The final GTT Cybercrime Prevention Hour Workshop discussed one of the most important aspects of cybercrime risk. Over several months the GTT workshops have covered many aspects cybercrime and concluded that devices and networks all have vulnerabilities that can be exploited, but the greatest weakness in our online security was often ourselves. Our behaviours, habits and natural curiosity create the vulnerabilities confidence tricksters use to find out information about us to commit fraud or extortion.
Workshop proposes factors to consider. What people do on the internet and how they access and use services affect an individual’s exposure to risks. GTT proposes that these ideas can be express as an algorithm that could be developed to measure personal risk. The edited presentation discussion outlining the proposed algorithm is the GTT YouTube Channel.
Malware is malicious software engineered to work for its makers, and not for the computer user. Malware might steal your identity, install unwanted programs, or encrypt and hold your digital files for ransom. As a term, “malware” covers all sorts of malicious software, including Trojans, spyware, adware, ransomware, and viruses. Malware is now often delivered by exploiting flaws (“exploits”) in legitimate programs.
How do I protect against malware infecting my device?
Download a proven anti-malware scanner with real-time protection such as Malwarebytes Premium.
Keep your programs updated so cybercriminals can’t exploit them.
Protect your wifi with an encrypted password. Never use open wifi.
Use WPA/WPA2 encryption standard on your home wifi; do not use WEP encryption.
Back up important files to a local hard drive.
Do not open emails from people/companies you don’t know.
Do not click on links sent to you via email or IM without first “hovering” your pointer over the link to confirm it is sending you to a legitimate site.
How do I know if my device is infected with malware?
Look for issues characteristics of a malware infection:
Does your web browser freeze or become unresponsive?
Do you get redirected to web pages other than the ones you are trying to visit?
Are you bombarded with pop-up messages?
Does your computer run slower than usual?
Do you see new icons on your desktop that you don’t recognize?
What can you do if your device is infected with malware?
Remove CDs and DVDs and unplug drives from your computer. Restart in Safe Mode.
Download a proven malware scanner such
Disconnect from the internet. Then run a scan.
Follow instructions to remove any malware.
Restart your computer.
Update your operating system, browser, and applications if not current.
Most of us think about Cybercrime tend to worry viruses, phishing scams, accounts being hacked, or our devices being stolen. The Networks we all use are another way a criminal can access our data to commit crime.
How does the broadband work?
If you have Broadband services offered from domestic Internet Service Providers (ISP) in the UK, there are two different types of Modem, Cable or ADSL (Asymmetric Digital Subscriber Line.). Cable using optic fibre and ADSL use the standard telephone line which is copper wires.
There are several UK ISPs all use different modems and routers.
A modem converts the analogue signals from the cable or phone wire to digital signals (Modem stands for Modulator-Demodulator). The digital signals are sent to different devices by a Router. This is done via an Ethernet Cable or WiFi connection. Most ISP Broadband packages the Modem and Router are built into one device.
How do you set up your home network?
When you get Broadband your ISP provides instructions of how to set up your network and connect with Modem and Router to your devices and the phone or cable connection. If you do not have any information you check your ISP’s website or phone to find out about Protecting initial set up.
Every Modem/Router with have default factory settings to start with. It is important to check and change some of these setting before you start using your network. To do this you have to go the Administrator’s Control Panel.
On the back of the Router box there is usual a label showing the Admin Password and the WiFi Password.
The Admin Control Panel is access by connecting a computer to the Router opening a web browser and typing in the IP address. For example:
Your Admin Control Panel can be access from any computer connected to the internet if someone knows your IP address. Sometimes the default Admin password is easy to crack or is well known.
If someone can access your Network, they can access any device connected to your network, this means they can spy on you with webcams and steal valuable data like other passwords to emails and bank accounts.
What is a Firewall and why should it be always switched on?
The firewall prevents anyone access your network unless they have the right internet credentials. This can be IP addresses, devices, or passwords. The network firewall can allow exceptions for instance software update being the most common.
Note sometimes you must turn a firewall off when installing some antivirus software.
What are parental controls?
Parental controls allow the administrator to restrict internet searches to safe searching and block access to adult websites. It can also turn off access to certain devices at certain times such as bedtimes. With mobile devices it is not easy for parents to either supervise children 24 hours a day or prevent devices being smuggled into bedrooms.
What is the WiFI SSID?
When you log onto WiFi the SSID is the name of the WiFI Network. The default label will identify the ISP provider and network name is possible that default SSID and WiFI password might be known by someone passing by your home. It is a good ide to change this no matter how unlikely some would access your WiFi
You should make sure the WPA (Wireless Protected Access) is enable.
Creating a Guest WiFi
Many Routers allow setting up a Guest WiFi login this prevent a guest access your Home Network. This is useful if you have contractors in the house that need to access the internet while they are working in your home.
The Cybercrime Prevention Hour has considered how risk management tools could be used to inform, raise awareness, and provoke discussion on how to control individual and corporate risks.
The approach to examine risk is simple; identify, assess and deicide. Risk threats have two components consequences or impact and likelihood or probability of occurrence.
Cybercrime RISK is the potential for a THREAT is a person or thing that is likely to cause damage to exploit a VULNERABILITY such as a flaw, feature or user error that may result in some form of negative IMPACT.
Vulnerabilities that expose us to Cybercrime
Introducing the Risk Assessment Matrix
The results using the Risk Assessment Matrix discussing different vulnerability domains can be then used to inform decision making. Whether a risk is taken or not, or an affordable or practical control, is initiated to give sufficient comfort and safety. Every individual or organisation will have different devices, software, networks, and behaviours to contend with there is no one solution for everyone however there are common themes.
The final step if for dealing with risks is the decision making. As with all risks there are 4 choices; either take, avoid, treat, or transfer. The first two choices are obvious, and it is simply a question of chancing it or not, but sometimes we have no choice and are forced into doing something that is beyond our comfort zone that feels potentially risky. In this situation we try control the risk or limit possibility of things going wrong.
Treating or controlling risks is best understood by giving an example:
“I use my phone for everything if I someone stole it what would I do? If the phone were stolen it would have my address book, diary, email, social media accounts, and personal photos.”
Should use the phone and nothing else or should I risk it?
How can I treat or control the risk?
Keep the phone on me and only use in a safe place.
Use device security, fingerprint lock of face recognition.
Encrypt the storage.
Make sure I know all the account passwords or have them stored in a password manager I can access from another device.
Make sure I have backed up of the photos and documents onto a secure cloud storage.
Make sure I have the device SIM PUK code on file at home and get my mobile phone contract supplier to replace the SIM.
If I implement the 6 controls above, I can drastically limit the impact if I should be unlucky and get my phone stolen. All these measures I can do with no additional cost. Only the first point would reduce the likelihood of my phone being stolen.
If my device is expensive to replace, I could consider transfer the risk of the loss by buying some personal insurance against theft.”
Aim: Become a student have an opportunity to learn some basic computer hardware skills so you can volunteer to help other by repairing and recycling old computers, repair their own equipment. If you live in the Bradford area this is an amazing opportunity to developing skills further in hardware repairs or building new computers.
Sessions are held online every week on a Tuesday from 2pm to 4pm for 12 weeks.
You will get old PC to practice and learning with, the ultimate challenge will be to bring it back to life!
What will you learn:
Learn what tools and equipment are needed to carry out basic computer repairs.
Identify hardware engineering risks and basic safety requirements
Identify the basic layout of a computers and its parts.
Know key basic electronic principles needed to understand how a computer works
Learn how to replace faulty parts and test computer operation by know some simple diagnostic techniques.
Learn how to research and procure replacement parts increase understanding and knowledge of manufacturers, interfaces, and compatibility.
Learn how to set up a new computer by installing an operating system practice using the BIOS and different Operating Systems.
Most of us are unaware of how the internet works we use and trust our technology to do the daily things we need when we need it. Beneath the surface there a servers, cables, wireless transceivers, software, and people keeping it all running. For Internet Service Providers (ISPs) reliability and safety are paramount to maintain customer confidence.
Vast numbers of people are involved in keeping up with criminals and other that are continuing to exploit vulnerabilities to financial or political gains. Being vigilant against cybercrime is like continual cold war between good and evil trying to outsmart the opposition.
Recently the news released information about weapon grade security tools being harvested by unknown criminals. This week the US Government security have announced that state agencies have been hacked using SolarWinds Orion network hacking tools.
Cybercrime Prevention Hour
The GTT Cybercrime Prevention Hour were able to learn more about what goes on behind the scenes with guest speaker Iain Currie from BT.
Get Technology Together working in partnership with Solidaritech is offering a practical computer repair course for adults that is free to anyone living in the Bradford MDC area. The course offers 12 weeks intensive practical work on how to strip down a computer and rebuild it.
The GTT volunteers made this video to show how School of Metal Bashers could work. This year because of the COVID pandemic GTT will doing much of the classroom activities online using the Zoom App and offering remote tutor support with emails, phone calls and video chats.
The course, starting January and February 2021 will be delivered in weekly online class video call, with a computer kit, online resources, and tutor support.
This month the GTT Cybercrime Prevention Hour considered cybercrime risk. In conclusion Cybercrime risk is the potential threat of a person or thing that is likely to cause damage by exploiting a vulnerability (a flaw, feature or use error) that may result in a negative impact.
Coping with threats and dealing with our fears
Threats can be general like scam emails sent out in large quantities in the hope that recipients might respond or can be target specifically at you. Cybercrime has many different motives often money or data, but sometimes can be more sinister such as entrapment or revenge. Everyone seems to be bombarded with junk email and nuisance calls these days, and the workshop concluded it is good to share the burden, learn more about the threats we all face and get support together.
What are the vulnerabilities that expose us to cybercrime?
There are 3 areas to examine: Networks, Devices and People.
Everyone uses a network connection to access the internet whether that is via a LAN Cable, WiFi router or mobile data connection. Each method will have security built into the hardware, but not all of us know how to use it or have access to the security controls.
All digital devices have security built into their operating systems, making sure it is used, updated regularly as well as having it personal data backup are the basics of minimise risk.
The greatest potential for risk is ourselves, a lack of knowledge, forgetfulness, carefree or risky behaviours increases exposure to cybercrime threats. Or simply making a mistake which we are all prone to do many times in our lives.
Criminals rely on this. Hence the term “Phishing” scam emails are literally criminals fishing for people with hope to net an unsuspecting victim. Often posing as your ISP, PayPal, Apple, Microsoft, or Amazon suggesting there is a problem with your account or are offering a refund (“a carrot or stick”). The “hook” is the internet link in email which delivers the malware onto your device. If you click on the link you are “caught” and the damage is done.
GTT launched the Cybercrime Vigilance project with the support of the West Yorkshire Police Community Safety Fund. GTT hosts regular monthly workshops to discuss, share information, and learn about cybercrime prevention. It is a continual challenge for everyone as new technology develops.
The aims of the GTT Cybercrime Prevention Hour workshops will explore and collaborate to develop on going shared resources. GTT encourages everyone to Participate, Learn, Achieve, and Innovate together
What is Cybercrime? How do we identify cybercrime risks?
What impact does cybercrime have on victims?
Looking statistics and unreported crime, how common is cybercrime?
The fear of crime – how safe do we feel?
Managing behaviours and risk – How do I use my technology?
Review my risk controls – what I am doing? is it good enough? What should I be doing?
Training in good practice and developing good habits
It is free to join the workshop book a place by contacting GTT or via Event Brite.
How often do you hear people say things like this?
“I don’t mind going on the internet, but I am not banking or shopping online, I am frightened of losing my money.”
“I get so much junk and dodgy emails; I am sick of using my tablet.”
“I am worried about what my children are doing online, there are so many scary stories.”
“I have heard a lot about bullying and hateful things being said on the internet, I don’t want to be exposed to any of it.”
When you are frightened you often can not see the difference between FEAR and RISK. We can all be frightened, and it prevents us looking at the real risk or threat.
To avoid any irrational fear, you need to know whether you really have anything to worry about. How likely can something bad happen? What are the consequences of something bad happening?
In life when we overcome our fear or live through something terrible, we can reflect on this experience and sometime see the positive outcomes. I like to think of this has “the school of hard knocks”.
Since the COVID19 pandemic we have all been forced out of our comfort zone by doing more things online, whether that is work, schooling, meet friends, paying bills, arrange doctor’s appointments, shopping, and entertainment.
Get Technology Together (GTT) with the support of West Yorkshire Police Community Safety Fund has launched “Cybercrime Vigilance”, to help people understand the real threat to citizens living an online life today. GTT has been running community classes and help people get the most out their technology for many years, and has learnt that there are some simple rules to follow when being online that can dramatically reduce your risk to being a victim of crime. GTT is asking for you help to participate in exploring cybercrime threats to develop affordable strategies to help you and your family stay safe online. Please contact GTT if you want more information on how to be involved in “Cybercrime Vigilance”.