01271 595001

Cyber Crimes

Cyber crimes are offences which are committed via the internet or otherwise aided by various forms of computer technology. We’ve nearly all heard the terms, but in respect of the legislation in the United Kingdom, which applies and under which ‘form’ of cyber crime?

eNaycH takes a look into the four main forms of cyber crime, but while knowing which legislation applies may be interesting, the importance of knowing what they are and how to stop them is the more important and we would urge everyone to adopt procedures and policies; install/setup appropriate technology/software to reduce and mitigate the potential risks.

Phishing

Is the fraudulent process of masquerading as a trustworthy entity in order to obtain sensitive information such as user names, passwords, credit card or bank information (or indirectly money). It used to deceive users and exploits weaknesses in current web security.

It has multiple forms usually involving electronic means (email, internet etc.) but can also involve phone calls, asking the subscriber to call back (for instance their bank) and reconfirm security questions, or PIN numbers.

In 2016 there were 1380432 reported incidences according to statistic on Wikipedia, slightly down on the prior year.

Legislation: Prohibited by criminal law as fraud.

Malware

Software to cause damage to a single computer, server, or computer network (e.g. virus, trojan horse, rootkits, backdoors and evasion).

Software such as anti-virus and firewalls are used to protect against activity identified as malicious and to recover from attacks

Legislation: Prohibited in the United Kingdom by the Computer Misuse Act 1990.

Spyware

Software that obtains information from a user’s computer without that user’s consent. Spyware can collect almost any type of data, including personal information like internet surfing habits, user logins, and bank or credit account information.

Attacks on privacy and security from malicious software are generally unlawful but the difficulty lies in detection and enforcement, so prevention is so often better than a cure.

Ensure Anti-Spyware is installed, definitions are kept up to date and importantly remember to run the scans!

Legislation: Regulated by all the main legislation in relation to obtaining personal data without consent.

Pharming

Redirecting traffic from a legitimate website to a completely different internet address. It typically involves changing files on a victim’s computer, or tampering with a router to redirect the traffic.

Ensure you change the default password on any purchased router, or the one supplied by your internet service provider (ISP).  Install protection mechanisms to protect a computers ‘hosts’ file.  Software such as Search n Destroy can protect and immunise your computer and stop (where possible), you visiting websites known to cause damage.  Again, it’s important to keep the definitions updated and run regular scans of your system.

Legislation: Computer Misuse Act 1990

Cyber Protection

Unless you live in a digital cocoon; no internet connection, wifi and bluetooth always off or disabled, no USB ports etc. you are strongly advised to ensure your digital devices are protected (as much as they can be, as nothing can offer a 100% guarantee).

eNaycH recommends, based on their own security policies:-

Inbound to your network

Router: Change default admin password.  Seek assistance if necessary to block unused ports, or re-direct to non-existent internal IP address(es).

Router Wifi: Ensure you setup a strong password and if necessary only allow your own devices to connect (check manuals to achieve this).

Devices

Install where applicable and available:-

Firewall, Anti Virus/Malware/Spyware software

Ensure that the relevant definitions are updated on a regular basis and either setup to run automatically when the devices are turned on, or notify if not successfully scanned every 14 days).

Use 2 factor authentication to access the devices and if using a password ensure that you use a strong one.  Don’t use the same password for everything!

Website(s)

Check with your hosting provider about what security measures the already offer as part of your package.  If they provide none then as above, install where applicable and available:-

Firewall, Anti Virus/Malware/Spyware software

Ensure that the relevant definitions are updated on a regular basis and either setup to run automatically when the devices are turned on, or notify if not successfully scanned every 14 days).

Change any default admin/administrator login and hide any user information from view.

Use 2 factor authentication to access the site administration area(s) and if using a password ensure that you use a strong one.  Don’t use the same password for everything!

Backup

Purchase hardware or services that will backup your device/website configuration and more importantly data, if they do not come bundled as part of any other service provision.

Remember that if such data is personal data, being entrusted into your care and not being used solely for your private use, you have a legal obligation and duty to protect it to remain compliant with the Data Protection & Privacy legislation.

If you need any assistance or advice

Password Reset
Please enter your e-mail address. You will receive a new password via e-mail.