Tag Archives: cyber crime

Keep your technology safe and secure when travelling for business

By Emma Drew

August 17, 2016

Keep your technology safe and secure when travelling for business

Advancements in technology have made business travel easier in recent years but there are still a number of security risks to consider before travelling including cyber-crime which is a growing concern for many businesses operating overseas.

Cyber criminals conduct their attack through numerous sophisticated methods to obtain sensitive corporate data through phishing, whaling and other forms of social engineering.

Before travelling it is advisable your company carries out a risk assessment to ensure company information is safe and secure whilst working overseas.

Failure to implement appropriate security measures could result in data loss and lead to a breach of confidentiality, damage to business reputations, financial losses and compromised client relationships.

Tips on keeping your technology safe when travelling:

  • Do not leave electronic devices unattended including mobile phones as SIM cards could easily be removed by someone to make expensive calls from your account.
  • Ensure locks are secure in your hotel room to avoid someone breaking and entering to steal your valuables.
  • Be cautious when using public networks in hotels and cafes as pop ups could be malicious spyware.
  • Entities in foreign countries have been known to create fake security updates when a user connects to the local network and then installs malware and spyware to the user’s computer.
  • Ensure your computer is installed with the latest anti-virus, spyware, security and firewalls.
  • Before you travel it is wise to email yourself electronic copies of your passport, travel documentation, driver’s licence and credit cards in the event these items are lost or stolen. Therefore you must ensure your email account is locked by a password only you have access to.
  • Clear your internet browser after each use.
  • Never store valuables or electronic devices in checked luggage.
  • If you run into trouble keep the phone number and address of your Embassy or Consulate in the country you are visiting
  • Be cautious when speaking to strangers who could be probing you for personal information and be aware of your surroundings as conversations may not be private.
  • When you return from your visit review your computer system and electronic devices for malware and change all passwords including voicemail.

Travel is a necessary requirement for conducting business agreements overseas and should be a legal obligation of organisations to ensure both staff and company equipment are protected when working abroad.

Travel insurance can provide protection to cover the costs of stolen technology and cyber policies can also provide valuable access to specialist resources in the event of a loss of data or system failure, but you should check with your insurance provider first before you travel to ensure business travel is conducted as safely as possible.

How can we help?

For more information please speak to your usual insurance representative or call us on 0121 698 8000.

Back to top

Would your club survive a whaling attack?

By Emma Drew

June 21, 2016

Would your club survive a whaling attack?

 

Earlier this year a volunteer run Tennis Club, was targeted by a new but increasingly common type of phishing attack. The treasurer of the club received a series of emails that purported to be from the chairman, requesting that the treasurer urgently transfer over £10,000 into an account to make a payment that was overdue, and could cause problems for the club if it wasn’t paid quickly.

The fraudsters email looked very convincing and so the treasurer went ahead and made the payment. As you can appreciate, the loss of such a large sum of money was devastating to the club.

This type of attack, known as whaling, is a new form of “phishing” in that it targets one “big fish” organisation as opposed to many smaller consumers and is a highly profitable scam. In recent months several sports organisations, including small clubs and National Governing Bodies, have found themselves the victim to such an attack.

Although cyber-attacks may seem complex, some of the most successful hacks have been achieved using simple methods such as social-engineering to trick their target into transferring large amounts of money straight into a fraudulent account. They don’t even need to use malware technology to gain access to your organisations software.

Cyber criminals conduct their attack by carrying out extensive research into the functional divisions of an organisation by taking information from your company’s website and social media sites such as Facebook, Twitter and LinkedIn to find information on staff within that organisation.

The attack is delivered in the form of a hoax email from a spoof domain name that appears to have been sent by the CEO of the company to the finance department, urgently requesting money to be transferred to an external account. Cyber criminals will impersonate the CEO by engaging in conversation with their target by asking questions such as “Are you in the office today?”, “Can you do me a favour and transfer this money to this account” for a payment request that requires a single sign off to process the transaction.

Unlike other types of spam, whaling emails are more difficult to detect because they don’t have suspicious looking hyperlinks attached that could deter a person from opening an email. The layout of the email is usually well written, inconspicuous and appears to be genuine.

Tips on protecting your club from a whaling attack:

  • Provide training and education for your staff and volunteers, particularly those with management and financial responsibility and ensure they are aware of this type of scam.
  • Demonstrate examples of how sports clubs and organisations have been caught out in the past by similar attacks.
  • Carry out a simulated test within your club in how to identify and prevent a whaling attack.
  • Set up an alert system that flags up emails that have been received from outside of your sports organisation.
  • Register with a domain alerting service that notifies you when a domain has been created that closely matches your organisations domain.
  • Revise and review your financial procedures for sending payment to external parties.
  • Keep software up to date and frequently run malware and spyware checks. Inform staff and volunteers about the dangers of opening suspicious looking emails, especially if the email fails to display the senders details in the footer from the organisations address book.

Andy Goulbourne, Associate Director of Sport and Recreation from Perkins Slade adds:

“Cyber-attacks against large corporations are in the news on an almost daily basis but these types of low level frauds, targeted against small organisations, can be really damaging. Several of our clients, from small member’s clubs to National Governing Bodies, have been targeted by phishing attacks that have cost them tens of thousands of pounds. However robust your IT security is, it won’t prevent losses resulting from human error or this kind of deception. A specific cyber and data insurance policy could cover the cost of such a loss, and would also provide essential IT and legal support in the event of an attack on your website or in the case of a denial-of-service (DOS) issue in an attempt to corrupt an organisations network to make it temporarily or indefinitely unavailable for its users. This could lead to a loss of revenues and high costs to restore the website as well as causing damage to your sports organisations reputation and customer relations”. 

How can we help?

For more information on whaling attacks and cyber-crime visit Mimecast.com or to discuss your club’s insurance needs call us on 0121 698 8000

* Statistics according to a survey conducted my minecast

Back to top

Fingerprint scanners – are they really secure?

By Editor, Perkins Slade

October 1, 2013

Fingerprint scanners – are they really secure?

The increased capabilities of personal devices has led to many companies, particularly in the SME sector, allowing employees to use their own smartphones, tablets and other devices to access work networks from any location.

 

Whilst this ‘bring your own device’ (BYOD) approach can generate potential cost savings, the devices may not be as secure as company-issued versions. There is often little password protection on personal devices that are linked to work networks, so they are the weak link in the chain of overall network security.

The release of the new iPhone 5s with the Touch ID fingerprint scanner feature has already raised security questions, days after the new phone’s release. Apple have said the new technology is “much more secure than previous fingerprint technology” and that it promises it will better protect devices from criminals and snoopers seeking access.

With thefts of mobile phones accounting for 40% of robberies in UK major cities, security experts have praised the new technology for helping to keep cyber criminals at bay. In the past years, smartphones have become particularly eye-catching to thieves because of their resale value emphasised by the useful data and online banking facilities. The security attribute is one that could appeal to the business consumers.

However, a group of German hackers claimed to have cracked the iPhone fingerprint scanner, Reuters go on to say:

“The Touch ID fingerprint scanner featured in the new Apple iPhone 5s may not be an impenetrable security barrier after all, if the claims of a group of German hackers, which says it has cracked the biometric security system by using a photo of the original user’s fingerprint, are proven accurate.”

The hackers’ group, known as Chaos Computing Club (CCC), said in a post on its website that it had successfully bypassed Apple’s Touch ID fingerprint scanner by ‘using easy everyday means,’ just two days after the device was released.

“Fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fakes out of lifted prints,” a hacker named Starbug was quoted as saying on the CCC’s site.

Senator Al Franken, chairman of the influential US Senate Judiciary Subcommittee on Privacy, Technology and the Law, is one of the many people who have  security concerns, and says,  after stealing someone’s thumbprint, hackers could “impersonate you for the rest of your life.”

Security concerns have been raised, such as:

  • Whether the fingerprint data stored locally on the device in encrypted form could ever be stolen and converted into digital or visual form that would be usable by hackers or fraudsters
  • Whether the iPhone 5S transmits any diagnostic information about the Touch ID system back to Apple or any third parties
  • How well customer fingerprint data will be protected and kept private
  • The exact legal status of such fingerprint data.

Source: BBC News 

According to a recent study, conducted by The Economist Intelligence Unit on behalf of Zurich Insurance, only 8% of SMEs see exposure associated with the developing BYOD culture as posing a major threat despite the considerable impact it brings to the risk profile of SMEs. Consequentially, the need to increase the appreciation and management of the risks through the workforce will be vital.

Let us know what you think, Tweet Us! @PerkinsSlade

 #TechnologyTuesday

To find out about more about Technology insurance email technology@perkins-slade.com or call us 0121 698 8092

 

 


Back to top

  • Focus

    Perkins Slade's e-news alerts providing expert insight on the issues affecting your insurance

    Focus
  • Archive