Newsletter & Blog

Newsletter No 1

CYBER SECURITY AS YOU'VE NEVER THOUGHT OF IT BEFORE

H2 Cyber Risk Advisory Services

H2 Cyber Risk Advisory Services

154 followers
No alt text provided for this image

The New Scam on the Block

A new and nasty scam has emerged, according to at least 4 High St Banks. It starts when a fraudster contacts their victim – usually by phone, although it can also be by text message, email or via social media. The scammer pretends they are getting in touch from the victim's bank, the police, or National Crime Agency, and falsely warns their victim that their bank account has been compromised and that it is now dangerous to use their own name and personal details to set up a new account. They tell them that a 'safe' account will have to be set up in a different name, and that they will organise this for them but will take a while. In the meantime, the victim is told to transfer their money to a friend or family member. And to gain further trust, the scammer says they do not want to know where the money will go, as they should not trust anyone else other than the person they are temporarily sending the money to.

The victim dutifully moves their money to a family or trusted friend's account. But after a few days, the fraudster then gets back in touch with the victim offering routine updates, to gain further trust. And after a bit more time, they inform them that a new bank account has been set up on their behalf and it is safe for their trusted loved one to transfer the money into it. 

Therefore if the victim's loved one receives a notification from their own bank that the new account details given do not match up with the name of the victim when transferring funds back, they are usually unfazed and agree to authorise the payment.

Of course this is a refinement of a scam that has been around for some time and shows just how scammers are constantly refining their scams and just how much time and effort they are prepared to put in, to relieve you of your hard earned cash. You have been warned.

No alt text provided for this image

Risk Management

These things are of course, a matter of assessing risk. Should I cross the road in front of this bus or will the bus knock me down? That goes through your mind in a second and you decide that prudently, you'll wait for it to pass. That's a risk assessment. Something we carry out every day as we go about our lives. And of course, we do this in our businesses to. What is the risk of taking on this new customer? Will they pay their bills on time, or at all? Should I give them a line of credit? Etc etc. That's a thought process we go through and it is the rudiments of risk management. Of course, in your company you might have well defined processes for this kind of thing, but I do come across companies all the time that aren't quite so well set up, particularly in terms of cyber security.

Many people still labour under the misapprehension that Cyber Security is all about technology and is in fact, an IT issue. However we disagree, vehemently. Cyber Security is undertaken as a risk management process, covering people, process and technology, in that order. If you don't understand your risks, how can you decide on what protections you need, and where you need them? What are the priorities in your business for protecting your assets? What are those assets? They aren't the actual technologies but the information contained on them. How are you targeting your spend? Are you spending wisely?

Rather than me bang on about it here, if you have an interest in looking at this further, then this link will take you to our web site where you can read our latest blog on the subject.

bit.ly/3xjkIAA

No alt text provided for this image
No alt text provided for this image

CYBER SECURITY AND DATA PROTECTION POLICIES

This is a subject that I know drives many into a desperate need for sleep! And yes, it's somewhat boring, but essential. I talked a bit above about people, process and technology. Well this is process bit, following people who are covered by cyber awareness training.

How many of us have spent time and money developing policies and processes that you can’t be sure anyone ever reads, or perhaps only read on induction and then forget about? Are your policies and processes easy to find when a staff member might be in a hurry? If you are unsure about these things, then this might be for you.

Data Protection and Cyber Security policies can be quite extensive and very onerous to maintain, with many of you having other more pressing issues, and most companies don’t have anyone dedicated to this, but rather tack it on to someone else’s duties. We often find that that person is a HR or admin manager, sometimes a finance manager, all of whom have other priorities. As well as having your staff read your policies at induction, they need to be able to access them quickly when they need to know how to handle situations that arise day to day.  For example, in terms of cyber security, if they suspect there is an issue, perhaps a scam in action or some other unusual activity, who do they contact? What do they do about it? This should be documented in a policy or process and the easier that is to access, the more chance an employee will look it up before it’s too late.

So, to provide an easy look up for these issues H2 has entered into an agreement to provide an application which runs on smart phones, both IOS and Android, and which can list all your policies and provide the app right across your user base, at an extremely affordable cost.

Clients are finding that their users, particularly the younger ones who have grown up with smart phones and know their capabilities backwards, take to this extremely well and quickly, and are far more likely to use it for reference when working, as it is so easy to use.

Although it is designed for cyber security and data protection policies, it can just as easily have other policies uploaded onto it, such as Health and Safety and if you have one, a HR handbook, or any other policy required to run your business.

The cost is £75+ VAT per month, so very affordable. For that price we will upload all your cyber security and data protection policies and will upload any amendments you may need, and set up your users, relieving you of the burden of administration of the app. If you want other policies uploaded, we will do that for a fixed one-off price, depending on the size of the policy. Typically, between £30 and £80. As, an added bonus we have included our blog, which provides articles and advice on cyber security, for free.