Cyber security & crimes

If your identity is stolen by criminals, the impact can be immediate financial loss and a negative credit rating – which in some cases can take a long time to resolve, once it has been detected, which can sometimes take a while.

Find out more with this video:

Keep your identity safe with some simple tips:

• Always check all financial statements against receipts.
• Continuously monitor your credit status.
• Be careful about what information you share on social networking sites, and check your privacy settings.
• Subscribe to an alerts service to indicate when a financial product is applied for in your name.
• Protect all your mobile devices with passwords and regularly change passwords often.
• Install online security software, including devices such as tablets and mobiles.
• Shred all documents that contain sensitive information, using a cross-cut shredder, before throwing them away.
• Look into any mail that does not arrive when you are expecting it.

Email communications

Emails are like postcards – if you wouldn’t put something on a postcard, don’t put it in an email.

Phishing is the use of fraudulent emails to steal your information, such as passwords (see No. 4, below).

Find out more with this video:

Protect yourself, and people in your organisation:

• Be wary of emails from unknown senders, especially when they ask you to confirm information.
• Never click links or open attachments from emails that you are not expecting.
• If a colleague asks you to send them something via email, confirm via phone before you do.
• If in doubt at work, contact your IT department and get it checked out.
• Ensure you have the correct recipient before sending information.
• Never initiate or forward spam or chain type emails.
• Never send work-related documents to your personal email account.
• Don’t use your work email address for personal subscriptions to websites.

Read the NCSC guidance on phishing scams here, and download their infographic here.

Malware, or malicious software, can cause harm in many ways, including:

• Causing a device to become locked or unusable.
• Stealing, deleting or encrypting data.
• Taking control of your devices to attack other organisations.
• Gaining access to your organisation's systems or services that you use.
• 'Mining' cryptocurrency.
• Using services that may cost you money (e.g. premium rate phone calls).

Ransomware is a type of malware that prevents you from accessing your computer (or the data that is stored on it) unless you arrange to pay a ransom to the attacker(s). 

Even if you pay the ransom, there is no guarantee that you will get access to your computer, or your files.

Find out more with this video:

Find out from the NCSC what actions you can take to protect yourself and your organisation, including what to do if your organisation is already infected, here.

Criminals will use the most common passwords to try and access your accounts, or use information from your social media profiles to guess them. If successful, they will use this same password to try and access your other accounts.

People can also be tricked into revealing their passwords via phishing emails (see No. 2, above).

Even if you create strong passwords (and look after them), they can still be stolen if an organisation containing your details suffers a data breach. Criminals will use these stolen customer details (such as user names and passwords) to try and access other systems and accounts.

Download as PDF

Increase your online security and make it harder for criminals to access your online accounts, even if they know your password, by turning on 2-Step Verification (2SV) across popular online services such as Outlook, Gmail, Facebook, X, LinkedIn, and Instagram - find out how here.  

• Keep your devices’ software up-to-date.
• Install and maintain up-to-date versions of protection from viruses and other malware.
• Never connect with people you don’t know.
• Never share personal or sensitive information online, such as such as your address, date of birth or bank details.
• Avoid discussing work-related issues on social media.
• Never upload compromising or work-related photos.
• Public Wi-Fi is not secure, so don't use it to share personal or sensitive information.

From:

• Free products and advice for small & medium organisations in one handy guide.
• Following the steps in The Small Business Guide could help save time, money and your business's reputation.
• Find out how resilient your organisation is to cyber attacks and practise your response in a safe environment with Exercise in a Box.
• Cyber Security for Small Organisations and Top Tips for Staff are training programmes which can be completed online or built into your own training platform.

• Sign up for the NCSC's free Early Warning service to find out about potential cyber attacks on your network, as soon as possible.
• Go here to subscribe to regular NCSC content, including their weekly Threat Report, and the monthly Small Organisations Newsletter.