackers

One of Japan’s largest defence and infrastructure groups, Mitsubishi Electric, was also hit by a colossal cyber attack in the first month of this year. The attack was blamed on a Chinese group, who may have gained access to information on government agencies and business partners, as well as the personal data of 8,000 employees and job applicants.

Chief Cabinet Secretary of the group, Yoshihide Suga said in a statement that the Japanese Government was informed, while also confirming that “there is no leak of sensitive information regarding defense equipment and electricity.”

Detroit data breach exposes workers and residents

The email system of Detroit City Government was breached on 16th January. Although less than 10 email accounts were affected, some of the accounts contained sensitive information that could be exploited by cyber criminals. Luckily, most of the email data was encrypted.

The city’s Chief Information Officer, Beth Niblock said: “At this time, there is no evidence – and it is highly unlikely – that any of this personal data was accessed. However, out of an abundance of caution for privacy and security of our employees, the city will be offering credit monitoring services for a period of one year.”

Make a cyber security New Year’s resolution

If your company’s New Years resolutions didn’t include improving cyber security, then these attacks should provide a wake-up call. Being cyber resilient is critical to company health.

A surefire way to prove your house is in order is by achieving cyber security accreditation. The UK National Cyber Security Centre’s cyber essentials or cyber essentials plus accreditation schemes are the best way to do this.

Cybersecurity is an issue that most people don’t take seriously until the worse happens- from stolen customer data to electrical blackouts or paralysed information systems. And unfortunately, these incidents have been steadily rising for small businesses.

Basic controls like firewalls and strong password protections can go a long way in protecting you but if your business isn’t up-to-date in terms of security protocols and practices, then you’re likely at a far higher risk than you think of security breaches, data loss or even malicious attacks from hackers and outside sources.

Before it gets to that point, though, recognising that your system isn’t secure is an excellent place to start.

If you, or your staff, have spotted any of these red flags within your system, then it might be time to invest in better cybersecurity, or even consider our 24/7 cyber monitoring software to boost the safety of your business:

Errors or out-of-date notices on software

We’ve all been known to ignore warnings and errors related to the software we use, especially if that particular piece of software continues to work correctly. But out-of-date technology, particularly software connected to the internet or cloud, can be an open door for hackers.

If you’ve noticed errors or out-of-licence notices on company software, updating your processes and guidelines to ensure this is reported, and any updates are done swiftly, is best practice.

OS systems that are not updated to the latest version

Many employees are guilty of this particular security issue. Leaving computers on overnight and never allowing updates to occur may allow for a quicker start to the day, but it’s not worth the security risks it brings. If you find employees regularly lagging behind on the latest OS updates, completing these updates should be included in the responsibilities of your IT team to ensure your company is compliant.

An increase or influx in spam emails or potentially harmful links

Outdated or less secure email systems can lead to a significant increase in the amount of spam your business receives which could have harmful attachments and links included in them. Ensuring your firewall, spam systems, and other security measures are up-to-date can prevent problem emails from reaching you. If you’ve noticed a sudden increase, ensure all your systems are up to date.

All too often, businesses forget all about their cybersecurity requirements until problems occur – whether it’s a virus in the system, a hacking attempt or a full-on ransom demand.

That’s why CyberSmart’s simple app and dashboard alert you any time a device in your company has a firewall disabled, is behind on updates, or needs a software update. Beyond certification, we offer the kind of 24/7 protection that will keep your business, employees, and customers safe in the world of 2020.

To learn more about our software and certification services, contact CyberSmart today.

The General Data Protection Regulation, or GDPR, was brought in by the European Union in 2018. The intention was to update data protection laws across all member states and ensure that companies would become compliant in their handling of data. A lot of businesses, however, still see GDPR as a nuisance. In fact, it acts to protect customers and businesses alike. Here, we discuss exactly how that is the case.

Security of data

Under GDPR, the data of individuals became much better defined. Anything identifiable to an individual is their personal data, and under GDPR users have the right to know who is in possession of their data and which organisations are using it. Customers have to agree to actions being taken with their data, so they have a far greater level of control over what companies are doing with their personal information. If they don’t like what a company is doing, they can simply withdraw their consent and request that a company deletes the data. This not only protects the customer but also benefits the business in that it ensures individuals can have a greater feeling of comfort that their data is being used legitimately.

Transparency of data

Customers are also given the right to be informed of what the purpose their data is being used for, exactly what data is collected, and if there have been any data security breaches. These wide-ranging reforms, designed to allow for a much greater level of transparency, ensure that customers are not only more secure but are also more aware of what exactly their data entails. When individuals are allowed to download all of the data that international companies hold about them, they have a better idea of what their data actually is, and can get a better idea of what sort of access they want to let companies have. Customers, therefore, are more likely to be trusting of what exactly a company does, since data is no longer an abstract concept but something more tangible. Two-thirds of Europeans have now heard of GDPR, demonstrating the reach of the regulation and its impact in boosting awareness. Compliant companies are therefore likely to benefit from the implementation of GDPR.

With the implementation of GDPR across Europe, companies are now considering data to be an intrinsic part of cyber essentials. Data handling is key to modern business operations, and to ensure that your company is completely compliant, you may need expert help. CyberSmart can help make a complicated bit of regulation, much simpler with our Privacy toolbox, click here to find out more.

For many businesses, social media is now just a fact of life – a major sales channel that puts products directly into the laps of customers. It’s rare for a business to not have some kind of social media presence, but along with the benefits of being more connected to customers comes the risks of being exposed to people that you don’t want to get attention from such as hackers and online criminals. Here are a few tips that can keep your organisation safe.

Use a VPN

Your businesses’ social media account is a goldmine of potentially useful information for cybercriminals or just good old fashioned fraudsters. Everything from bank details and passwords to personal details of employees and company performance can be found there, so it must be kept safe. A Virtual Private Network (VPN) is a server separate from your own that you can connect to in order to access the internet, and it makes your internet connection much more secure and much harder to track. Think of it as an extra layer of security between you and the bad guys, enabling them to track your activity back to your VPN and no further. Paid-for VPNs also typically have a high level of encryption and security provided by large tech companies, which may be better than your own network’s protection.

Pay attention to privacy

On a business social media page, it’s likely that the user won’t know the majority of people who interact with it personally, so it’s harder to manually spot suspicious people or activity than it is for an individual on their personal page. One important point is to keep your privacy settings up to date, so you’re always sure that you’re not oversharing details about your business with fans, you’re changing your passwords regularly and you have all possible security measures in place like backup addresses and two-factor authentication. You should also train your staff to spot fraudulent messages and phishing, so they don’t inadvertently become the back door.

Protect yourself

No matter how diligent you are, there’s always the chance you’ll still be a victim of an attack, and you don’t want to be defenceless if you are. Achieving cybersecurity certification with IASME issued Cyber Essentials or Cyber Essentials Plus, can ensure you have basic cyber hygiene and protect your business from most sources of threats. By ensuring this level of protection is in place you can be sure you have done all you can to protect your business, customers and suppliers.

The Internet of Things is a revolution that has been well underway for some time. As devices and basic home necessities become connected to the internet, people’s lives are becoming more interlinked and easier. However, whilst progress is being made in all sorts of devices becoming connected, it provides a significant emerging data security threat.

What is the Internet of Things?

The Internet of Things is a global movement, based around allowing usually mundane objects to connect to the internet. This means that items such as fridges, televisions and watches have started to transmit and record your personal data. The expansion of IoT doesn’t seem to be a trend that’s going away. By 2022, it’s expected that 18 billion IoT devices will be in use, so the security of all this data is paramount.

Much more data is collected on people

When almost every device in your house is collecting data on your actions, you’re almost certain to produce much more information. If each and every decision you make is recorded by global corporations, what they know about you expands and people can get a complete idea of who you are as a person. When your fridge knows what you like to eat, your social media knows exactly who or what you like, and your car knows your favourite places, it’s easy to fill in the gaps. Whilst regulations such as GDPR ensure that companies remain compliant and don’t release this data to other companies, it can still get out through less legitimate means.

Devices can never be perfectly secure

Whilst the internet of things has allowed more devices to become interconnected, this means that a vulnerability in any of these devices could lead to issues for data security. For example, consider a case in which you have several devices connected to a single account and the account becomes compromised. All of the data, from what is in your fridge, to your physical data from a smartwatch, to your chat logs from your phone, could fall into the wrong hands. This would leave everything about your life in the hands of a complete stranger.

How can CyberSmart help?

CyberSmart is a certified cyber essentials company, with years of experience working with data security. CyberSmart’s expert team can help your company to work towards Cyber Essentials Plus certification, to make sure that your company is ready for all of the pitfalls that could potentially arise with the Internet of Things. Get in touch through our website, or call us on 020 7993 6990 for a quote.

It’s no secret that the world of cybersecurity online is becoming more dangerous as more and more people, and things, across the globe, get connected in ever more sophisticated ways. However, while criminal individuals and gangs are an ever-present threat online, the real threat growth area is from national governments who are increasingly turning to the internet as a means to attack their enemies. So what should you expect from cybersecurity in 2020? We take a look.

Government services

Countries have long used underhand methods of attacking their enemies as a proxy for military conflict, but the Internet has created a powerful way for rogue actors to cause unprecedented levels of damage to civilians without ever firing a shot. Examples of tit for tat attacks are common, and targets from the UK’s NHS to the Iranian nuclear industry have been hit in recent years with catastrophic results.

Government services from your local council website all the way to the police and health services could be attacked, and while they might not be targeting you specifically, often the malware and viruses they unleash are indiscriminate in who they affect. It’s a good idea to make sure your antivirus is up to date before using Government sites and portals, just in case, and to be suspicious of any emails you receive from public services unless you can verify the source.

Election fever

Most of the attention around election security in recent years has been focused on the potential for fraudulent social media posts and fake news to mislead voters, but old fashioned cyber fraud is also expected to increase in the run-up to the US elections this year and in the aftermath of the UK elections last December.

Legitimate online identities are valuable to hackers looking to commit fraud, so it is important to be alert in case they try to steal your details in a way that could be damaging professionally or financially – particularly the theft of email databases or sensitive details. For a business, it is essential that you are compliant with GDPR in the event that this does happen, or the fallout from an attack could be much worse.

Supplier woes

While government agencies are particularly vulnerable to cyber warfare, the damage doesn’t stop there. Many governments use private companies to help deliver public services, and the contagion from an attack on a government can easily spread down supplier networks to your business even if you don’t deal directly with the Government yourself.

As a result, it’s essential that you have robust software with IASME certification in place, like Cyber Essentials or Cyber Essentials Plus to give your customers the peace of mind that they won’t become victims if you are attacked.

Looking to improve your cybersecurity in 2020 but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

Most government and industry experts agree that cybercrime is set to grow massively over the next few years. In order for individuals and companies to understand how to deal with it, they must first understand the nature of the threat, and what measures can be to prevent it.

Ransomware

The recent spate of cyberattacks, including the one on Travelex, highlights the growing use of ransomware as the preferred crime of choice. Ransomware attacks are becoming more and more common, and are not simply aimed at big companies and corporations anymore.

Many ransomware attacks are aimed at hospitals, local and national government bodies, large and small businesses as well as private individuals.

Cybersecurity refers to a number of measures that can be taken by any organisation or individual that can help to prevent this type of threat, as well as all other types of cybercrime.

Information theft 

A lot of cybercrime involves trying to fraudulently obtain money from individuals or businesses, and it often includes theft of information or personal data. Such information is usually highly sensitive, and any type of data breach is a serious issue for organisations, both legally and financially.

Most organisations hold a significant amount of information about their customers and clients, which is potentially at risk from any type of cyber attack. Data protection has become a necessity for any businesses, who must operate under the framework of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

Cyber Essentials

In addition to knowing how to protect customer data, it is crucial that any business knows the basics of how to protect themselves against a cyber attack. Cyber Essentials is a UK Government initiative that provides detailed guidance on how a business can develop an effective cybersecurity programme.

It covers areas such as securing an internet connection, how to secure hardware and software, controlling access to data and devices, protection from viruses and malware and how to make sure this is updated on a continual basis.

Cyber Essentials Plus

The government also offers a program known as Cyber Essentials Plus, which allows an individual or business to receive certification from an independent body, that they are fully compliant with the principles of cyber essentials.

This verification can have real benefits for any business. Aside from being listed in a government directory of compliant organisations, it sends a message to existing and new customers that the business takes its cybersecurity responsibilities extremely seriously.

IASME

The Cyber Essentials program is delivered by the government with a partner consortium, the IASME. They oversee the certification process, and have a wealth of experience in helping a number of industries, including healthcare and defence, develop effective cybersecurity initiatives and programmes.

They also have extensive experience in helping develop cybersecurity defences for internet-enabled devices (IoT), where many of the future threats to cybersecurity will come from.

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

The introduction of the General Data Protection Regulation – a.k.a. GDPR – was introduced in 2018. This new framework standardised and updated data protection law across the European market and most importantly gave consumers more say over how their data is handled, stored and shared.

However, considering how quickly data collection and analysis technologies are developing, this legislation wasn’t a one-size-fits-all solution. Subsequently, there are a few grey areas that left many organisations feeling confused – which is risky, considering the size of the potential fines.

Now, it seems that similar legislation with its own unique nuances will appear in the United States, adding a whole new layer of data privacy legislation for companies to navigate. Here, we discuss what American data privacy law is likely to bring going into 2020.

GDPR USA – What to expect

Although data privacy is a global issue, every region is developing its own distinct regulations. Although it’s likely there will be similarities between GDPR and American data privacy legislation, currently, there are no plans for a comprehensive, nation-wide GDPR USA. Instead – much to the dismay of many international companies – every state is drawing up its own plan. Currently, the two major ones businesses need to be aware of are California’s Consumer Privacy Act (CCPA) and the SHIELD Act.

CCPA

California’s Consumer Privacy Act, or CCPA, came into force as of 1 January 2020. The legislation has similarities with GDPR, however, there are important differences. For instance, under GDPR users must opt-in to third-party data sharing whereas, under CCPA, they need to opt-out. This means companies will have to have customised terms and conditions forms for Californian users. That said, the good news is that CCPA isn’t as far-reaching as GDPR. If your company turnover is less than $25 million and you don’t handle the data of more than 50,000 then the rules don’t apply.

SHIELD Act

In July 2019 New York State passed the Stop Hacks and Improve Electronic Data Security Act (SHIELD), which will come into effect on 21 March 2020. Similarly to GDPR, this law is designed to standardise data privacy requirements. However, this is where it can get confusing; the wording of the legislation is suitably vague, with statements such as “data security should be appropriate for the size and complexity of the small business, the nature and scope of the small business’s activities, and the sensitivity of the personal information the small business collects from or about consumers.” To add to the bill’s cryptic nature, if companies are already in compliance with historic data protection laws like HIPAA and the GLBA, they may already be compliant.

Get globally data compliant

Legislation like GDPR has global implications. With so many different laws emerging all over the world, it’s critically important that companies with international operations seek advice on data compliance and certification. Just look at some of the fines that have been dished out under GDPR – and legislation like CCPA empowers American states to enforce even heftier fines. Cyber Smart are the experts in cybersecurity compliance, and with IASME’s GDPR Readiness certification we can help your business ensure full GDPR compliance and the proper processes and policies are in place. Wherever your business operates, contact us to ensure you’re fully compliant.

It might seem absurd, but today, everyday objects like fridges, doorbells, light switches, thermostats, and even children’s toys can pose a cybersecurity risk. This is because nowadays, it’s not only computers and smartphones that are connected to the Internet. Instead, even the most mundane household objects are likely to have some sort of smart capability, leaving them vulnerable to data loss or cyber-attacks.

This huge range of connected devices is referred to as the Internet of Things or “IoT”. Although this network facilitates many exciting and useful things, it also creates numerous new access routes for cyber attackers. Therefore, it is essential that businesses of every scale have the proper cybersecurity precautions in place – or risk compromising company and customer data. Here, we discuss the growing risk and what you can do to prevent a cyber attack.

Why the IoT presents a growing risk

In a recent report, cyber security researchers shared some alarming statistics about cyber attacks on IoT devices. According to research, attacks are up 300% in 2019, with a staggering 2.9 billion recorded events. A common strategy by cyber attackers is honeypots, where decoy servers disguise themselves as operational hardware. Often, IoT devices are left vulnerable due to ageing firmware or irregular data security updates.

What you can do to prevent attacks

These statistics are worrying, especially for small and medium businesses. As consumers become increasingly concerned about data privacy, cybersecurity becomes a matter of reputation as much as anything else. For instance, a recent report from the Internet Society identified ‘the trust opportunity’. Essentially, companies should leverage an excellent cybersecurity record to differentiate themselves from the competition.

However, many SMEs worry that they can’t afford sophisticated IoT cybersecurity measures. Thankfully, this isn’t the case – certification standards like Cyber Essentials and Cyber Essentials Plus from IASME ensure that businesses are compliant, even with their IoT devices. 

Good cybersecurity is good business

With threats from the IoT network growing every day, it is essential that businesses of all sizes have a proper cyber security strategy. At Cyber Smart, we can help you implement GDPR and cyber protection programmes to ensure your business’s defences are up to scratch. Customers buy from businesses they trust. With proper cybersecurity certification, you can make sure you’re their first choice.

The information age has given businesses a new set of responsibilities for customer data that just didn’t exist before, including anything from basic name and address details all the way through to legally sensitive details, medical records and serious financial data. This has enabled major advances in everything from logistics to advertising and healthcare, but it’s also a major burden for companies – so how can you make sure you’re doing your best?

Change behaviours

While the tricks and tools that hackers use to get at your data are genuinely becoming ever more sophisticated, by far the most popular way to steal from you is with the good old fashioned confidence trick. Fake email solicitations, clones or mirrored websites and even the impersonation of trusted contacts can get your staff to hand over data voluntarily – so make sure a culture of suspicion is built into your workforce. Set up a secure inbox that staff can forward suspicious emails to, so IT can safely dispose of them, and make sure to train staff regularly to spot fraud.

Layer your defences

The holy grail of any hacker’s attacks is to get at not only the target of their crime but all your other data as well. While one file may not be enough to cause harm, it can be linked to other files that can be used cumulatively to carry out more serious attacks on people like identity fraud, so make sure you have several layers between other areas of your systems so one breach doesn’t cascade into several. It can also help to restrict access on a need to know basis, so accidental breaches simply can’t happen or ban things like portable disk drives just in case.

Trust the experts

While it’s totally possible to fashion your own defences, it’s hard to give your customer true peace of mind without some official credentials to back it up. Using software with IASME backed certification like Cyber Essentials or Cyber Essentials Plus ensures that you have the industry’s gold standard protection in place, and with the GDPR Readiness standard you can become GDPR compliant and showcase your efforts to world-class customer data security, which in turn can open doors to new contracts with companies who insist on only working with the most secure firms.

Keep your patches up to date

Another sadly common way that hackers access your systems is through known back doors in software that has been fixed but isn’t the latest version with repairs included. These obvious flaws are like gold dust to hackers who can just stroll right in, so it’s a good idea to get software like CyberSmart Active Protect that automatically detects old versions of operating systems as well as software vulnerabilities. Find out more.