This year’s publication of National Crime Statistics from the ONS saw an increase in overall crime figures. Whilst most crimes recorded year on year had fallen, including violent crime, burglary and vehicle crime, the inclusion this year of 2.5m reported instances of cyber crime, crimes committed online, pushed the average recorded figure above last year.
Well publicised attacks by hacker groups such as Lizard Squad, LulzSec and Anonymous against governments, corporations and banks and other large organisations such as CIA Directors, the IRS, Samsung, Vodafone, TalkTalk and Sony highlighted how far behind industry and governments organisations were compared with the abilities of those looking to attack them.
Less reported then were the countless breaches in smaller companies and the huge number of compromised email accounts, downloaded viruses, phishing scams and other less salacious crimes worldwide. Some of these make up the 2.5m reported in the UK this year. Of course, the number of unreported crimes is likely to be much larger.
The legal industry, which transmits millions of pounds for house purchases, business transactions and claims, is a popular target for cyber crime. Partly this is due to the slow progression of digital technology in law in the UK, but also the massive variety of abilities of clients.
We are keen to stay ahead of the technology available to online criminals and we have successfully dealt with cases of cyber crime such as online fraud working with computer experts and security advisors. We advise on the best way to deal with these kinds of attacks or even petty infringements and provide our contacts to our clients so they can have the benefit of the expert advice we do.
The law is slow to react to cyber crime, with jurisdictional issues and a lack international cooperation complicating authorities’ abilities to pursue criminal activity online. Policing suffers from a lack of funding in the area of cyber crime. Many police forces, security agencies and government departments are well behind the curve with their own security, as the number of reported breaches each year attests.
Let’s look at the most common forms of cyber crime and what steps can be taken, by businesses and by individuals, to prevent personal information from falling into the wrong hands.
Email scams and phishing
Phishing is the terms used for fraudulent emails, perhaps from a hacked email account of a friend or perhaps purporting to be from a company or organisation you trust. More often than not the email will look to direct you to another site where you will be asked for private information or to open an attachment containing a virus.
Pharming commonly means taking over or subverting an existing website domain and tricking its regular users into re-entering personal information.
This is where hackers will use software to intercept transmissions within a Wi-Fi network subsequently allowing them full access to large amounts of data on your computer or mobile device. This is particularly prevalent at premises which offer Wi-Fi access as parts of their business, such as coffee shops or bars.
Rogue Wi-Fi hotspots
Establishing a Wi-Fi hotspot in a busy area, perhaps purporting to be that of a nearby business. When someone logs on to use the service, those running the fraudulent hotspot have a great deal of access to most devices using the network and can steal private information such as passwords, addresses and banking details.
Brute force password attacks
Using software to try all possible combinations of passwords for an email account. Once obtained, the hacker is able to use this email address to send emails phishing for information to all addresses connected to that account.
Despite such a variety of ways cyber crime can have an effect on both businesses and individuals, a large variety of levels of competency and investment in security continues. Access to the internet via mobile devices has become commonplace over the last ten years but education on some of the most basic ways to defend against cyber crime is patchy.
Owners of mobile devices can be very young children, vulnerable individuals such as those with disabilities or the elderly are most at risk but the average user is all too often unaware of how best to protect their personal information from cyber crime.
What steps can you take?
As cyber crime attacks increase in number and sophistication, so do the measures businesses and individuals can take to make their online information more secure:
Passwords which are too simple, perhaps even the default password of the device (especially those of routers for home or small business networks) are easy to crack. Try to make sure you use at least 8 characters and a mixture of cases and numbers.
If you find you have too many passwords to keep track of, don’t be tempted to make them all the same. Instead, consider using one of the many password storage systems. These applications will generate secure passwords for you, store them and need only one master password to access.
Be careful of where you connect
If you access the internet with a mobile device frequently, be selective about where you access Wi-Fi networks and what you do on them. Do not log on or send sensitive information such as account details from networks you are not confident are secure or genuine.
Using https connections where available significantly reduces the opportunities for a number of attacks. Most email providers, banks and companies with an online presence use https instead of http and many devices will allow you to prefer https or even only allow https access.
If your hard drives are encrypted it makes it much harder for a would-be attacker to access information even if they have access to your computer. Encryption software is often available for free and many devices come with an encryption option pre-installed.
Many services will give the option for two or more steps of verification. You may well have seen this with your bank or email account. Whether it be confirmation of a phone number, an authentication email or a separate passcode for new devices, the extra step of verification is designed to require information only available to the original user.
Foreign royalty looking to send money to family or prize draws you did not enter may be easy to spot but your assessment of all incoming emails should be sceptical. If other people use your network, make sure they are aware of the appearance of pop-ups and bogus warnings.
Security is only as strong as the weakest link. Even if you have uncrackable passwords, filtered emails a strong firewall and encrypted hardware on your devices, others using your network may not. Particularly the very young and the elderly can be vulnerable to a number of the scams and attacks which make up this year’s crime statistics.
Make sure than everyone using your networks and accounts has a good understanding of how to access them and the threats from different mechanisms to collect personal data.
Confirm your household or business understands the likely appearance of bogus emails or attachments and how to dispose of them
Businesses should train their staff to a universal level and not take it for granted that every employee will have similar levels of understanding. Private browsing should be subject to clauses in employment contracts and be treated as seriously as door access or banking responsibilities.
Addressing these fairly simple security issues greatly reduces the risk of your personal data falling into the hands of criminals. Of course, there are plenty more steps which can be undertaken to help prevent cyber crime.
There is always a balance between usability and security. The ability to send money and make purchases, communicate and learn online is an incredibly useful facility and the more complicated the security needed to access these services become, the less user friendly it becomes. Finding the appropriate level of security for your personal devices or business will often depend on how much you stand to to lose.