The NCSC has provided some insight and guidance changes on Security practices in the past week which will be the topic of this week’s cyber update. Below is a summary of their guidance, with some additional resources.

The Cost of Fraud

Fraud attempts are only becoming more widespread, with successful attempts having the potential to come at a huge cost to your business. In 2020 alone £10.4 million was lost as a result of CEO fraud. Therefore it’s important to understand the different types of CEO fraud that exists, so that we can be better informed and protect ourselves against any attempts against us.

The first example is CEO scam, where an imposter will pose as your CEO in an email or message and ask you to make an immediate payment, or even urge you to buy certain products or services. The best way to combat this is to always confirm with the relevant individual(s) through the proper channels to confirm that it is your CEO who is making this request. The next example is Invoice and Mandate scams. This is where criminals will pose as suppliers, and ask you to make changes to their account details and make payments to them.

NCSC’s main message here is to #StopChallengeProtect, and verify all payments and supplier details, directly with the company using known contact details, or in person. If you think you have been a victim of a scam, you should contact your business’ bank, and report it to action fraud.

NCSC’s New Ransomware Page

Since 2019 there has been a high increase in the number of ransomware attacks against organisations in the UK of all sizes, particularly exacerbated by the Pandemic. It’s therefore vital that we take action to best protect our business from these attacks. The NCSC’s new webpage covers the following seven areas:

1.What is ransomware?

2.How does ransomware work?

3.Should I pay the ransom?

4.Prevent and protect against ransomware

5.Monitor and detect ransomware

6.Respond and recover from ransomware

7.Have you been a victim of ransomware?

They also have a poster (below) which they urge you to print out and provide for your colleagues to keep them informed. The infographic can be found on their website, and provides a reminder that following their guidelines can help you be more cyber resilient, and keep your business safe from cyber attacks.

Changes in Cyber Essentials

On the 24th of January, NCSC made their biggest update to their Cyber Essentials technical controls since their launch in 2014. As mentioned earlier, the way in which we must protect ourselves against cyber attacks has changed drastically in the past few years, as a result of changes to cloud services, as well as the move to work from home due to the COVID-19 pandemic. The changes they have made to Cyber Essentials reflects this.

The changes they have made affect the use of cloud services, home working, multi factor authentication, password management, and security updates. You can check out the full changes they have made to the above mentioned areas in full detail by reading their blog on it here.