21 Oct 2017

Cyber Security at Home: Protecting Your Net Worth

Cyber-crime is very much a huge focus for the media and it is no wonder, seeing as it is the second most reported economic crime affecting 32 per cent of organisations according to the PwC Global Economic Crime Survey 2016.

We see regular reports on almost a daily basis of cyber-breaches and attacks on large organisations. However, the issue is certainly not just a problem for multi-national organisations. In fact, it’s not just a business related issue at all.

Anyone can be at risk of a cyber-breach including on a personal level, in particular those who hold senior executive positions or are known to be of high net worth. High profile figures, from sports people and TV personalities to politicians, are prime targets. No one will forget the reports of ex-England footballer David Beckham’s emails having been breached, and the 2014 mass-attack of a number of celebrity iCloud accounts still gives cause for concern, as does the accessing of President Obama’s personal emails in the same year.

Of course you don’t have to be in the spotlight to become a victim of cyber criminals or hackers: executives are also attractive targets and there have even been reports of attackers trawling through the websites of wealth managers in order to target the super-rich.

Double Risks for Executives

For the executive, there is a double risk: aside from the potential to become a third-party in-road for cyber criminals into the organisations they head-up (the PwC survey confirmed that the human factor is by far the weakest link in terms of corporate cyber-crime), there is also a major risk to personal assets.

A study carried out last year, the Barclay’s Digital Development Index, showed the UK in ninth place out of a survey of ten countries due to a lack of digital skills. Barclays said only 13 per cent of British workers surveyed used password-generating software, in comparison to 32 per cent in China and India. It also came to light that the majority stored payment information on frequently used websites, suggesting that convenience is dangerously prioritised over security.

Phishing attacks are also on the rise. Telecoms company Verizon analysed 10,000 incidents in its 2016 Data Breach Investigations Report. It found as many as 1,000 had led to a data breach and that nearly one in three phishing emails is opened, with 12 per cent clicking on links. Apparently, those in high-pressure jobs, for example PR executives, journalists and lawyers, who regularly receive urgent emails, sit amongst the most regular victims.

Individuals Should Place as Much Emphasis on Cyber Security as they do Physical Security

Digital crime now poses one of the most significant threats to particularly wealthy people, which is why it is crucial for high net worth and high profile individuals to place as much emphasis on protecting themselves in the cyber realm as they do via bodyguards and security measures in the physical world.

The methods cyber criminals are using to compromise their targets are becoming increasingly sophisticated. Attackers will monitor online activity in order to siphon off money; they’ll use threats of extortion from data extracted during a breach; they’ll blackmail their victims through digital means, sometimes manipulating social media interactions to do so. Devices may even be stolen in order to gain access to platforms and accounts, and criminals are not just going directly to the target: they are also finding avenues in through their domestic staff such as cleaners and nannies as well as drivers and PAs.

For the high net worth individual, reputation is at risk as well as monetary loss.

The importance of arranging for a robust, fully tailored cyber security programme to be put in place cannot be over-emphasised. This programme must include dedicated monitoring and ongoing advice and attention so that it never becomes outdated. Cyber-crime is evolving at an exceptionally rapid pace, which for the wealthy and influential means the risk will continue to grow.

The key message is, do not leave yourself open to attacks. Cyber-security is not just for companies: there is a very real and exceptionally vital need to protect yourself as an individual.

At IQ in IT, cyber security is our key priority. We work with both businesses and individuals to protect data, assets and reputation. To request your cyber security review, please contact us.

11 Oct 2017

In-Roads for Cyber-Crime: Are you Missing Something Crucial?

You know the vital importance of adopting cyber security measures. You’re fully aware of how crucial it is to protect your business and that includes its reputation and its sensitive data.

You’ve quite rightly, and shrewdly, taken steps to install systems and processes to reduce the risk of technology failures that could open the floodgates for an attack. You’ve put in place a comprehensive educational programme for staff so that the human risk element is covered. You’ve even secured everything physically as well as digitally.

But are you missing anything? No? Are you absolutely certain?

Many business owners take fundamental steps towards cyber security so that everything inside the business is protected as best it can be. But what about OUTSIDE the business?

A lot of businesses these days outsource to third parties. Freelancers; contractors; agents: it’s a common way to deliver products and services, particularly when you’re in an industry that experiences peaks and troughs.

The thing is, any business that shares access to its sensitive data with third parties faces significant risk. If your business deals with freelancers, contractors or any other third parties then you will need to consider the importance of casting your cyber security net wider so that you can be sure you are not missing any potential weak spots outside of the walls of your business.

Be Sure to Set Policies for Third Party Suppliers

When you engage the services of a freelancer or contractor, do you request to see their own data security policies? Do you ask them to sign an agreement that protects you in the event of a data leak or other type of security breach emanating from an error or negligence on their part?

Your terms and conditions for third party suppliers must incorporate clauses that cover the steps you expect them to take to safeguard your data.

Any third party that is privy to your clients’ or employees’ data should be expected to take reasonable steps to protect that data. These steps could include ensuring all devices used to process data are password protected and armed with up to date virus protection and firewalls; that security updates are installed in a timely fashion, and that devices and any portable storage are physically secured when not in use.

The agreement should also state that any compromise of your company data should be immediately reported to you, for example loss, theft or unauthorised use of a device.

Be Prepared with an Action Plan

Following on from these policies and agreements, your organisation needs to have processes in place to deal with any breach. So for example you’re going to need to be ready with an action plan to handle situations where a freelancer’s laptop is left on a train, and that laptop contains details of your customers; or where a contractor’s iPad used to access your systems has been infected with malware.
If you’re not prepared for such occurrences then you need to make arrangements with your IT providers without delay. It always pays to plan ahead rather than firefight once an incident has already occurred.

You’ll need to be particularly careful where third parties are provided with access to your systems via their own devices. It’s best to introduce an arrangement that is similar to a BYOD (bring your own device) policy. The Information Commissioner’s Office (ICO) has some useful guidance on this subject.

The guidance highlights the seventh principle of the Data Protection Act which says, “Appropriate technical and organisational measures shall be taken against accidental loss or destruction of, or damage to, personal data.” This basically means that sufficient security should be in place in order to protect personal data being accidentally or deliberately compromised. It says this applies if personal data is being processed on devices which you may not have direct control over.

Remember that in the event of a breach, the ICO is going to be looking for evidence that you took all practicable steps to protect your data.

Time for a Cyber Security Review?

At IQ in IT, cyber security is our core priority. We work closely with businesses to make sure ALL their in-roads are secured so as to provide the best, most sophisticated levels of protection possible. To request your cyber security review, please get in touch.