cyber security

The value of cyber risk assessments and how to reinforce your soft underbelly: your employees

Headlines revealing the latest cyber-attack have cropped up with concerning regularity in 2017. It will therefore come as little surprise to learn that the latest institutions to be found wanting in the cybersecurity department are universities, as reported recently in The Times . Following a Freedom of Information request, the paper discovered that the number of attacks experienced by leading universities has almost doubled in the past two years, with advances in military and energy technology being particularly targeted.

The director of cybersecurity research at the University of Warwick was reported as saying that lax cybersecurity was a problem at many universities. Another security expert claimed this was due to their use of open networks, insufficient investment in both software and staff to monitor security, and the difficulty of managing a range of different networks. While universities are an obvious target for cyber-attacks (many of which appear to be sponsored by nation states) due to their rich seam of research data and inadequate defences, every business should be aware of the damage cybercriminals can inflict by disrupting their operations. The ransomware attack on a range of organisations (including the NHS) demonstrated this only too clearly earlier this year. Protecting your networks from cyber-attacks Cybercriminals are always looking for the chink in the armour so every business must take cybersecurity seriously to avoid becoming a victim. The first step is to carry out a risk assessment to establish what personal data and other confidential data the company holds and how it is used, transmitted and stored. Once you have identified any weak spots where cybercrime poses a particular risk, the next step is to implement security measures to protect your networks from cyber-attacks. Employees are a weak spot It is right to acknowledge that one of your major weak spots is likely to be your employees. You need to put clear procedures in place, encapsulated in a company policy, to deal with the risk of cybercrime.

And all staff should be trained on what steps they can/should take to prevent it. You can insist that any memory sticks, tablets or mobile phones used by employees outside the workplace must be scanned before using them on company network systems. Indeed, you might even consider whether every employee should have permission to use portable media. Companies should bear in mind the reputational damage it might suffer if found to be excessively monitoring employees You can consider taking out insurance or engaging a third party to manage your cybersecurity where the risk of attack is high or the implications particularly severe. Employees use of social media can also compromise your cybersecurity unless you have a clear social media policy that sets out limits to social media use in the workplace. This is particularly relevant where employees work with, or have access to, sensitive information. Individuals right to privacy versus security Naturally, there are implications for companies which need to monitor and store employee information or data. Any such monitoring must be proportionate and carried out in accordance with the Data Protection Act 1998. Individuals rights regarding their data will be further strengthened by the introduction of the General Data Protection Regulation (GDPR) in May 2018.

The Employment Practices Code contains further guidance for businesses on monitoring employees at work. You need to inform employees that they may be monitored and it may be necessary to seek employees express consent in cases where employee communications are being intercepted. Failure to do so could mean a business facing a claim for damages from the sender, recipient or intended recipient of the communication. Employees also have a right to privacy under the Human Rights Act 1998. An employee can bring a claim for unfair dismissal where they believe their dismissal was based on evidence gathered about them through their employer s monitoring equipment that interfered with their right to privacy. Companies should also bear in mind the unquantifiable reputational damage that it might suffer if it is found to be excessively monitoring its employees. All businesses can be badly affected The bottom line, as university cybersecurity chiefs will attest, is to: Carry out a risk assessment Invest in security measures to keep your networks safe Train your staff to understand the risks to the business from cybercriminals Put clear policies in place so everyone knows what they can and cannot do in relation to portable devices and social media use Although cybercrime poses a particularly virulent threat to high-tech research, development and manufacturing organisations, everyone needs to be aware that a cyber-attack can have very serious financial implications for any business. Free Download: the CyberSecurity Crashcourse Are you even aware if you have been the victim of a cybersecurity breach? This report will help you to find out and protect yourself, Eric Hansleman from 451 Research presents a rapid-fire overview of cybersecurity , because a firewall just won t do, you need multi-layered defences to truly protect your data.

Click here to download now Related Topics How to follow up sales leads following IFSEC and FIREX International How content marketing is boosting web traffic and engagement in the security industry Many engineers are far more valuable than their managers and their salaries should reflect this

Three data breaches that should alarm the healthcare industry

Recent data breaches from the past several years seem to be following a trend. More and more target health service providers, and it s little wonder why. Few industries regularly hold as much sensitive data as the health industry.

Everyone including researchers, insurance providers and doctors keeps not only sensitive health information, but also billing data and unique identifiers, such as social security numbers. While plenty of legislation aims to provide extra protections for patient data, the fact is that anywhere there are humans, there will be errors. What happens in the doctor s office may not be as confidential as we all hope. Here are three of the most recent data breaches in the health industry. Anthem Blue Cross Blue Shield This disaster was one of the biggest data breaches of 2016. The health insurance company is one of the top Medicare providers and partners, and in July, it announced a breach of Medicare members data. Over 18,000 Medicare recipients received notification that their data was no longer secure. Retirees and the elderly have always been a favorite target for spammers and fraudsters. This breach increases their risk significantly.

According to Anthem, the attack came through one of their vendors, LaunchPoint Ventures. Indiana Medicaid Due to an oversight, Indiana s Health Coverage Program left an active hyperlink open that gave direct access to Medicaid recipients information. This data breach revealed full names, addresses, Medicaid ID numbers, doctor information, patient numbers and more. The state of Indiana had over one million people enrolled in their Medicaid programme this April, and the information was available starting in February of this year. The hyperlink was available to the public, so it s difficult to say who had access to the information. Fortunately, Indiana s Health Coverage Program believes the breach has caused no damage to patients. They have offered all notified individuals a free year of credit protection, however, just to be safe. Washington State University This April, Washington State University discovered that a hard drive containing sensitive information concerning survey participants had been stolen. The hard drive was kept in a locked safe, but the safe itself was stolen from storage and has not been found.

Approximately one million individuals may be compromised by this breach. Most survey participants provided names and social security numbers, which are a valuable prize for identity fraudsters. Some participants health data may also be jeopardized. Although there is no sign of the stolen hard drive or its protective safe, WSU has notified all parties put at risk by the breach. Like Indiana s Medicaid programme, WSU has offered a year of free credit monitoring for every notified individual. The university is also taking measures to upgrade and strengthen security procedures to ensure this kind of incident does not happen again. Unfortunately, these three examples are only the tip of the iceberg. New reports and notifications keep hitting the news. Even doctors aren t safe from ransomware.

Ultimately, there is little patients can do to protect themselves, and the burden of responsibility falls heavily on the healthcare industry itself. Free Download: the CyberSecurity Crashcourse Are you even aware if you have been the victim of a cybersecurity breach? This report will help you to find out and protect yourself, Eric Hansleman from 451 Research presents a rapid-fire overview of cybersecurity , because a firewall just won t do, you need multi-layered defences to truly protect your data.

Click here to download now Related Topics Healthcare fire safety: The innovation that outperforms conventional smoke detectors on false alarms and early detection Architect says sprinkler installation at Glasgow Hospital was used as an excuse to flout other buildings standards NHS cyber-attack: cybersecurity experts reflect on the lessons

Free cybersecurity seminar will focus on physical security systems and star ethical hackers

BSIA The British Security Industry Association (BSIA) has announced a free seminar on cybersecurity and data protection for both installers and users of physical security systems. The half-day event will focus in particular on addressing vulnerabilities of physical security products that are connected those that are accessed or operated remotely via the internet. So whether you procure, operate or install IP CCTV, IP access control, IP intruder alarms, IP fire systems and other connected systems, the event is relevant to you.

Also supported by the Fire Industry Association (FIA), the seminar will take place in Solihull, West Midlands on 4 October. The introduction of the GDPR, which comes into force from 25 May 2018, is raising the stakes when it comes to strengthening protections against data breaches. Fines for non-compliance could be as much as 79 times greater than under the existing data protection regime. The GDPR and its implications will no doubt be a big attraction for those who attend the seminar. Cybersecurity experts from the West Midlands Police digital cybercrime team and the Scottish Business Resilience Centre s team of ethical hackers will also deliver presentations. Another session will discuss the Cyber Essentials accreditation, while the BSIA will review its own work in the cybersecurity field. Exhibition space is still available to companies wishing to showcase products and services to a wide range of delegates from the fire and security sectors. A limited number of stands are still available to book, priced at 395 + VAT for BSIA and FIA members, and 495 + VAT for non-members. Registration for the event will be open from 9:00am, with presentations kicking off at 9:45am and the event expected to finish at around 13:30.

A full programme and online booking forms for both delegates and exhibitors are all available from the BSIA s website. Free Download: the CyberSecurity Crashcourse Are you even aware if you have been the victim of a cybersecurity breach? This report will help you to find out and protect yourself, Eric Hansleman from 451 Research presents a rapid-fire overview of cybersecurity , because a firewall just won t do, you need multi-layered defences to truly protect your data.

Click here to download now

Watch: Highlights from IFSEC Southeast Asia so far

IFSEC Southeast Asia The Drone Zone and a business-matching service are making their debuts at IFSEC Southeast Asia, the region s leading fire, security and safety event. The three-day event, which is taking place at the Kuala Lumpur Convention Centre (KLCC), features more than 350 fire and security brands and cutting-edge products in access controls and biometrics, CCTV and surveillance, cybersecurity, drones, fire alarms, fire detection, fire protection, gates and doors, home automation, intelligent buildings, intruder alarms, network security, personal protection equipment, physical security, perimeter protection, x-ray equipment and many other latest technologies in security, fire and safety. Exhibitors include Entrypass, Seagate, Dahua, Comnet, Nemtek, Nocturna, Hikvision, BFT, Falcon Safe, FAAC, Alarms and Automation, Golmar, Entrasys, Magnetic Control, Mobotix, MicroEngine, Propel Network, Senzo, Smartstripe, Ozak, Stratel, Union Light, Videx and many more.

Below you can watch some footage from day one of IFSEC Southeast Asia. With one day left to run, it s not too late to head down to KLCC. embedded content Now in its fifth year, the show attract draws architects, business owners, contractors, engineers, facilities managers, finance professionals, human resources personnel, IT professionals, procurement specialists, property developers, senior management and others from Southeast Asia and beyond. IFSEC Southeast Asia is expected to attract more than 10,000 visitors from 51 countries. Drone Zone The Drone Zone, featuring airborne demonstrations of security drones, is making its debut at IFSEC s southeast Asia edition after two successful years entertaining the crowds in London. Live Drone Flying at#IFSECSEA don t miss out pic.twitter.com/vM9TUWiTQ3 Rachel Eaton (@Rachel_IFSEC) September 6, 2017 Business-matching service The business-matching service, another brand new feature, has matched visitors to the solutions or products that best meet their specific needs. IFSEC Southeast Asia received strong support from Malaysia s Ministry of Home Affairs, Royal Malaysia Police, CyberSecurity Malaysia, Asian Professional Security Association (APSA) Malaysia Chapter, British Security Industry Association (BSIA) and ASIS International (Malaysia Chapter). Thai handover There was also a big announcement at the show: IFSEC Southeast Asia will take place in Bangkok, Thailand next year and every other year subsequently. Mr M Gandhi announcing that #IFSECSEA will be in Bangkok, Thailand in the even years & odd years in KL #PressConference Mr M Gandhi announcing that #IFSECSEA will be in Bangkok, Thailand in the even years & odd years in KL #PressConference pic.twitter.com/e6E04STt5L Rachel Eaton (@Rachel_IFSEC) September 7, 2017 Among the special guests at in Kuala Lumpur were the Royal Thai Police, who met with a number of UK companies in the UK Pavilion, including Nocturna, TDSi, Tensor and Squad Asset Track.

Royal Thai Police meeting with one of our UK companies Nocturna #IFSECSEA pic.twitter.com/VkULSaILaO Rachel Eaton (@Rachel_IFSEC) September 7, 2017 Presentations The Malaysia s Ministry of Home Affairs (MOHA), PPKKM and APSA have organised Conference Perdana, with a keynote address from YAB Dato Seri Dr. Ahmad Zahid Hamidi, Deputy Prime Minister of Malaysia. The seminars are free for all visitors. The Deputy Director of Crime Prevention & Community Safety Department, Royal Malaysia Police has also delivered a keynote address. Keynote address from Deputy Director of Crime Prevention & Community Safety Department, Royal Malaysia Police pic.twitter.com/rx5rGqIqNz Rachel Eaton (@Rachel_IFSEC) September 7, 2017 Dato Sri Haji Mustapa Haji Ali, President of the Asian Professional Security Association (APSA) Malaysia Chapter, also spoke. APSA Presidents opening address #IFSECSEA pic.twitter.com/ekgY1nogla Rachel Eaton (@Rachel_IFSEC) September 7, 2017 Natalya Kaspersky, president and co-founder of InfoWatch Group and Kaspersky Lab, talked about data loss prevention. Natalya Kaspersky from @InfoWatch_ME delivering her conference session on DLP Systems pic.twitter.com/FJtJWSPb4m Rachel Eaton (@Rachel_IFSEC) September 6, 2017 The third and final day Friday 8 September runs from 10:00am-4:00pm.

How public CCTV operators can avoid eye-watering fines under the GDPR

The General Data Protection Regulation (GDPR) comes into force across the EU including the UK from 25 May 2018. With fines for non-compliance potentially being a staggering 79 times greater than under the existing data protection regime, the stakes for organisations in a range of sectors are enormous. As security practitioners are well aware, a CCTV image featuring people counts as personal data just like a date of birth or someone s marriage status or political views.

Jean-Philippe Deby, business development director for Europe at Genetec, very kindly shared his thoughts on the implications for CCTV operators and the wider security industry with IFSEC Global. The conversation touched upon the importance of CCTV gap analyses, managing authorisations and privacy by design, as well as how the GDPR could accelerate adoption rates in the surveillance-as-a-service market. (How physical access systems will be affected by GDPR was also topic under discussion during IFSEC 2017.) IFSEC Global: What are the implications of the forthcoming GDPR on how organisations manage their CCTV systems? Jean-Philippe Deby: I ve heard that the UK was very vocal and implemented this regulation prior to Brexit. So even post-Brexit, from what I understand, the UK will still apply the regulation. Effectively, as this is a regulation and not a directive, all EU countries have agreed to apply it. A fundamental notion of the European Privacy Regulation is that you need to get explicit consent when you acquire people s data. On top of the way they collect information, there s now the notion of responsibility or accountability on how organisations hold this data. The regulation is telling them this is what you know you can or can t do . If they are irresponsible they will be fined.

If they are hacked and data is compromised, they have 72 hours to disclose it to the public authorities otherwise they will also be fined. Because of the lack of consent and the mass accumulation of data, public CCTV basically falls under the category of high-risk data As we speak, organisations as well as the industry as a whole, are reviewing the regulation to determine the steps that need to be taken in order to meet their obligations. How CCTV comes into play is especially interesting for public CCTV. As we know, it s impossible to get the explicit consent of people being filmed. You can obviously announce that you have CCTV in the train station or store, which is how it s done today, but the specific person being filmed can t say hey, I don t want you to record my images. As part of the regulation there s actually a notion that certain data constitutes a higher risk to a person s rights, where organisations need to make a data protection impact assessment test. Because of the lack of consent and the mass accumulation of data, public CCTV basically falls under high-risk data. GDPR Article 35 is where they mention the activities that make data high risk and the steps which an organisation needs to take. IG: What are the implications of being classified as high risk for CCTV operators?

JPD: As I mentioned earlier, it s a learning curve. There are so many different types of data that a lot of people are trying to understand how it s going to impact their organisations, but basically there are two things that come up. For high risk-data they will need what is called a DPO, a data protection officer, who will report directly to the CEO. It will be interesting to see how it impacts small and medium-sized businesses. The other big thing that comes out is that, de facto, they need to build a system which implements what is called privacy by design . For example, encryption is a recommended method of increasing privacy around the information that has been collected. Another area of focus should be the access to the information itself. Breaches don t necessarily come from hackers; they can be internal, either intentional or unintentional. So managing the process of identifying who is connecting to your system and who has access to the system is also key to privacy.

Who do you authorise, for example, to view live images or live recordings? IG: The fines sanctioned by the GDPR are pretty steep JPD : It s either a ‘ 20m fine or 4% of worldwide annual revenue whichever is higher. Many companies with retail branches have billions of dollars worth of revenue. I ve been talking recently to a company that has about $11bn in sales they could be fined $420m. Until now the argument for SaaS was around operational savings. With the GDPR it s really around helping people meet their compliance obligations There is a process in place which means companies will first be warned before being fined, but really, it s about good governance. Compare the cost of a breach or a company s reputation versus the cost of implementing a properly designed and executed solution. But I do believe that the EU will apply fines around data protection as they already apply large fines for other subjects. , Google was recently fined more than ‘ 2.7bn. If an organisation isn t careful about the way they handle data, I believe the EU will apply the full force of the regulation.

IG: It s not hard to imagine court cases where organisations dispute accusations that their cyber-defences were not robust enough JPD : That s true, but the onus will then be on the organisation to demonstrate the steps they have taken. Ultimately, it s all about responsibility. Under the GDPR, an organisation collecting personal information is the data controller and is responsible for handling the data. The GDPR also introduces another player called a data processor. These companies can help data controllers in managing the collection of information by providing adequate infrastructure or services. This is why companies like Microsoft are quite engaged with their cloud offering, because the data processor is almost synonymous with software as a service SaaS. Genetec has a solution called Stratocast, which is surveillance as a service. Small businesses can rely on our solution to encrypt their recorded CCTV, for example. It monitors their systems 24 hours a day to detect hacks or any unusual activity via our utilisation of Microsoft Azure.

It is really to help any businesses where video surveillance is not their core business and they either don t want, or don t have the resources to dedicate one of their employees to monitor the state of their CCTV systems. embedded content IG: So the GDPR could really be a spur for the software as a service market? JPD : Absolutely. Until now the argument was around operational savings. Here it s really around helping people meet their compliance obligations on top of helping them with their operation. It s an even stronger argument as to why they should be looking into those solutions. IG: How does Genetec see its role in preparing the industry for the GDPR? JPD : The GDPR is an incredible framework for something we ve been pushing now for a few years: the security of security. You cannot have trust without security.

Cameras have become IoT devices that connect to IP networks like PCs or other IP devices. So we re making sure tools and processes are available for customers to build the security policy they want to put in place, like encrypting information. A CCTV gap analysis is especially important for end users filming public areas. They are exposing themselves to high risk With certain partners like Bosch for example we even have the ability to encrypt from the camera. So it s all about protecting access to data. It s also about protecting the integrity of that data. And with the GDPR we have the European Commission and the British Government putting in a legal framework, with financial penalties, that ties in very well with what we ve already been pushing. IG: Any tips for how businesses can strengthen their systems before the GDPR comes into force? JPD : I think it s important for companies to do gap analyses of their systems not just CCTV but also how they are collecting information on their website, their CRMs and so forth.

A CCTV gap analysis is especially important for end users who are filming public areas. They are exposing themselves to high risk. But depending on what they have in place and who they talk to, they don t necessarily have to do a full upgrade of their systems. There are ways to simply strengthen systems, but this is where one vendor will differentiate from the other. Another thing is there s a lot of requests for proposals and requests for information happening as we speak. If you were about to invest a large sum of money to upgrade your analogue system to IP, for example, all the people who are going to participate in your project starting with the consultant, but also integrators and manufacturers should explain their take around cyber security. This is part of our security of security message. Again, if your system is monitoring public areas, there should be a chapter within your RFP to have a well explained position and solution to meet your compliance. Even outside GDPR, it is good practice in any case to ensure you utilise the tools available.

Free Download: the CyberSecurity Crashcourse Are you even aware if you have been the victim of a cybersecurity breach?

This report will help you to find out and protect yourself, Eric Hansleman from 451 Research presents a rapid-fire overview of cybersecurity , because a firewall just won t do, you need multi-layered defences to truly protect your data.

Click here to download now

Critical infrastructure industries face eye-watering fines for cybersecurity shortcomings

Cyber consultation The UK government has proposed imposing punitive fines on critical national infrastructure companies that neglect their cybersecurity resilience. The fines, which could be as high as 17m or up to 4% of annual turnover, have been proposed as part of a consultation by the Department for Digital, Culture, Media & Sport. Critical national infrastructure, which encompasses sectors critical to the national economy and normal civilian life, includes energy and other utilities, transport, healthcare and digital infrastructure.

In common with other sectors, these industries are increasingly connecting critical systems via large networks in order to enjoy the benefits of interoperability, data analysis, remote monitoring and management. Although cybersecurity regulations will require significant effort for the companies that are affected, this new legislation by the UK government demonstrates that they understand the severity of cyber threats in today s digital world and the destruction they can cause, if undeterred, says Eldon Sprickerhoff, founder and chief security strategist at cybersecurity firm eSentire. Even if you re not a CNI, cyber threats should concern you. With cybercriminals constantly adjusting their tactics, it is imperative that companies never stop defending themselves by constantly improving and expanding their cybersecurity practices. Managed detection and response and incident response planning are common ways companies can stay ahead of their attackers. The government consultation was opened on 8 August and closes 30 September 2017. Businesses in all sectors could also receive heavy fines 7.9m or 2% of an organisation s global turnover under the forthcoming General Data Protection Regulations (GDPR), which strengthen EU data protection laws. Despite the ongoing Brexit negotiations, the regulations will be incorporated into British law. eSentire has suggested some steps that organisations can take to make their systems less vulnerable to cyber-attack: Encryption store sensitive data that is only readable with a digital key Integrity checks regularly check for changes to system files Network monitoring use tools to detect suspicious behaviour Penetration testing conduct controlled cyber-attacks on systems to test their defences and spot vulnerabilities Education train your employees in cybersecurity awareness and tightly manage access to confidential information Free Download: Securing the UK s borders.

Getting national security and Brexit right first time is crucial , we do not want to get this wrong.

This report considers the implications of leaving the EU for the management of the UK s borders and making it as easy as possible for international business to thrive and legitimate movement to occur in a post-Brexit UK.

Click here to download now

Online security threats you need to protect your business from

Cyber criminals are continually coming up with newer more sophisticated ways of attacking businesses, which can make it hard to stay protected from the latest threats. The role of the web in running a business is also increasing, giving criminals more potential targets. According to 2017 s Cyber Security Breaches survey, 85% of businesses now have websites, 59% have social media pages and 61% hold personal customer data electronically.

The survey found that nearly half of all UK businesses were hit by a cyber attack in the past year. The consequences of such attacks ranged from websites being taken down and software being corrupted, to loss of access to third party systems the businesses relied on. The data held by retailers is making them a prime target for hackers and the number reporting data breaches has doubled in the past year. While there are numerous types of online attacks, the following are some of the most common ones your business needs to be protected from. Fraudulent emails are the most common type of attack experienced by businesses in the UK Ransomware The cyber attack on the NHS in May brought ransomware to the attention of many people, who may previously never have heard of it. Such attacks either completely lock users out of their computers, or encrypt their information, and demand payment in order to restore access. For the attackers to gain access to your system, someone usually needs to download an infected attachment, or click on a link. How to protect yourself To begin with, employees need to be taught to be wary about emails from senders they don t recognise. It s impossible to guarantee you ll never fall victim to such an attack, so you also need to back up your data.

This means you won t have to experience significant downtime, which can affect your business operations. Phishing Phishing attacks send out emails designed to trick the sender into revealing sensitive information, such as passwords or personal details. Criminals then use these details for further crimes, like identity theft. Fraudulent emails are the most common type of attack experienced by businesses in the UK. How to protect yourself Employees need to be educated about the risk of sharing sensitive information online. Rather than calling the phone number given in such emails, or clicking the web address, it is best to find out such information yourself to ensure it is legitimate. CEO fraud/whaling Unlike other attacks which target users en masse, whaling or CEO fraud is designed to hit specific companies. The attackers spend time researching their victim and gathering information they can easily find online. Employees also need to learn to look out for telltale signs an email may not be genuine, such as a slight alteration in the format of the email address They use the information to impersonate senior executives at companies and send out emails in their name.

They ll then ask for large sums of money, or sensitive information. How to protect yourself Intelligent email security can be used to check if emails are from a genuine source. Employees also need to learn to look out for telltale signs an email may not be genuine, such as a slight alteration in the format of the email address. Hackers sometimes simply add an extra symbol or letter to the real email address. Sensitive requests should also be verified via another channel before they are authorised. Simply calling the email s sender to confirm the request is enough to identify such attacks and prevent huge losses to your business. Malware Malware is an umbrella term for several types of attacks including viruses, worms and trojans. Viruses can be sent via emails, or automatically downloaded when you visit an unsecure website. They replicate themselves and spread through computer networks where they cause damage to files, or even allow criminals to access your computer.

You may not know you ve been infected with a worm or virus until your computer begins to slow down or programs start to crash repeatedly Worms exploit security vulnerabilities in operating systems and can give attackers the ability to remotely control your computer. They can do this to several computers, which they then use to create a network to carry out further attacks like distributed denial-of-service attacks. DDOS attacks are used to overwhelm websites and cause them to crash. You may not know you ve been infected with a worm or virus until your computer begins to slow down or programs start to crash repeatedly. You can also be unwittingly infected by trojans which infect your computer by getting you to download software which appears to be legitimate. How to protect yourself Installing security updates and patches to operating systems and software is crucial to remaining protected from such attacks. Firewalls and anti-virus software can also be used to prevent criminals from infecting your computer. If you re unsure about a website, look for the HTTPS letters at the start of the URL, which indicates it meets certain security standards. It s best to have several layers of cybersecurity, which use a number of methods to protect your business Password attacks Guessing passwords is another incredibly common way attackers can gain access to your business.

Password cracking software can be used to go through all the words in the dictionary and any common combinations. It can run through thousands of combinations in seconds, which means even if you only disclose partial information you ll make their job easier. How to protect yourself Strong passwords need to make use of a combination of letters, numbers and symbols, which don t make up a word, or use an obvious date like a birthday. A good way to set a strong password you ll remember is to use the first letter of each word in a phrase. Always change the default password you get for any system and limit the number of unsuccessful login attempts someone can make. Security essentials Antiviral software, firewalls and backing up data are just some of the fundamental security measures you need in place. It s best to have several layers of cybersecurity, which use a number of methods to protect your business. In many cases, humans are the weakest link, so you can achieve a lot by training staff in cybersecurity. The Cyber Essentials scheme addresses the most common online threats, which use widely available tools and require little skill.

The government-endorsed scheme focuses on ways to protect yourself from hacking, phishing and password guessing and is a good way to ensure you have the essential security controls in place. Free Download: the CyberSecurity Crashcourse Are you even aware if you have been the victim of a cybersecurity breach? This report will help you to find out and protect yourself, Eric Hansleman from 451 Research presents a rapid-fire overview of cybersecurity , because a firewall just won t do, you need multi-layered defences to truly protect your data.

Click here to download now

The growing menace of cyber-attacks targeting critical national infrastructure

infographic The number of cyber-attacks targeting critical infrastructure grew by 20% between 2014 (245 incidents) and 2015 (295 incidents), according to a 2015 report by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). The infographic below, which was designed by Norwich University s online Master of Science in Information Security & Assurance degree programme, provides some insights into the growing problem. It explores how attacks breach computer networks in the energy sector, transport and other critical infrastructure, as well as the economic impact and efforts to mitigate risk.

Free Download: Securing the UK s borders. Getting national security and Brexit right first time is crucial , we do not want to get this wrong. This report considers the implications of leaving the EU for the management of the UK s borders and making it as easy as possible for international business to thrive and legitimate movement to occur in a post-Brexit UK.

Click here to download now

Hanwha Techwin wins Cyber Essentials certification to burnish cyber credentials

Hanwha Techwin Europe has been certified as compliant with the UK government-backed Cyber Essentials scheme. In gaining the certification, the video surveillance brand has proven that it has procedures in place to minimise the threat of a successful attack on the company s IT infrastructure and laptops used by employees working remotely. The Department for Business, Energy & Industrial Strategy set up the scheme to help organisations protect themselves against the most common types of cyber-attacks.

We are constantly evaluating and updating our IT security in order to negate the risk of any disruption to our business or our business partners, said Bob (H.Y.) Hwang Ph.D., Managing Director, Hanwha Techwin Europe. Our cybersecurity programme is a key element of our WE MOVE with trust philosophy and reflects the proactive stance we are taking to protect confidential data. Beyond the scope of the Cyber Essentials scheme, we remain vigilant to ensure our Wisenet cameras, recording devices and software entrusted to protect property, people and assets are equipped to minimise the threat from cyber attacks. We have a sustained testing and monitoring programme designed to identify evolving new threats to the integrity of our solutions. We are determined to be open and honest with our customers when new cybersecurity threats are identified and will move quickly to develop further advanced versions of our firmware to combat them. Free Download: the CyberSecurity Crashcourse Are you even aware if you have been the victim of a cybersecurity breach? This report will help you to find out and protect yourself, Eric Hansleman from 451 Research presents a rapid-fire overview of cybersecurity , because a firewall just won t do, you need multi-layered defences to truly protect your data.

Click here to download now

Bitcoin exchange seized over $4bn money laundering indictment, but regulations remain a minefield

Cryptocurrencies Six US law enforcement agencies, including the Secret Service, recently seized a bitcoin exchange, despite the fact it was registered in another country. Alexander Vinnik, alleged to be the operator of BTC-e, has been charged with 19 counts of illegal money transmission and money laundering. Vinnik and the bitcoin trading platform stand accused of laundering more than $4bn worth of illicit funds since 2011.

The value of bitcoin reached record highs recently, breaking through the $4,500 barrier. The world s most widely used cryptocurrency, which is transacted between parties without an intermediary such as a bank, is used widely in cybercrime. In the wake of several high profile ransomware attacks, many businesses in the UK have preemptively purchased Bitcoin in case they need to pay a ransom to unlock time-sensitive files. A leading cybersecurity executive believes improving regulation of the cryptocurrency won t be easy, but directed wisely, could be very effective in undermining bitcoin s value to criminals. Recent raids of by US law enforcement agencies against the companies involved in bitcoin mining and exchange business, probably exposed a lot of inconvenient truths about the dark side of unregulated cryptocurrencies, said Ilia Kolochenko, CEO of cybersecurity firm High-Tech Bridge. We should expect more attempts to regulate bitcoin and other cryptocurrencies. However, few of them will likely be successful due to technical infeasibility. Nonetheless, the administrative burden and costs, and severe penal sanctions for non-compliance can play a major role and preclude cybercriminals from using bitcoin in total impunity. It s similar to gold: if you cannot sell it for cash, or other tangible and untraceable goods, it becomes useless.

Free Download: the Cyber Security Crashcourse This report contains 40 slides packed with insight into the trends shaping the industry and how you can protect yourself.

Eric Hansleman from 451 Research presents a rapid-fire overview of cyber security.

Click here to download now