A Derby based IT expert has issued his top tips to help combat cyber crime, after a sharp rise in reports during Covid19, saw costs to UK computer users reach almost £2M.
The advice comes from Andy Flinn,managing director at Derby-based RDS Global, after The Action Fraud agency said that it had received 678 reports of cyber crime related to Covid-19 scams, totalling £1,866,550.
The online scams include online shopping rip-offs where people ordered masks, sanitisers and other items which never arrived, phishing cons aimed at tricking recipients into opening malicious attachments allowing them to steal sensitive information, and NHS ID being sold on the dark web.
The UK National Cyber Security Centre (NCSC) has also revealed that an increasing number of cyber criminals and other malicious groups online are exploiting the virus outbreak for their own personal gain.
Some of the scams include emails containing malware which claim to have come from the Director-General of the World Health Organization (WHO), and others which claim to provide face masks and thermometers to fight the coronavirus infection.
The agency has also seen cyber criminals scanning for vulnerabilities in software and remote working tools with offices across the world closing and having their employees working from home.
Andy, from Derby based RDS Global, whose firm has stepped up its operations to offer support to increase working-from-home capacities, issued the following tips to combat the scammers:
1. Network Security
Protect your networks from attack, defend the network perimeter, filter out unauthorised access and malicious content. Monitor and test security controls.
2. Home and Mobile Working
Develop a remote working policy and train staff to adhere to it. Apply the secure baseline conditional access and Multi Factor Authentication and protect data at rest and in transit.
3. User Education and Awareness
Produce user IT security policies covering acceptable and secure use of your systems. Maintain awareness of cyber risks and send out ongoing updates.
4. Malware Protection
Produce relevant policies and establish best breed anti malware defences across your systems.
5. Removable Media Controls
Produce a policy all access to
removable media. Limit media types and use. Scan all media for malware before importing but only if necessary. In general lock down ports and do not allow access rights.
6. Secure Configuration
Apply security patches on all occasions and ensure the secure configuration is maintained. Develop a common image and set up process for all devices.
7. Managing User Privileges
Establish an effective management
process for current employees, starters and leavers. Limit the number of privileged accounts and monitor user activity and audit logs.
Establish a monitoring strategy
and produce supporting policies. Undertake continual monitoring and be on guard for unusual activity – it will probably indicate an attack.
9. Incident Management
Establish an incident management
response and disaster recovery plan. Produce supporting policies and provide specialist training. Report to the NCSC, ICO, NIS and law enforcement agencies.
10. Set up a Risk Management Regime
Review the risks to your organisation and systems, attaching the same importance as legal, regulatory, financial and operating risks. Set up a risk regime that is supported from the directors and achieve cyber essentials – this is the Government framework to allow all businesses and their employees to stay cyber-safe during these difficult times and for ever-evolving sophistication of cyber attacks.
The RDS Global team will be providing advice at the We Fight Fraud Live online conference from 2pm on Tuesday, April 28, alongside industry experts including Tony Sales, dubbed Britain’s biggest fraudster, in addition to leading law enforcers, other subject experts and ex-criminals.
To book a seat at the webinar go to www.wefightfraud.org/live. It is free to register but some of the sessions cost £20 to attend.
To find out more about RDS Global, visit www.rds.global