Episode 14: Cyber Security During COVID-19

Featuring Sara Webb & Special Guest Stephen Holton from the South West Regional Cyber Crime Unit

Sara Webb Oxford Innovation Cornwall

Hi, everyone. This is Sarah Webb. I am one of the coaches for Oxford Innovation Cornwall and I am delighted today to bring you a guest speaker, and we’re talking about an incredibly important topic at the moment. The person we have here with us is Steven Holton, and he is the cyber protect and prepare and prevent officer from the Regional Cybercrime Unit from the South West Police, which is a fabulous title. Stephen, If you’d like to say hello.

Hello, everyone. Hello.

Sara Webb Oxford Innovation Cornwall

Thanks so much for your time today. I completely understand that at the moment you are terribly busy. So I do appreciate this. I think that it’s really important that we do it actually because with everything else that’s happening right now, I think we can forget how important it is to be aware of cybercrime and also, how this you know, could be the opportune moment for people to be committing crimes as it were.

I wanted to start if you’re okay with this really, just thinking about your fantastic title and just how interesting cybercrime is and how it’s of the moment and it’s a thing that we’re all thinking about and we’re all interested in, so tell me if you don’t mind, kind of how you ended up with this role?

Well, I mean, it was never a plan of ‘Well, I’m definitely going to be in the cyber unit.’ For me it was I wanted to start off in a job which was interesting. So a little while ago, I joined Avon & Somerset Constabulary as an apprentice to start off with and quite quickly found myself a role in the offender management unit for Avon & Somerset where we used to manage burglars, robbers, violent and sexual offenders. And I was in that unit for quite a few years. And then the opportunity came up to join the Regional Police, the Southwest Regional Organized Crime Unit as it’s named, and to join the cybercrime unit within it, which was too good of an opportunity to turn down. I thought, yes, let’s go for it. And that’s where I am today.

Sara Webb Oxford Innovation Cornwall

And I’m sure it’s very interesting and diverse role.

Oh, absolutely. I mean, it’s a very interesting role, no days are the same and we get a different selection of organisations, businesses that we work with, in all opportunities.

Sara Webb Oxford Innovation Cornwall

Yeah, I can imagine. It must be so diverse because if we think about cybercrime, I mean, it covers such a large section and that brings me nicely to my next question really. Can you kind of give us your description of what cyber crime is and the area that you cover specifically within this unit.

Okay. So, cybercrime itself: if we look at just a very basic description of what cybercrime is. Cybercrime is any crime that is committed using a computer or a network. But when we go into that a bit further, cybercrime can be described in two categories: cyber-enabled, and cyber-dependent. So cyber enabled is traditional crime, which uses a computer or a network to either expand the range of impact that crime has or indeed expand the range of victims that person has access to.
So the example I give people is bullying, it’s additional crime in itself. using social media and the internet, that one offender can actually have a wider range of access to more people than they could do traditionally in physical access.

And that’s an example of a cyber-enabled crime, you could put fraud in that category as well. You could put blackmail into that as well. So dependent is a type of crime, which purely relies on a network or computer that digital infrastructure to exist in the first place. And there’s no way those sorts of crimes can exist without that.

So an example of that would be ransomware, which is software which encrypts files and databases, systems, and demands you to pay a ransom fee in order to get that data, that access back. And there’s no way that that sort of crime could be committed without a network or computer. And phishing emails and spam emails would fall in that category, as well. So that’s my description of cyber.

And what we do in the unit is we, in the regional unit, look at cyber dependent crimes, and particularly those that affect organizations in the southwest. But also our investigation spans to all the other units in the UK and also to Europe and also to America and to wherever we need to go for out investigation.

Sara Webb Oxford Innovation Cornwall

Yeah, I guess it really is global, isn’t it? Because you can commit crime from a cyber point of view from anywhere in the world?

Absolutely. And we’ve had we’ve got a number of cases at the moment where we work with the FBI to arrest suspects over there, or we work with Europol to look at people over in different countries. So it absolutely is a global crime. And whenever I get asked, “what’s the picture look like locally?” Well actually cyber isn’t a local crime, it’s international, it’s is a global crime. And it’s the picture for cyber looks the same everywhere.

Sara Webb Oxford Innovation Cornwall

And I could imagine that that’s what makes it so difficult as well because you’ve got people globally working on different ways in which they can commit this crime. So it’s not localised and easy to track. It’s coming from anywhere and includes so many different things.

Yes. But that being said, we in our unit, have a great success rate with our cases. We’re really proud of the work we do. And all the work and all the lessons that we learn in our cases, when it comes to how certain victims have fallen for these crimes. We’ve turned it into advice we can give out like today and make sure that you’re protected against the most common or most seen attack that we’ve seen as well.

Sara Webb Oxford Innovation Cornwall

Yeah, and I can imagine that because I think about conversations I’ve had with businesses, small businesses that have had an issue. And so often, if they had been clued up on what was going on, they could have stopped it before it happened. And also, if they had protection in place, the correct protection they also could have stopped it and it’s very it easy for all of us to have great hindsight.

But if we can do it before it makes a huge difference, especially if you’re a small business and everything that’s happening, in the world and in the UK and in Cornwall with regards to the global pandemic, that is COVID-19. Can you just tell me, is it different now in the fact that we’ve got a slightly different world? How’s that affecting the world of cybercrime?

Well, the risk of cyber is still the same as it was before it’s still a tier one threat to the UK alongside terrorism. And how these crimes can be committed are still the same. It hasn’t changed from that aspect. The only thing that’s changed in this situation is that the impact of a cyberattack if it’s successful could be greater to the actual business than before in its current state. But it doesn’t mean that we have to react differently to it. We just need to be aware and remember what, what security measures we need to have in place and just understand and remember why they’re important.

Sara Webb Oxford Innovation Cornwall

Yeah, I can understand that. So we’re all focusing on so many different things especially if you’re running your business right now. You’re thinking about how to keep it afloat, you’re thinking about how to get your team to be able to work from remote locations, etc. You may forget the security or it may not be a priority to have that security in place.

You just said I noticed that it’s a tier one threat along with terrorism to just explain what that means.

Tier one threats are basically when the UK Government looks at ‘what’s the biggest threat to to the country and what can have the biggest impact?’ It tiers those threats up and as a tier one threat, the most important, the highest priorities are terrorism and cybercrime.

So terrorism, I don’t think I need to explain why that is a tier one threat, we may look at the physical damage that can have on buildings and organization and also people’s lives as well. But when you look at cybercrime, it has a massive impact to businesses level of functioning properly. You know, it can bring some companies to fold and it has a big economic impact to the UK as well. So that’s why it’s a tier one threat and decided that the impact it could have to UK is as great as any terrorism incident as well.

Sara Webb Oxford Innovation Cornwall

Yeah, that’s a sobering thought, isn’t it? And that leads me to think about the NHS obviously, there was an attack, a cybercrime attack that happened on the NHS, which caused problems with databases and caused a lot of issues. If that were to happen right now, that would be a serious disaster wouldn’t.

It would yes, but we just need to again, remember that basic principles of what we can do to protect ourselves. And we do a lot of work with the NHS and already we’re helping getting them through that and this time as well.

Sara Webb Oxford Innovation Cornwall

Yeah, that’s good to hear. I think we’ll all be happy to hear that. So, thinking about the businesses here in Cornwall, they may have, well there’s probably a lot of businesses have gone to remote working. So they’ve got people all over the place. Is there any kind of tips and tricks that you can talk about that will not tricks that’s the wrong word, isn’t it but um, is what should they be thinking about at this moment in time?

So, from the South West Regional Cybercrime Unit, the top concerns we have at the moment would be ransomware, phishing emails, working remotely safely, and also Covid-related fraud. So, the tips and advice I can give out would be well, how can we make your own business and organization more resilient to those areas? And there’s a number of ways we can do that.

I mean, passwords are always key. As then it becomes cybersecurity. And we keep talking about passwords, because we keep seeing that time and time again, being one of the main reasons why we see more victims, we have more cases to deal with, it’s because of a weak password. Investing time into having a stronger password…

So the NCSC, the National Cybersecurity Center, which is part of GCSHQ, recommend using three random words. So three random off the top of your head and kind of smoosh them together to make a long complex password as an example, and avoiding a weak password which would be a word and some numbers that you just it’s trying to break up the format of a weak password into a stronger one.
Making sure particularly when we’re working remotely, that we have two-factor authentication. If anyone’s using Office 365 definitely make sure you have that in place. So when you go and log into your account, you’ll get sent a text or code for an app.

And you have to enter that code back in to gain access, just give you an extra layer of protection which is definitely needed for Office 365 users who are working remotely and a little password tip for people from home: if you have any device where you’ve been given a default password thinking of your own router for example any internet of things device as to reset them and change the password on them straightaway if they are on the default password you’ve been given. And when I say password on the router I mean like the the admin password to change Access within the router, something to think about. Make sure you have that changed up.

Sara Webb Oxford Innovation Cornwall

I’m just thinking I’ve never changed mine. I’m looking at it right now thinking I wouldn’t have even thought of that.

Again, it’s just little things just to think about is again, being secure in the in a work environment is one thing but actually carrying that mindset into the home It is something that we need to keep on top of and remember.

Sara Webb Oxford Innovation Cornwall

Forgive me for my ignorance here but if you are working from home and you are accessing company information, but your security isn’t great, so like me, you haven’t changed the Wi Fi password, can that negatively affect the business, the work that you’re doing for the business?

It all depends on how that company is, is using remote working, how that service is provided. If you are accessing your work network, let’s say through what’s called a VPN, a Virtual Private Network, when that should, what that does effectively is it encrypts your traffic, your interaction between your device to that network into like a little encrypted tunnel. So no one can really see what’s going on. So if you have something like that in place, a VPN, that would encrypt any information, so if anyone did happen to log into the router, that information should be encrypted and you would you be able to intercept it.

So it’s all about having those practices in place. And if you are an owner of a business or organization, it is important to ask the questions about well, how can I work remotely? How does that happen? You know, security functions we have in place.

Sara Webb Oxford Innovation Cornwall

Yes, because you have to control what you can control as a business owner. And it might not be that you can control work environments at home. But you certainly can ensure that you’re encrypted in the work that you’re doing. Well, the work that your team are doing for you, so that you know that you’ve got that protection in place. And I’m sure that there are businesses that haven’t even thought about that at the moment. So that’s great.

And if you know you have something like a VPN or two-factor authentication in place, then just remind your staff, why you have that in the first place and just say that this is important, because it helps protect our information, our data and helps us to work safely. And just make sure that your VPNs are turned on before. And so, if they do see anything happening, they do see that for some reason their VPN isn’t turning on, then they know that it’s a concern that they need to raise.

Sara Webb Oxford Innovation Cornwall

You said four things. The first one was ransomware, the second one being phishing, third one the working from home and the fourth one COVID-19 frauds specifically. Can you just tell me ransom? Can you just explain the what the four of those kind of means for anyone that doesn’t know. So what is ransomware?

Ransomware is software that encrypts your data, your systems and demands a fee in order for you to get access back. Normally that’s a form of payment through some cryptocurrency and the idea is that when you pay it that you get an encryption key back and you get your access back. The advice from us is don’t pay for it, remember that they are criminals at the end of this and have seen quite a few companies who have paid for this and then get nothing back, so they just lost money.

It is what the wanna cry attack that hit the NHS was is a is a form of ransomware. And it’s probably the most common payload when it comes to a cybercrime attack is that you will see a ransomware at the end of it. So that’s always going to be one of the main concerns for any business but again, it’s having strong passwords in place, making sure that we update our devices.

So laptops, printers, servers, as well also software apps on your phones, making sure that they stay up to date as soon as quickly as you can. Because those updates are there to help protect those apps, those those devices from the vulnerabilities that the manufacturers and developers can see. So making sure you get those updates in place are really important.

And another point very quickly when it comes to ransomware, is the best way to protect your business is to think about your backups. So there’s a backup, which would be some form of storage, which takes a copy of all your information, all your data, and then you should store and secure that safely. So if anything happens like the ransomware what you do is that instead of paying for it, you reset or wipeyour your network and restore it with a backup so that you can continue business as normal.

And something to think about for for backups is the reason for the backups. Check what’s on it, is it what you would need for your business to continue to function? Where do you store it? Do you have that on the cloud? Do you have a physical copy that’s locked away and stored under key? Or a mixture of both? When you do it, do do your backup every week? Do you try one daily? And test to make sure it works. The worst thing thinking that you have a backup and it comes to the point where you need it. And it doesn’t work. You don’t have been a position.

Sara Webb Oxford Innovation Cornwall

That’s really good. Because how frustrating is it after the event to realise that you didn’t have the information you need or it hasn’t been working? And I think that’s more common than we think. You think the backups happening. You don’t realise it’s not working properly until you desperately need it. And at that point, it’s too late.

No, that’s one of the biggest hindsight points of view that we see is people think, Oh, I should have not more than the backups.

Sara Webb Oxford Innovation Cornwall

Yeah, I can imagine. So that’s a big one to remember backups. And I just want to reiterate your point about, if you pay the fee, then you are, yeah, this is a crime and you’re effectively paying the criminals and there’s no guarantees that you’re going to get what you need anyway.

I understand that businesses will do it because they could be making a sort of risk mitigation decision or think they’re making one around, we need our information back, we can’t operate without this and we’re going to lose X amount, so it’s better to pay it. However, it wouldn’t seem like a logical thing to do, because of course, there’s no guarantees. And it’s not like you can lodge a complaint if it doesn’t work.

No, although when you know, if you look online, you can actually see a couple of example of them. Screen pages when someone opens up their laptop and see the ransomware. And they do have a good customer service support line, if you need any help in paying all the ransom fee. But if you pay them and you don’t get anything back, then you’ve only lost money.

If you pay them and you get a key back, the key might work you might not. And if it does work, and you think, Oh, great, that’s it. We’ve we’ve brushed past that incident. Well, you can, for criminals in particular, for companies that pay up the ransom fees… that message is spread quite quickly. And also you haven’t addressed the vulnerability of well, how’d it happen in the first place?

Sara Webb Oxford Innovation Cornwall

Yeah. So you get targeted again.

We have seen instances of people being repeat victims.

Sara Webb Oxford Innovation Cornwall

Just tell me, does this happen to all sizes of businesses or do they target large because I think there’s probably an assumption that it’s only the large companies that have to worry about this.

No… as long as you have a device that’s connected to the internet, then you can be equally victim to this to compared to any large business let’s say. I mean, cyber criminals will have a tool and be looking for a vulnerability. And if you have that said vulnerability, then you’re going to be possibly at risk. They’re not looking at names and looking at numbers and looking at who’s got that vulnerability and just launching it and seeing if it hits, and that’s probably the best way I like to describe it.

It’s a very much a scattergun approach. You have to launch this attack via an email or by a link or attachment, and launch out there and see which ones hit and which ones miss. And it’s as simple as that. It doesn’t matter who’s at the end. That’s why phishing emails are such a concern to us as well.

Sara Webb Oxford Innovation Cornwall

Yeah, actually, that I guess that takes me to the next one. So what is what is a phishing email?

So phishing email or spam emails as some people like to prefer them as are emails which try to collect credentials, information, or get you to click on a link or an attachment in order to gain credentials to get onto the network, collect financial information, or indeed to get you to download a software for example, a ransomware.

And is it a really big concern, not just in the environment that we’re all in at the moment but it in normal everyday life anyway. I mean, last year alone 90% of all cybercrime that was reported was using phishing as the main vector into that company.

I say it’s not… there’s nothing technical when it comes to a phishing email because we all write emails, it is nothing technical about it. It’s all about that human factor side of it. And it’s all about trying to get the person on the other end just to click or respond in this way. And a couple things to take phishing emails is, (well, for any emails) is: take your time reading them, don’t feel rushed, do you have to take an action?

You do get a lot of phishing emails that try and put some sense of urgency into it saying that ‘you must do something now.’ But actually no, take your time and read it. See that it makes sense. Is the way it’s written, the way that you would expect that person to write to you? Is it asking you to do something you would normally do or something that you’re expecting to do?

And that’s why in this current environment we’re in, it’s good to keep that method of communication going between your employees, your clients, your customers, and not just for email, but you know, call people up, video conference, as well. And if an email’s asking you to do it a job or an action, use a different method of communication to verify that before you do it.

Even just getting a colleague if you can, just say “look will you check this email, does it look right to you?” Again, it is a really important step but it could really save you from clicking on a link or doing an action and if you can see a link or an attachment on there is try to avoid clicking as much as you can. I understand that’s not 100% possible in the way that we work but obviously only click on the linked attachments once you confirm by another communication that it is something that you were expecting or something that you should be doing.

Sara Webb Oxford Innovation Cornwall

Yeah, I guess that makes sense. You’re not expecting it. Be very wary. Gosh, it’s hard though, isn’t it? Because I mean, I know that I’ve done it in the past without thinking. So I’m almost in automatic answering emails, click on a link click on it, and then realise I shouldn’t have clicked on it. So yeah, I think everyone and actually it would be It would be good for business owners to be reminding their team that if this comes through, they should be thinking about emails that are coming that they don’t recognize.

And a little tip from me is if you do see a phishing email to your company, take a screenshot of it. And then you can use that to show your staff a phishing email that’s come to you and just point out actually, what’s wrong with it. If you see any spelling or grammar errors and if you see the domain on email is not exactly right. And it’s a good educational tool as well.

Sara Webb Oxford Innovation Cornwall

Okay, the third one was the working from home risk. So I know we’ve talked about the Wi Fi and changing passwords. Is there anything else that people need to be aware of for that one?

I mean there’s two things to think about which I haven’t mentioned which is so if people are working from home is to think about your physical surroundings as well. So what can people see on the screen? If you’re doing a video conferencing, for example? What’s on the wall behind you? Can they see what’s on your desk is anything that’s actually quite sensitive, not just for the business or the company, but also family life as well. Yeah, and just trying to keep that as protected as possible. And again, it’s about that physical surrounding.

If you if you haven’t got a webcam cover, this is really good to consider something really practical and really simple. If you’re not using the webcam, cover it up. So no one can see what’s what’s going on through the webcam itself. And also a bit more about keeping your desk tidy at work.

I mean, I know there’s a lot at home, because I know there’s a lot of clear desk policies, a lot of organizations install. Actually, that’s a good practice to have at home as well. If you have any sensitive or financial currency, don’t just leave them lying around the office you safely pack them away. Again, if anyone could see that information and that could be quite impactful for the businesses.

Sara Webb Oxford Innovation Cornwall

Well, yeah, I’m just, I’m now looking around at my desk and judging myself a little bit. Actually, it’s a really good point. And I think as well a lot of people, perhaps they don’t have desks, they’re working off the dining room table.

So they’re not thinking that they’re in a work environment, but actually, it’s a good point when you’re putting your camera on. How easy is it for people to access the webcam? Is that is that relatively simple if they’ve got some kind of malware on your computer?

Once there’s some form of malware, let’s say a Trojan, which is another word, I’m going to throw out there, which is a piece of software that looks like one thing, but then once you installed it can do something completely different. So very much like a Trojan horse.
And you can get some Trojans that allow people remote access to the computer. In which case if that happens, then turning a webcam on can be quite simple. However, the way that you’re turning it on is exactly the same way that ransomware will get on, clicking on a link opening attachments, giving people your password, your credentials or not having two-factor on if you’re working remotely in office 365.

And that’s the kind of the main point I’d like to raise is that if we continue with the basics, we will protect ourselves against the majority of threats out there.

Sara Webb Oxford Innovation Cornwall

And you can almost imagine that somewhere in all of this the basics could get forgotten. So you forget to put your cover on the camera. Or if you forget to not click on things, and you make a small mistake that you think nothing of.

Absolutely. And that’s why, again, that communication between you and your staff is more important now than ever. Not just for staff wellbeing, as well as functionality for the organization, but just reminding of those security measures that you have as well.

Sara Webb Oxford Innovation Cornwall

Yeah, that everyone should be covering their cameras. I’m gonna go and cover mine straight after this.

Well, we do at our events when we go out, we do have some webcam covers of our own, which I don’t think we’re allowed to send any out at this current time but I mean, a bit of tape will do.

Sara Webb Oxford Innovation Cornwall

Literally, it’s a piece of tape, isn’t it? It’s not anything flash, really. But I bet that’s something that actually it would be good for, for businesses to be thinking about it for their team because you don’t want to expose them…That’s the right word or the wrong word. But you don’t want to expose them to that situation. So just a quick reminder would actually be good.

We do little reminders for organisations I mean, one of my colleagues, our district communications officer does a fantastic fortnightly briefing. So every fortnight there’ll be an email that comes out that sees what threats we’re seeing, and some really simple advice you can take to protect yourself from which is completely free to sign up to.

You can do that via our website, which is www.Swrocu.police.uk. Go to cybercrime and you’ll see a little bit on there which says you can submit your email address to get the briefings but they’re really good way to remind you of the simple aspects every other week and that’s something you can push forward to staff as well.

Sara Webb Oxford Innovation Cornwall

Okay, I will make sure we put that in the podcast notes as well. so that people can pick it up from there. Because that sounds like a great two weekly reminder of what we need to be thinking about whilst we’re having to think about all the other things that are happening right now. The other thing that you mentioned was their COVID-19 risk that particular risk, the fraud around this, can you talk a little bit about that?

It’s not strictly cyber crime, it’s more fraud. However, the steps that you can take to prevent being a victim of it is still the same as any phishing email advice that’s out there. So that’s why we put that as a concern for us as well. And this is any fraud related email or item which is asking you to pay a criminal in this aspect, for let’s say, some protective equipment or let’s say some insurance against COVID. But actually, there’s no promise or no product at the end of that, between the 1st of April and the 18th of March, we saw a 400% increase of reported COVID-related fraud.

So we know it’s it’s definitely happening, and it’s quite popular. So if we ever see an email or anything that’s asking you to pay into some COVID, insurance or equipment, just think twice and go, actually, could this be fraud? How can I trust this person?

Sara Webb Oxford Innovation Cornwall

Wow, that’s, I mean, it’s great to get the message out there. It’s also somewhat depressing as well, isn’t it in the fact that we’re having a crisis right now that everyone’s doing their best to deal with… and there’s a certain element (a small element) of people that are saying, right, how can we make the most money out of this?

And sadly, that’s, that is a mindset of a criminal: how can you use the current situation as a as a method to get money? And there’s a lot of phishing emails at the moment portraying to be from Netflix saying that your account has been compromised or that you need to verify it. Otherwise you’ll get charged more money. And same with Amazon Prime. We’ve seen a lot of that going around as well.

Sara Webb Oxford Innovation Cornwall

That actually happened to my mother who is almost 80. And she got a phone call from Amazon (so say), saying that she had Prime and that she was going to be charged again for the next year tomorrow. And then she sort of obviously panicked and said “can I cancel it?” and they said, “Oh, let me see, let me see. And yes, we can do it. But you need to switch your computer on” and my mother switched her computer on.

Luckily, I have accessed to her computer in the past. So she was suddenly aware she doesn’t know what she did. She was doing what they were telling her. She was suddenly aware that the cursor was moving, at which point she turned off the computer and panicked. And then they kept calling back and threatening her saying, “you will be charged, you must do this immediately, you must turn your computer back on.”

So by the time that I got hold of her, she was in a terrible state. And it’s very frustrating when you don’t have a person to go and find and shout at if you know what I mean, because it’s a cyber crime, you can’t, you can’t do much about it. So yeah, I’m very aware of that one at the moment.

The advice and guidance on how you can protect yourself from fraud. Again, it’s very similar to phishing because phishing is a cyber-dependent version of fraud. Put the phone down or ask for their name. Put the phone down, find a switchboard number for Amazon, call them and say “I had this person call me up…”

Sara Webb Oxford Innovation Cornwall

Yeah, and I think most of us would know that Amazon aren’t going to call us. However, if you’re 80 and not really using computers or don’t reaally even know what Amazon is you’re not going to know that. It’s difficult. Tell me, what’s the steps if you’ve got a business, they think that something is going on, they’ve got either ransomware or phishing, someone’s pressed something and they’re worried about it. What do they do?

In the case of you believe you’ve been a victim of a cyber attack or you’ve just seen an attempt or something you’re a bit concerned about, you can report this to the police. There is a national fraud and cyber reporting line, which is called Action Fraud. And all these sort of crimes, these incidents have to be reported through Action Fraud. And then from the report itself, the intelligence gets reviewed and gets shared across all departments, and then the crime itself can be triaged to see if it’s a national, regional or local response.

So to call action fraud, the number 0300 1232040. And then press nine when you go through, you can report the crime. I would say if there is a live, immediate incident that’s having a critical, major impact to your business… so if it’s happening right now and you cannot function as a business, you can’t work call out number straightaway and tell them exactly what’s happening.

At the end of day, it is a reporting telephone line. It’s not the police you are calling directly. Tell them exactly what’s going on. Then they will pass that report to the police to triage. If you have an incident or experience which is minor or just an attempt, let’s say you’ve seen a few phishing emails come in directly to the company, then you can report that online. And that will get triaged and looked into as well but not as quickly as the main telephone line itself.

Sara Webb Oxford Innovation Cornwall

Okay, so if it’s urgent, you need quick action, or it’s damaging and at that time you need to be calling the line. And if it’s something that you’ve seen coming through, you need to be going online and reporting it. And I’m guessing that you probably want to know as much as possible about what’s happening. So therefore, reporting online, even if you haven’t had a major issue is still worth doing.

Absolutely. I mean, without it being reported in we can’t build up on our intelligence and also understand what the current trends are. Let’s say without any report, we wouldn’t have seen the increase in COVID-19 for what aspects. And that’s how important it is to be reporting these incidents, so we can see what the trends are, we can change our resources to address that trend and also make sure that the advice we can give out to business owners is the best it can be.

So definitely make sure that you report it and also make sure you got that telephone line written down somewhere so if you do happen to be hit with a ransomware attack, let’s say and you wouldn’t have access to computers or the internet … if you’ve got anything stored on your network, or you just rely on the internet itself to get the number and you’re stuck, so make sure you have that number written down somewhere.

Sara Webb Oxford Innovation Cornwall

So you almost you almost need a kind of cybercrime file that has all the information you need access when something like this happens, almost a paper file, isn’t it that you can take and grab and deal with it.

We do have a useful information sheet which has on there a couple of useful links to websites and look at. And also it says about Action Fraud and how to report them as well.

Sara Webb Oxford Innovation Cornwall

Okay, so we can hopefully put a link in or access to that document on the podcast, that would be great. So I think I think this has been great, really helpful, actually. And I’m hoping that our clients will be listening to this and really thinking about, I think that thing that I’ve got from this is, it’s the basics. Make sure you’ve got the basics in place. Don’t let them slip in this time, because that could be a dangerous thing to do. Making sure your team are aware so there’s some definite communication in there. Is there, just to put you on the spot… if there was one thing or maybe two things that you want every business to do, what would it be?

There’s a lot I’d like businesses to do!

I think it’s that communication and awareness with staff is the most important aspect, really. It’s often phrased that the human factor is the weak side of a business when it comes to cybersecurity, but actually, if you can raise the awareness of staff, and let them know of things to look out for and how they can be safe and protected, they can be your first and strongest line of defense, almost like a human firewall to your business. So that’s the biggest thing I would like businesses to do is to have that communication, talk about what’s going on, if you see anything that looks a bit unusual, actually talk to the members of staff and just have that communication.

Sara Webb Oxford Innovation Cornwall

You can imagine that sometimes they come in and you’re aware they’re not as they should be and so you just delete them, but actually, we should all be reporting them to whoever it is in the business so something can be done.

I might know not to click on it, but it doesn’t mean that my colleague is going to do the same.

Absolutely, and definitely in a situation when we’re separated as well from our team. It’s not as though we can just say “hey, I’ve just seen this email.” But when teams have seen something a little unusual, just be wary when it comes to your mailbox.

Sara Webb Oxford Innovation Cornwall

Which I think ties into earlier you said most of this, the ransomeware and the phishing is coming in via emails and people clicking on links. So you’re right, it’s that human firewall that needs to be in place, so there’s at least another check in there to stop that from happening.

If I can just add one more point to that, we in the South West Regional Cybercrime Unit are a point of clarity more than anything else. Don’t be afraid to ask the question or come and speak to us if you have any concerns but want a little bit more advice on anything in particular and we’re more than happy to help and support businesses in the South West.

Our website is www.swrocu.police.uk/cybercrime. Our Twitter handle is @SWRCCU, we have LinkedIn as well, which is SW Regional Cybercrime Unit and our email address is: swcyberprotect@avonandsomerset.police.uk


You can find all the links and extra support areas mentioned in this podcast at our accompanying resource page.