Cybersafe for Business E-Book

Table of Contents

Copyright

Foreword

Introduction

Chapter 1: The Threat

Chapter 2: Keeping It Simple

Chapter 3: You are the Weakest Link

Chapter 4: Secure Your Gates

Chapter 5: Secure Your Stored Data

Chapter 6: Let’s Backup A Bit

Chapter 7: Email

Chapter 8: Secure Communications

Chapter 9: Is Your Business Being Held To Ransom?

Chapter 10: Safe Commerce

Chapter 11: Don’t Be Denied Service

Chapter 12: Ensure You’re Insured

The Last Word

CyberSafe Checklist For SMEs

Further Reading

Additional Resources

Tools And References

About The Author

Glossary & Index

Copyright

Copyrighted Material

Copyright © 2021 by Patrick Acheampong

All rights reserved. This book or parts thereof may not be reproduced in any form, stored in any retrieval system, or transmitted in any form by any means—electronic, mechanical, photocopy, recording, or otherwise—without prior written permission of the publisher. For permission requests, write to the publisher at “Attention: Permissions Coordinator,” at the following email address [email protected]

Visit the author’s website atwww.livecybersafe.com

Edition Date - September 2021

ISBN - 978-988-75962-0-2

Disclaimer

Every effort has been made to ensure that the content provided in this book is accurate, legal, and helpful for our readers at publishing time. However, this is not an exhaustive treatment of the subjects. No liability is assumed for losses or damages due to the information provided. You are responsible for your own choices, actions, and results.

Foreword

That we live in an ever more digitised world is immediately apparent if you are a citizen of Western Europe, North America or East Asia/Australasia. Accessing social media, banking, communications and retail shopping – increasingly on a smartphone – are commonplace today.

But this ‘always on’ scenario is not without risk. Today data is a source of wealth for many companies as valuations of the giant tech companies indicate. As in the ‘real’ world, criminals will take advantage whenever they see a chance to make money from stealing or denying access to data.

Nearly 2 billion files containing personal data were leaked in 2017 – and this was only in the US – and is probably under reported. Large companies and governments are addressing this issue through both technical means and training, but what can the individual citizen, or the owner of small and micro business do?

Pat Acheampong has the answer – plenty! An unlocked door or window is a human failure that is an invitation to criminals; similarly people are still the main cause of data theft, denial of use and therefore loss of assets and money.

Protection of your digital life is an important part of protecting yourself, your family and your assets. This clear and concise guide will go a long way to achieving that goal.

Michael Mudd

Asia Policy LLC

Have you ever been scammed on the internet? I have, numerous times.

What is an online Scam? It's a method to cheat you, usually financially, without your conscious consent while you are using different services online.

Scammers can tap into your personal data (Government IDs, Credit Card numbers, Date of Birth, Legal Names, Addresses, Phone Numbers, Usernames and Passwords) either by hacking into leaked information from third party companies, unencrypted channels such as free Wi-Fi in coffee shops or hotels or any internet services where you may have shared private details with. Pretending they know you and/or requesting you to take actions based on something you potentially care about.

I am sure 9 out of 10 of you have been cheated by an unknown source on the internet at least once during your lifetime online, and it's totally not your fault.

We are spending more and more time to stay connected online, and are more dependent on technology for work and personal life. It will continue to increase with the current rate of digital transformation in the new world of Covid-19. Scammers are more active than ever as they know more vulnerable people are getting online and may not be savvy enough to protect themselves on the Internet.

My latest scam experience involved my Uber account getting hacked, and I lost three thousand USD a few years ago. The hacker used my account to simulate fake pick up requests and UberEats orders all around New York. I called Uber support numerous times and requested to suspend my account, all I got back was that they will investigate and could not stop all activities immediately. There was also an issue with the app that I couldn't use my email to reset my password or change my phone number. I couldn't bear seeing fake transactions keep adding to my credit card, so I took the matter in my own hands and canceled the credit card instead. This created a lot of inconvenience to have to redirect all utilities and direct debits against that card.

Recently I heard that a 67 year old lady lost over one million US dollars of her retirement savings due to Covid-19 online scams. The story is too long to be told here, but I am sure you have heard many of these cases through friends, families, or co-workers. The point is, these unfortunate events can happen anywhere and anytime if we are not paying attention or being skeptical before pressing the button.

We don't need high IQ or get a computer science degree to use the Internet safely, but we need to know the basics of cyber security, and learn some of the tricks and tools that could armour us from being attacked or cheated. The Internet is a massive place with billions of people online, and with a lot of opportunities for evil people to do bad things. Just like when you are walking on a busy street or browsing in a night market, you have to ensure your bags are well protected, wallets and cash are secured and in your awareness, as pocket pickers are hidden everywhere. We need to possess knowledge to protect our data online, and configure the right settings with our tools so that the chance for scammers to take advantage of us is mitigated.

This second edition book by Patrick Acheampong is a rare find and a must read for anyone from kids to teenagers, adults, and grandparents to stay safe and confident online in the world of working from home. Don't be intimidated by the misconception that you need to be an expert to secure yourself. This self-guided book is so easy to read, and it will bring many aha moments with an easy checklist to follow for protecting yourself online.

Danny Wong

Financial Professional and Tech Start-Up Entrepreneur

Introduction

Botnets, hackers, viruses, worms, snoops, trojans, capricious governments. You’ve probably heard of one or all of these at one time or another. If you haven’t, don’t worry. By the time you’ve finished reading this book, you’ll be well equipped to defend yourself against them, and that’s the important thing. They’re all out there trying to invade your privacy, take over your computer, steal your identity and your cash, spy on you, and map your life. This book aims to give you some tools and strategies to fight back against this online assault, and reclaim your safety online while also maintaining your right to privacy.

At a recent World Economic Forum Davos summit, a cyber security roundtable discussion revealed that the biggest banks can now expect up to two billion cyber-attacks a year; retailers, around 200 million.

Recent research from IT consultancy Capgemini found that only 21% of financial services organisations are highly confident they could detect a data breach.

In 2013, confidential documents leaked by Edward Snowden indicated that major email and cloud storage providers like Google, Microsoft, and others were part of the NSA’s top secret surveillance program called PRISM. In 2017, the U.S government passed legislation that allows Internet and telecom companies to share customers’ personal information, including web browsing history, without their consent. It wasn’t just governments though. If that wasn’t enough, there have been numerous reports of companies, including well known ones such as Microsoft, and Google, snooping on their customers themselves.

All these revelations have made Internet privacy a burning issue, with many privacy conscious users now turning to services that claim to be secure from prying eyes.

The first rule of Internet safety, as with most other aspects of life, is to keep it simple and that’s exactly what this book will help you do. There may be far more sophisticated ways of staying safe that the more technical amongst you are familiar with, but this book is designed for the majority out there with basic technical knowledge.

That means that you should be able to implement most if not all of these techniques. It also means that this book is not hundreds of pages long, filled with unnecessary fluff just to pad it out. As well as keeping matters simple, this book also aims to offer solutions that are practical, and affordable for individuals.

These tools are a mix of open source and commercial applications. Woah, stop, open source? Isn’t this supposed to be a guide for non-techies? Before I go any further, I suppose I should let you know what open source means. The good folks at Wikipedia have a clear definition: “Generally, open source refers to a computer program in which the code used to create the program is available to the general public for use, or modification from its original design. Open source code is meant to be a collaborative effort, where programmers improve upon the source code and share the changes within the community. This code is then released under the terms of a software license. Depending on the license terms, others may then download, modify, and publish their version back to the community”.

Why use open source you may well ask. Isn’t commercial software better built? Well, open source software can be built to just as high a standard as commercial software. Also, if the source code is available for anyone to view, it’s harder, if not impossible, to hide a backdoor in the software that can allow someone to track and log your activities or even gain direct access to your computer. For example, the source code for Skype is closed so we don’t really know if a backdoor is built in. With open source, on the other hand, if a backdoor was built in, it would quickly be discovered because of the number of coders working on it at any time. Hopefully that explanation was straightforward enough without getting into more jargon.

For readers with a digital version of this book, where relevant I have included links to tools so you can easily click on them to take you to the appropriate site. This book is not intended to be an exhaustive list of tools you can use. There are plenty of those lists on the Internet already, e.g. http://www.expatpat.com/tools. Rather, this book intends to give you affordable, and what is more important, actionable steps you can quickly take to protect yourself and your family online.

Very few if any of the ideas and strategies in this book are my own innovations. They are proven strategies, tools, and tactics, road tested over the years by technology, security, and privacy experts. Just to be clear, simply reading this book won’t make you one bit safer on the Internet, or protect your data, or privacy. IF you want to achieve that, you need to take action and implement the strategies outlined in the book.

While every effort has been made to ensure the accuracy of the information in this book, technology evolves so fast that some services and links may be out of date. Hopefully the information you will learn in this book will give you knowledge of how to find alternatives.

Who This Book Is For

After numerous overheard and face to face meetings with friends, family, colleagues, and clients, I came to the realisation that there are many people out there that are unaware of how open they are to all the nasty stuff that can happen with your digital life, thanks to people out there with bad intentions. The other group of people are those who know how bad things can be, but don’t know what to do about it.

This book is written predominantly for small to medium business owners with concerns about businesses digital privacy or security, with little to intermediate technical knowledge and small budgets. This book will help you to effectively manage digital security in your business.

Chapter 1: The Threat

The rate at which Cyber attacks are growing is astonishing. In 2016, McAfee labs estimated Cyber attacks were running at about 400,000 per day. Only a decade earlier, it was just 25!

A billion personal records are now stolen each year, degrading trust in the organisations victimised, and in the internet itself. The scope of cyber attacks has broadened exponentially too. Where once individual retailers or banks were targeted, now entire supply chains, financial networks, and stock markets may be targets, potentially affecting the integrity of international financial systems, or the GDP of an entire country.

Small and medium-sized enterprises (SMEs) like yours and mine are a popular target for hackers and ransomware because we tend to have fewer resources available to battle cyber security than large organisations do. Over 150,000 U.S. SME websites are infected by malware at any one time, and have been involved in nearly 45% of all data breaches. It's fair to say the numbers are unlikely to be better internationally.

Many SMEs falsely believe they're too small to be targeted. If that’s what you think, remember this – even a 'smaller' ransom of a few hundred dollars is still highly profitable for cyber criminals. Remember, they are targeting large numbers of SMEs.

As a director and/or owner of a business, you know you have a legal and moral responsibility to clearly understand how you are protecting your business, customers, and staff from online risks., e.g. harassment, copyright/IP usage, customer data privacy, improper material being sent or received. However, that’s not all. Financially, European Union courts can hit you with a fine of up to 4% of your total revenue for a data breach involving their citizens, regardless of where your business is based!

If there’s one thing that you should keep in mind when thinking about internet threats, it’s this: assume that you WILL get attacked at some time. With that in mind, you need to be very clear on governance in your business, i.e. who is responsible for your business’s cyber security? You need to ensure you have a very clear policy on escalation when there is a cyber issue, and when to call in external entities, e.g. law enforcement, lawyers, PR, I.T. security firms, etc.

Many businesses neglect this, but if you use third party vendors for your critical systems or supply chain, then you also need to assess the cyber risk factors associated with these vendors. This may be challenging to do, but even a rudimentary audit should catch the most glaring issues. If your company is unable or unwilling to do it yourself, then you can use a company like CyberGRX to audit your third party vendors. If a supplier is unwilling to provide this information, then it is worth your while to rethink whether you want to be in that business relationship.

The rise of the mobile workforce has made it challenging for I.T. teams in larger enterprises, let alone SMEs, to protect data that is created outside of the business’s firewall. Simplifying data protection for laptops and mobile devices begins with providing backup to your mobile workforce, and giving I.T. one place to manage all of your business device’s data protection needs, regardless of whether it is a business supplied device or a personal device used under a Bring Your Own Device (BYOD) scheme.

An increasing area of threat for SMEs is the Internet of Things (IoT). As IoT devices are always connected and always on, they go through a one-time authentication process, making them perfect sources of infiltration into an organisation’s network. As a result, these IoT gateways need to be better secured to improve the security of your overall business cyber infrastructure.

There are software tools such as WhiteOps that monitor the network data flow, identify malicious bots, flag suspicious files, and analyse them for destructive or malicious intentions; invest in them. These may seem like small measures, but they play a big role in the overall IoT security strategy.

If all else fails, at least be prepared for potential security breaches. Eventually, they will happen, to you or someone else (preferably a competitor who hasn’t read this book). Always have an exit strategy, a way of securing as much data as possible, and rendering compromised data useless without wrecking your I.T infrastructure. You should also educate customers, employees, and everyone else involved in the process about the risks of such breaches. Instruct them on what to do in case of a breach, and what to do to avoid one. Employees (in particular any employee that touches data), should take a cyber-awareness course to increase their awareness of the risks, and to improve the cyber security of your business.

Of course, a good disclaimer and Terms of Service (TOS) will also help if you end up dealing with the worst-case scenario.

Before we jump into the various strategies to help keep you safe and secure online, I need to give you a better idea of the threats you face online. The online world is full of various terms relating to the nefarious acts of online ne’er-do-wells out to do you cyber harm. You will come across these terms on the news, while surfing, or just in conversations with friends and colleagues. This is what some of them mean.

Viruses

Viruses are harmful computer programs that can be transmitted in a number of ways. Although they differ in many ways, all are designed to spread themselves from one computer to another through the Internet and cause havoc. Most commonly, they are designed to give the criminals who create them some sort of access to those infected computers.

Spyware

The terms "spyware" and "adware" apply to several different technologies. The two important things to know about them are that:

They can download themselves onto your computer without your permission. This typically happens when you visit an unsafe website or by way of an attachment

They can make your computer do things you don't want it to do. That might be as simple as opening an advertisement you didn't want to see. In the worst cases, spyware can track your online movements, steal your passwords, and compromise your accounts

Botnets

Botnets are networks of computers infected by malware (computer virus, key loggers, and other malicious software) and controlled remotely by criminals, usually for financial gain or to launch attacks on websites or networks.

If your computer is infected with botnet malware, it communicates and receives instructions about what it’s supposed to do from “command and control” computers located anywhere around the globe. What your computer does depends on what the cyber-criminals are trying to accomplish.

Many botnets are designed to harvest data such as passwords, social security numbers, credit card numbers, addresses, telephone numbers, and other personal information. The data is then used for nefarious purposes such as identity theft, credit card fraud, spamming (sending junk email), website attacks, and malware distribution.

Phishing

To summarise Wikipedia, “Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising oneself as a trustworthy entity in an electronic communication.” The word sounds like fishing due to the similarity of using bait in an attempt to catch a victim.

According to research by Verizon, about 30% of phishing mails get opened, while approximately 11% of attachments in these emails also get opened. The average marketing email gets opened less than 1% of the time. How the villains behind these emails are getting this level of open rate should be the subject of a case study on marketing! There appears to be a clear mismatch between the false confidence people have over their ability to spot a phishing email, and reality. Interestingly, according to a Webroot survey, fully 79% of people claimed they would be able to distinguish between a phishing message and a genuine one, but then nearly half (49%) also admitted to clicking on a link from an unknown sender. A further 48% said they had experience of their personal or financial data being compromised by a phishing message. This level of hubris is what leads to bad outcomes for people at a personal and professional level. That’s why I wrote this book, to help you combat this.

Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter personal information at a fake website, the look and feel of which are almost identical to a legitimate one. Communications purporting to be from social web sites, auction sites, banks, online payment processors, or IT administrators are often used to lure victims. Phishing emails may also contain links to websites that are infected with malware.

The emails cyber-criminals send often urge you to act quickly, because, for example, your account has been compromised, your order cannot be fulfilled, or some other seemingly logical reason.

Two other types of phishing attack that are gaining in popularity are Zombie Phishing, and the use of URL shorteners. Zombie Phishing happens when attackers take over an email account and reply to an old email conversation with a phishing link. Because both the sender and subject are familiar to the recipient, the recipient is more likely to accept the email as being genuine.