5. Agenda
• Background to Connecting & Devon and Somerset; Get up to
Speed;
• Security and Privacy;
• Are you a Cyber Threat?
• 7 steps to Basic Cyber Security
• Risk Management: make a plan;
• Further advice & Support.
6. Connecting Devon and Somerset
• A ground breaking partnership encompassing 6 LA areas to
deliver improved and superfast broadband to rural areas;
• Improved broadband (>2mbps) to every business and
community across Devon and Somerset by 2016;
• Faster broadband (>24mbps) to at least 90% of the area by
2016.
Without this project 700,000 residents and 26,000 businesses,
with a combined turnover of £9 billion, have no certainty of
receiving improved or superfast broadband from a commercial
rollout
8. CDS Broadband Voucher Scheme
• CDS has committed to bringing broadband to everyone within
the programme area. If you are not yet able to receive
broadband speeds of over 2Mbps you may be able to get
connected through the CDS voucher scheme.
• The scheme will provide a subsidy of up to £500, in the form of
a voucher code, to fund the installation of a new broadband
connection. Each premise can choose their supplier with every
solution guaranteeing a minimum of 10Mbps download speed.
• The scheme will run for one year up until the March 2017 and is
open to individual residents, small businesses and communities.
https://www.connectingdevonandsomerset.co.uk/cds-broadband-
voucher-form/
9. The Process
• There are four stages in the process:
Step 1
• Check eligibility and apply online;
Step 2
• Verification & Approval;
Step 3
• Choosing a supplier – If eligible you are granted a voucher code
that can be used to subsidise the costs of installing a broadband
technology chosen by you to suit your property from our list of
available providers.
Step 4
• Agree an installation.
Get online faster with your increased broadband speed.
10. What is Get up to speed?
• Fully funded business and community support alongside roll-out
of Superfast Broadband
• Helping to ensure we all make the most out of the superfast
broadband
Delivered by Cosmic Peninsula Consortium.
11. • Free sessions;
• Showcase new technologies;
• Hands-on Workshops;
• Gadget shows;
• Seminars;
• Briefings;
• Taster sessions;
• Signposting to free advice and support.
https://www.connectingdevonandsomerset.co.uk/get-up-to-
speed/events/
15. While its scale puts it among the largest on record, I
am perhaps most troubled by news that this breach
occurred in 2014, and yet the public is only learning
details of it today US Senator Mark Warner
“The company has demonstrated that it isn’t quick to implement best practices and available
security technologies, such as the delay in encrypting IM communications, implementing https
for its web properties and more. These types of breaches highlight why all companies, need to
be cybersecurity leaders, not followers.” Kurt Baumgartner from Kaspersky Lab
16. “The majority of companies
are still flying blind when it
comes to data security,
because 60 per cent still
think that it doesn’t affect
them,” Barnett said.
Imperva CTO speculated that the
hack was carried out using SQL
injection, the same method an
expert hacker claimed was used to
breach Carphone Warehouse
security in August.
Discussions about TalkTalk’s unencrypted databases and at least
11 so-called cross-site scripting vulnerabilities took place on
online forums used by hackers weeks before the actual attack on
the company was announced.
18. "We're no longer in a situation
where it's a case of 'if I am going
to get breached'. It's more a case
of how often you are going to get
breached and how long those
people are going to be in for."
Cyber forensics pro Dr David Day.
19. Latest figures
• 74% of small businesses, and 90% of major businesses, has had
a cyber breach of security in the last year.
https://www.gov.uk/government/news/uk-businesses-urged-to-
protect-themselves-from-growing-cyber-threat
• Cyber crime cost the UK £27 billion and costs small businesses
on average between £35k and £65k
20. ll
Now Cyber crime has
been included in our
crime statistics for the
first time.
24. 1) Script kiddies: A wannabe hacker.
2) Scammers: Your email inbox is probably full of their work.
Discount pharmaceuticals, time-shares, personal ads
from available women in Russia…sound familiar?
3) Hacker groups: Usually work anonymously and create
tools for hacking.
4) Phishers: Gotten an email recently claiming your bank
account is about to expire? Don’t fall for these jerks.
25. 5) Political/religious/commercial groups: Tend to not be interested in financial gain.
These guys develop malware for political ends. If you think this group is harmless,
think Stuxnet. The Stuxnet worm which attacked Iran’s Atomic Program of Its Nuclear
Facilities was believed to be created by a foreign government.
6) Insiders: They may only be 20% of the threat, but they produce 80% of the damage.
These attackers are considered to be the highest risk. To make matters worse, as
the name suggests, they often reside within an organization.
7) Advanced Persistent Threat (APT) Agents: This group is responsible for highly
targeted attacks carried out by extremely organized state-sponsored groups. Their
technical skills are deep and they have access to vast computing resources.
33. 1. Download Software Updates
• Download software and app updates as
soon as they appear. They contain vital
security upgrades that keep your devices
and business information safe.
• If you don’t update your website,
someone can use a loophole in the old
version of even simple things such as
plugins in order to damage your website.
Visit : www.cyberstreetwise.com/software
34. 2. Use Complex Passwords
One simple way of creating a password is:
• Take the first letters of a phrase you always remember (i.e.
Never cast a clout till may goes out’ Ncactmgo
• Add some characters to the phrase, particularly at the beginning
$&Ncactmgo
• Now add some unique content to help identify the site i.e.
Google GE, $&NcactmgoGE
• Now add some numbers, i.e. 16 $&NcactmgoGE16
• Change your passwords regularly, at least twice a year.
35.
36.
37. Prioritise Passwords
• Make sure you use a different password for your online banking
and email/social accounts.
• Symbols and numbers should be included
38. Store Passwords somewhere Safe
• Store them off line or in a password manager (your password
for your password manager needs to be really complex and not
use anywhere else!)
• Passpack
• LastPass
• 1password
• Keepass
• Trend Micro Password Manager
42. 3. Use anti-virus software & email filtering
You do need to invest in good antivirus, free software isn’t good
enough these days:
• Web root
• Trend Micro
• Bitdefender
• Eset
• Kaspersky
• Many cyber-attacks come through email with a link, install a
good quality email filtering system.
43. • Delete suspicious emails as they may contain fraudulent
requests for information or links to viruses.
• Have a good spam filter in place Fusemail or Hushmail
https://www.sonicwall.com/phishing/
4. Delete suspicious emails
45. • If you are using Dropbox, Google Apps, Office 365 or any cloud
based software, set up two factor authentication
•
• Usually this means you need your mobile phone with you to
approve your sign up. It’s very simple, but it will alert you to any
attempts to access your information.
• Google authenticator
• Authy
• Entrust
5. Set up two factor authentication
46. Make sure everything that’s important to you is backed up. Good
backup services include:
• iDrive
• CrashPlan
• Carbonite
• Backblaze
• Mozy
*http://uk.pcmag.com/backup-products-1/8648/guide/the-best-
online-backup-services-for-2016
6. Back up
47. Things to Consider……………..
1. Pricing plans
All back up services are subscription based; Some online backup
services' prices only cover one PC. How much will it cost you over the
year?
2. Choosing What to Back Up
Different services allow different types of files from differing sources.
Some don't let you protect system and program files. Others don't let
you back up files and folders on external or network drives;
3. Security;
4. When do you want the back up to happen? Fixed or Continuous?
5. Performance;
6. Restoring Folders and Files.
48. 7. Train your staff
• Make your staff aware of cyber security threats and how to
deal with them. The Government offers free online training
courses tailored for you and your staff which take around
60 minutes to complete. Visit
• Website Admin.
51. Have a plan
• Be ready with a plan in place;
• List possible incidents and rate their impact to your business;
• For each incident list communication methods – internal and
external;
• Have email and telephone scripts ready for action;
• How do you know when you are hacked? Analytics.
52.
53.
54. Where do I report online crime?
• Action Fraud is the UK's national reporting centre for fraud and
internet crime, which provides support to citizens and a
reporting service for crime and crime related incidents through
its web based and contact centre channels. Visit
www.actionfraud.police.uk or call the contact centre on 0300
123 2040.
58. Where to get more information, help and advice
• Cyber Streetwise simple advice to help you and your business stay
safe online www.cyberstreetwise.com
• Responsible for Information free training course
www.nationalarchives.gov.uk/sme
• Coelition provide tools and support for businesses, helping them to
provide consumers with personal services that handle data responsibly
www.coelition.org
• Action Fraud Report internet and cyber crime online
www.actionfraud.police.uk
• UK Cyber Security Strategy and programme:
www.gov.uk/government/policies/keeping-the-uk-safe-in-cyberspace
• Get Safe Online www.getsafeonline.org/businesses
Payment Card Industry Security Standards Council Practical advice on
all aspects of cyber protection for small businesses
• www.pcisecuritystandards.org
• Ransomware Information www.nomoreransom.org
59. Summary
• Background to Connecting & Devon and Somerset; Get up
to Speed;
• Security and Privacy;
• Are you a Cyber Threat?
• 7 steps to Basic Cyber Security
• Risk Management: make a plan;
• Further advice & Support.
Protecting any business against the latest web threats has become an incredibly complicated task.
The consequences of external attacks, internal security breaches and Internet abuse have placed Internet security high on the small business agenda. Join the Taunton Jelly and Get up to Speed and find out what do you need to know about security and what are the key elements to ensure your business is and remains safe online.
Go through Housekeeping
To kick things off get learners to introduce themselves;
Write up expectations on a flip chart; explain which will/will not be met.
LA = Local Authorities
Update March 2015: More than 100,000 homes and businesses in the two counties now have access to fibre broadband as a result of the CDS
Almost 90% of those can access speeds in excess of 24mbps
Engineers have installed more than 78,000 km of underground optical fibres
456 new fibre broadband cabinets are now ‘live’
A further 224 fibre cabinets have been installed and are waiting for final works to be completed
Security & Privacy is are the most important things to care about if you own a website. Nowadays, with lots of skilled hackers everywhere around just urging to put their hands on anything they possibly can, your website can suffer some serious damage and that’s why it’s so important to protect you and your precious pages. If you own a business and have a website handling online payments then it’s absolutely crucial to protect it properly
because if it falls prey to the hackers, personal user data such as email addresses, phone numbers and credit card details may be compromised and as an effect you may be facing some serious legal troubles.
Andrew Bailey, head of the Financial Conduct Authority, said an urgent analysis of what lay behind the cyber attack was needed;
It affected around one in seven of the bank's 136,000 current accounts. Suspicious activity was tracked across 40,000 accounts
Details including names, passwords, email addresses, phone numbers and security questions were taken from the company’s network in late 2014 believed to be a state-sponsored hacking group; credit card or bank details were not included in the stolen data.
Four million customers of broadband provider at risk after it was hit by second major cyber attack within the last year
Good Technology VP of global sales Phil Barnett
Major hacks are rising
The truth is, it’s no longer just a conversation for banks and governments, recent hacks and data breaches show that anyone and everyone is a potential victim
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Information is beautiful – Live
Current biggest hacks
Ebay: hackers attacked between late Feb and March; login creditably from a small number of employees and access the database and copied the Information
Evernote: Requested users to change passwords after an attempted hack
Twitter: hackers had access to user and passwords.
In our businesses today we all know that the risks of digital technologies being abused in order to gain access to our systems, processes and data is ever-present. Multiple high profile instances of cyber attacks on businesses have brought this issue to the forefront and made it a key issue for all business leaders to understand and plan around.
In other words cyber-attacks are common and businesses of all sizes, sectors and industries will now find themselves subject to these attacks. Some attacks will appear low-level, for example breaches on your website which result in pages being hacked, or mass-mailing attempts to or from your email servers. Other attacks will be definite and deliberate attempts to gain access to the core systems and data. And indeed an attack which may seem low-level initially could simply be the first stage of a bigger event – the hackers using opportunities to ‘test’ the strength of your security.
Whilst businesses are reaping the benefits of operating online and now earn £1 in every £5 from the Internet, cyber attacks are now considered a serious threat to UK businesses. The latest figures reveal that 74 per cent of small businesses, and 90 per cent of major businesses, has had a cyber breach of security in the last year.
15th Oct 2015
Crime is reducing oh no it’s not!
allowing hackers to take over control of the vehicles with passengers inside and the first website hacking attempt (DDoS) has been made by smart fridges!
Hackers have found a way to exploit a Samsung smart fridge in order to access the owner's Gmail credentials
Can’t deal with the attack! No money resources.
It’s often Kids in any web company will happen in summer holidays/dark web they can play a game; get points;
Script kiddies: A wannabe hacker. Someone who wants to be a hacker (or thinks they are) but lacks any serious technical expertise. They are usually only able to attack very weakly secured systems.
2) Scammers: Your email inbox is probably full of their work. Discount pharmaceuticals, time-shares, personal ads from available women in Russia…sound familiar?
3) Hacker groups: Usually work anonymously and create tools for hacking. They often hack computers for no criminal reason and are sometimes even hired by companies wanting to test their security.
4) Phishers: Gotten an email recently claiming your bank account is about to expire? Don’t fall for these jerks. They want your personal information and, most likely, your identity, by directing you to a phony websites.
5) Political/religious/commercial groups: Tend to not be interested in financial gain. These guys develop malware for political ends. If you think this group is harmless, think Stuxnet. The Stuxnet worm which attacked Iran’s Atomic Program of Its Nuclear Facilities was believed to be created by a foreign government.
6) Insiders: They may only be 20% of the threat, but they produce 80% of the damage. These attackers are considered to be the highest risk. To make matters worse, as the name suggests, they often reside within an organization.
7) Advanced Persistent Threat (APT) Agents: This group is responsible for highly targeted attacks carried out by extremely organized state-sponsored groups. Their technical skills are deep and they have access to vast computing resources.
Norse Attack – Shows the live cyber across the world.
This Cyber Security Information Portal (CSIP) is a unique resource providing practical advice and step-by-step guidelines for general users, SMEs, and schools
Chatham Town were at the centre of a jihadi attack, after a bungling hacker targeted their club website - mistaking it for a Premier League club.
The Muslim hacker, who called himself Abdellah Elmaghribi, targeted Chatham Town website on Saturday ahead of its clash with Tilbury FC - which attracted a crowd of just 63.
The website was shut down for 12 hours after an image of a machine-gun wielding man wearing a gas mask was posted with a message asking: 'Where is the security?'
11;00 attacks on the London Olympics Site every second.
the 2016 Summer Olympics in Rio de Janeiro highlighted unbelievable athletic performances, the spirit of competition and cyber-security vulnerabilities, as waves of cyber-attacks hit organizations at both the city and state level, along with other government and Olympic websites. Throughout the games, there were reports that the Anonymous hacking group had been trying to disrupt the Olympics to call attention to humanitarian and political issues in Brazil using distributed denial-of-service (DDoS) attacks and data dumps, while actively targeting more personal, financial and log-in information. The attacks made the Olympics yet another wake-up call for organizations still vulnerable to common attack vectors. In these situations, it's often the underprepared who become targets and feel the full brunt of the attacks although every organization associated with the Olympics was a potential target when the goal was publicity.
Travel West – Local Bus Company in Bristol
Muslim extremists hoping to disrupt international travel across the Western world fell a little short of their goal when they hacked into a Bristol bus timetable instead.
A group calling itself, Darkshadow - an Arab Security Team – mistakenly hijacked TravelWest’s journey planner website and replaced it with a sinister Islamic State-style black page.
It is thought the cyberterrorists, who claim to be based in Tunisia and the Ivory Coast, believed that by hacking TravelWest, they were infiltrating a major international travel website for Europe and the United States.
Street Wise – A good guide 5 steps into 7. Print Off for this.
Disaster Planning
1. Download software updates
2. Use complex passwords
3 Use antivirus and email filtering
4. delete suspicious emails
5. Use two factor authentication
6. Back up data
7. Train your staff
Having good cyber security measures in place will help protect your cashflow, your customer data and your reputation.
Keeping software up to date is incredibly important if you want to keep your website secure. Countless websites are compromised every day due to the outdated and insecure software used to run them. Updates contain very important security fixes, which may prevent many breaches. If you don’t update your website, someone can use a loophole in the old version of even simple things such as plugins in order to damage your website.
Wordpress sites/ plugins
Download software updates and app updates as soon as they appear. They contain vital security upgrades that keep your devices and business information safe.
Passwords are still the easiest way into most datasets and platforms
Create more complicated passwords for yourself and customers
This sounds like web security basics, but it needs to be said. Both employees and customers struggle to create complex passwords and consistently commit to changing them at least every 90 days. According to SecurityScorecard CEO, Aleksander Yampolskiy, “A big portion of the breaches out there is because of weak passwords.” Companies need to be cognizant and place an emphasis on the importance of avoid simple data breaches due to easy to guess passwords.
One best practice is installing a program on employees’ computers that force them to change their passwords every 90 days with character requirements. Another great method could be to send recurring reminder e-mails and/or website notifications to customers to request that they change their passwords based on character type and minimum requirements.
How many of us will honestly admit to using the same passwords for certain accounts?
Never use any word which is related to you and may be easy to guess, for example by looking at your social media pages. Absolutely never use:
Current partner’s name
Child’s name
Other family members’ name
Pet’s name
Place of birth
Favourite holiday
Something related to your favourite sports team
And never share your password with anyone.
Not essential
Can store up to 100 passwords for free with one user; pricing starts from $1.50 for 3 users,
Your computers, tablets and smartphones can easily become infected by small pieces of software known as viruses or malware. Install internet security software like anti-virus on all your devices to help prevent infection.
Web root – Don’t use free!
Fusemail: 14 day free trail; cloud based services provide simple, secure, and scalable solutions for email security, spam and virus filtering, email archiving and hosted Exchange. From email spam and virus filtering, archiving, encryption and business continuity, more than twenty five million mailboxes around the world rely on FuseMail® every day to ensure secure and reliable delivery of their critical messages.
Hushmail: Small Business plan, $5.99 per user plus set up charge gives you:
Automatic encryption between all your employees and on-demand encryption with anyone outside your company.
The ability to keep your current business email address that uses your own domain
Administrative tools to create, delete and manage users, as well as set up rules that redirect generic email addresses.
Delete suspicious emails as they may contain fraudulent requests for information or links to viruses
Hard drive crashes and editing mishaps aren't the only things online backup can protect you from: There are also more traditional disasters such as fires, floods, and earthquakes, which can spell the end of your digital media and documents. Even if you're among the very few of us who diligently perform backups at regular intervals, those calamities can still result in data loss if you didn't store backups off-site. That's a good reason why an online backup service may be the best way to protect your irreplaceable digital goods.
Backup of your website; ask your web developer.
You never know when your hard drive is going to crash, or when you're going to accidentally overwrite a key file. Use an online backup service to automatically and securely protect your documents, photos, and other media.
Most services encrypt your files with strong systems such as AES 256 or Blowfish before sending them up to the servers. But how the encryption keys are generated is a big differentiator. Several services, such as SpiderOakOne offer a security-and-privacy option in which you alone possess the password, which is never stored on the service's server computers. Others, such as SOS Online and CrashPlan can have you use a separate password from your main account password for the encryption.
The caveat for these higher levels of security and privacy is that, if you forget your passphrase, not even the provider's employees will be able to restore your data. Even if compelled by law enforcement, they won't be able to decrypt your files. Yet you'll want it to be a strong, hard-to-crack password, too, since it will grant access to so much of your digital life. Your best bet is to use a password manager to keep track of it for you.
The speed with which a service can prep your files (usually involving encryption and compression) and transfer them to their servers doesn't only impact how long it will take to get a large amount of data—often numbering many gigabytes—up to the servers. The speed also affects how much of an impact on your computer its processing will have. Make sure to check out our speed test results in the review of any service you're contemplating purchasing.
Sometimes, your employees just do not know that it is not good cyber hygiene to send sensitive customer data via e-mail. Clearly distinguish and teach your employees on what information should be sent via email and what should not. If they need to send that information via e-mail, then make sure that you have a strong data encryption service in your e-mail system.
Website
According to Jayne Friedland Holland, Chief Security Officer and associate general counsel at technology firm NIC Inc., it is also a good idea to educate your employees about any laws that pertain to protecting customer data, as they have a legal obligation to protect sensitive customer personal information.
This free 60 minute e-learning module helps you and your staff understand information security risks and how to protect against fraud and cyber crime.
Other courses available are For HR Professionals; For Lawyers and Accountants; For Procurement Professionals.
You are required by law to protect data you hold and process about your customers, suppliers and staff. Find out more about the Data Protection Act and get simple, practical advice on how to keep your customers, suppliers and employees’ personal information secure
What is directly at risk?
Your money, your IT equipment, your IT-based services and your information. Information is an asset that can take many forms: client lists, customer databases,
your financial details, your customers’ financial details, deals you are making or considering, your pricing information, product designs or manufacturing processes. There is a risk to your IT services and information wherever they are stored, whether
held on your own systems and devices, or on third-party hosted systems (the cloud).
Cyber risk is not about technology alone; it’s about people and processes; leadership and management
Who is responsible for business-critical data and systems – as well as representatives of IT security, information security, procurement, human resources (HR) and legal?
On Tesco Website
SW Cyber Security Cluster working with businesses across the region to increase awareness and encourage improvement.
South West Cyber Security Cluster; We support businesses of any size, from SMEs to Public / Private Sector. Our members can meet with you to understand your needs and requirements. Through consultations we can help you be one step ahead in Cyber Security
If your business has been a victim of cyber crime, you can report it to the police via Action Fraud.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a Regulation by which the European Commission intends to strengthen and unify data protection for individuals within the European Union (EU). It also addresses export of personal data outside the EU
Directly applicable to all EU member states without a need for national implementing legislation.
Create and enforce privacy throughout your systems' lifecycles to meet the "privacy by design" requirement, whether you buy or develop. This will ensure privacy controls are stronger, simpler to implement, harder to by-pass and totally embedded in a system’s core functionality.
Prepare your organisation to fulfil the "right to be forgotten", "right to erasure" and the "right to data portability". A strategy covering topics such as data classification, retention, collection, destruction, storage and search will be required – and it should cover all mechanisms by which data is collected, including the internet, call centres and paper.
Read up on this
Courses on the future; store and you will liable
Shows you how to put technical measures in place to protect your business against the most common internet threats. You can also apply for a Cyber Essentials badge to demonstrate to customers your business takes this issue seriously. Cyber Essentials is recommended by Government for all organisations which rely on the internet.
Next steps for a business; goes into deeper; if you have contracts with government in future will ask you to have this in place.