Newsletter & Blog

Newsletter No 2

H2 Weekly Newsletter Edition 2

 

Trust H2 – Making sure your information is secure

 

H2 Cyber Risk Advisory Services

 

COVID-19 Online Scams

Scammers, as you might expect, are not nice people. They are interested in one thing, and one thing only, your money. You have to be on guard all the time whilst you are online. Be suspicious and don’t worry about what other people think or say. Google says, "Scammers are taking advantage of the increase in COVID-19 communications by disguising their scams as legitimate messages about the virus. Alongside emails, scammers may also use text messages, automated calls and malicious websites to reach you."2

So what sort of scams are out there:

Fake health organizations. Scammers pose as health authorities like the World Health Organization (WHO) and NHS and Public Health England, Scotland and Wales, to offer cures, tests, or other COVID-19 information.

Websites that sell fake products. These sites offer face masks, hand sanitizer, disinfectant wipes, and other high-demand products that never arrive. Buy products from known marketers only.

Bogus government sources. These scammers claim to issue updates and payments on behalf of HMRC and council tax rebates for businesses.

Fraudulent financial offers. Scammers may pose as banks, debt collectors, or investors with offers designed to steal your financial information.

Fake non-profit donation requests. Many people like to donate to charitable causes to help with disaster relief. This provides an excellent opportunity for scammers to set up fake non-profits, clinics, hospices and care homes, and other organizations to collect funds. Donate directly through a reputable non-profits website instead of clicking on a link you receive by email or text. 

So, the bottom line is trust nothing, check everything and do nothing that looks too easy. If it looks too good, or too easy, it probably is a scam. But that’s not necessary the case, many of these scams are becoming sophisticated and they evolve frequently.

Ransomware

The often-heard cry from SMEs, even those in the upper Mid-Market tier, is that ransomware doesn’t affect us, that’s just a problem for the big boys, we’re just not worth the effort. Wrong!! It is now estimated that 71% of ransomware attacks are aimed at SMEs. The though goes, amongst Cyber Security experts, that small businesses are not as prepared to repel an attack as larger businesses, making these smaller organizations a prime target for hackers. This of course is a thought shared by the attackers themselves. They see the effort required to take a smaller organisation, as prepared to the effort they need to take a larger one, as being considerably less, thus increasing their return on investment. It’s a question of scale. Whilst a larger company, maybe a fortune 500, might be a target of say £250000, a smaller company might only be a target for £50000, or even less. In fact, it has been suggested that sums in the hundreds have been asked for and that many smaller businesses simply pay up, rather than risk the loss of business and reputation.

Paying up of course is fraught with dangers. The scammers may or may not release your data and of course, they might already have stolen that data and sold it on, risking the wrath of the ICO and potential fines, before you even get around to paying up. The potential costs of ransomware go well beyond the price of the ransom with many businesses that are attacked experiencing significant downtime, resulting in lost revenue, customers, and potential new business. Much better if you can stop it happening in the first place. 

Prevention if better than cure and some security measures you can take include:

  • Scanning computers with antivirus software on a regular schedule.
  • Configuring your firewall to prevent ransomware.
  • Training your employees on best practices, such as opening only trusted attachments.
  • Backing up your business data on a regular basis and storing it offline.
  • Keeping your operating system’s security patches up to date.
  • Filtering emails to prevent spam from reaching employees.
  • Limiting the number of administrative privileges given to employees.
  • Switching to two-factor authenticationso a compromised password alone won’t give away your data.

You need to plan your response and this should include a pre-written, easy to follow business continuity plan.  Business continuity planning prevents knee jerk reactions and actions that can, sometime, make things much worse. You should:

  • Try to regain access.This might be possible if your system is attacked by locker ransomware. If your screen is locked, contact an expert to see if there’s a way to remove the ransomware and regain access.
  • Implement the disaster recovery plan. This might include being able to restore your backups onto a fresh system, having quarantined the infected systems. That way you can give yourself breathing space and the ability to continue in business whilst you take longer term measures.
  • Abandon the data.This is rarely an option. Most businesses have networks that are not sufficiently segregated to divide up data between the critical and the not so critical. But yours might be the one that has so you may choose to simply forfeit the data if it wasn’t critical to business operations.
  • Pay the ransom.It’s your choice. However, this option is not guaranteed to work and it’s not recommended.