The final GTT Cybercrime Prevention Hour Workshop discussed one of the most important aspects of cybercrime risk. Over several months the GTT workshops have covered many aspects cybercrime and concluded that devices and networks all have vulnerabilities that can be exploited, but the greatest weakness in our online security was often ourselves. Our behaviours, habits and natural curiosity create the vulnerabilities confidence tricksters use to find out information about us to commit fraud or extortion.
Workshop proposes factors to consider. What people do on the internet and how they access and use services affect an individual’s exposure to risks. GTT proposes that these ideas can be express as an algorithm that could be developed to measure personal risk. The edited presentation discussion outlining the proposed algorithm is the GTT YouTube Channel.
Most of us think about Cybercrime tend to worry viruses, phishing scams, accounts being hacked, or our devices being stolen. The Networks we all use are another way a criminal can access our data to commit crime.
How does the broadband work?
If you have Broadband services offered from domestic Internet Service Providers (ISP) in the UK, there are two different types of Modem, Cable or ADSL (Asymmetric Digital Subscriber Line.). Cable using optic fibre and ADSL use the standard telephone line which is copper wires.
There are several UK ISPs all use different modems and routers.
A modem converts the analogue signals from the cable or phone wire to digital signals (Modem stands for Modulator-Demodulator). The digital signals are sent to different devices by a Router. This is done via an Ethernet Cable or WiFi connection. Most ISP Broadband packages the Modem and Router are built into one device.
How do you set up your home network?
When you get Broadband your ISP provides instructions of how to set up your network and connect with Modem and Router to your devices and the phone or cable connection. If you do not have any information you check your ISP’s website or phone to find out about Protecting initial set up.
Every Modem/Router with have default factory settings to start with. It is important to check and change some of these setting before you start using your network. To do this you have to go the Administrator’s Control Panel.
On the back of the Router box there is usual a label showing the Admin Password and the WiFi Password.
The Admin Control Panel is access by connecting a computer to the Router opening a web browser and typing in the IP address. For example:
Your Admin Control Panel can be access from any computer connected to the internet if someone knows your IP address. Sometimes the default Admin password is easy to crack or is well known.
If someone can access your Network, they can access any device connected to your network, this means they can spy on you with webcams and steal valuable data like other passwords to emails and bank accounts.
What is a Firewall and why should it be always switched on?
The firewall prevents anyone access your network unless they have the right internet credentials. This can be IP addresses, devices, or passwords. The network firewall can allow exceptions for instance software update being the most common.
Note sometimes you must turn a firewall off when installing some antivirus software.
What are parental controls?
Parental controls allow the administrator to restrict internet searches to safe searching and block access to adult websites. It can also turn off access to certain devices at certain times such as bedtimes. With mobile devices it is not easy for parents to either supervise children 24 hours a day or prevent devices being smuggled into bedrooms.
What is the WiFI SSID?
When you log onto WiFi the SSID is the name of the WiFI Network. The default label will identify the ISP provider and network name is possible that default SSID and WiFI password might be known by someone passing by your home. It is a good ide to change this no matter how unlikely some would access your WiFi
You should make sure the WPA (Wireless Protected Access) is enable.
Creating a Guest WiFi
Many Routers allow setting up a Guest WiFi login this prevent a guest access your Home Network. This is useful if you have contractors in the house that need to access the internet while they are working in your home.
The Cybercrime Prevention Hour has considered how risk management tools could be used to inform, raise awareness, and provoke discussion on how to control individual and corporate risks.
The approach to examine risk is simple; identify, assess and deicide. Risk threats have two components consequences or impact and likelihood or probability of occurrence.
Cybercrime RISK is the potential for a THREAT is a person or thing that is likely to cause damage to exploit a VULNERABILITY such as a flaw, feature or user error that may result in some form of negative IMPACT.
Vulnerabilities that expose us to Cybercrime
Introducing the Risk Assessment Matrix
The results using the Risk Assessment Matrix discussing different vulnerability domains can be then used to inform decision making. Whether a risk is taken or not, or an affordable or practical control, is initiated to give sufficient comfort and safety. Every individual or organisation will have different devices, software, networks, and behaviours to contend with there is no one solution for everyone however there are common themes.
The final step if for dealing with risks is the decision making. As with all risks there are 4 choices; either take, avoid, treat, or transfer. The first two choices are obvious, and it is simply a question of chancing it or not, but sometimes we have no choice and are forced into doing something that is beyond our comfort zone that feels potentially risky. In this situation we try control the risk or limit possibility of things going wrong.
Treating or controlling risks is best understood by giving an example:
“I use my phone for everything if I someone stole it what would I do? If the phone were stolen it would have my address book, diary, email, social media accounts, and personal photos.”
Should use the phone and nothing else or should I risk it?
How can I treat or control the risk?
Keep the phone on me and only use in a safe place.
Use device security, fingerprint lock of face recognition.
Encrypt the storage.
Make sure I know all the account passwords or have them stored in a password manager I can access from another device.
Make sure I have backed up of the photos and documents onto a secure cloud storage.
Make sure I have the device SIM PUK code on file at home and get my mobile phone contract supplier to replace the SIM.
If I implement the 6 controls above, I can drastically limit the impact if I should be unlucky and get my phone stolen. All these measures I can do with no additional cost. Only the first point would reduce the likelihood of my phone being stolen.
If my device is expensive to replace, I could consider transfer the risk of the loss by buying some personal insurance against theft.”
Most of us are unaware of how the internet works we use and trust our technology to do the daily things we need when we need it. Beneath the surface there a servers, cables, wireless transceivers, software, and people keeping it all running. For Internet Service Providers (ISPs) reliability and safety are paramount to maintain customer confidence.
Vast numbers of people are involved in keeping up with criminals and other that are continuing to exploit vulnerabilities to financial or political gains. Being vigilant against cybercrime is like continual cold war between good and evil trying to outsmart the opposition.
Recently the news released information about weapon grade security tools being harvested by unknown criminals. This week the US Government security have announced that state agencies have been hacked using SolarWinds Orion network hacking tools.
Cybercrime Prevention Hour
The GTT Cybercrime Prevention Hour were able to learn more about what goes on behind the scenes with guest speaker Iain Currie from BT.
This month the GTT Cybercrime Prevention Hour considered cybercrime risk. In conclusion Cybercrime risk is the potential threat of a person or thing that is likely to cause damage by exploiting a vulnerability (a flaw, feature or use error) that may result in a negative impact.
Coping with threats and dealing with our fears
Threats can be general like scam emails sent out in large quantities in the hope that recipients might respond or can be target specifically at you. Cybercrime has many different motives often money or data, but sometimes can be more sinister such as entrapment or revenge. Everyone seems to be bombarded with junk email and nuisance calls these days, and the workshop concluded it is good to share the burden, learn more about the threats we all face and get support together.
What are the vulnerabilities that expose us to cybercrime?
There are 3 areas to examine: Networks, Devices and People.
Everyone uses a network connection to access the internet whether that is via a LAN Cable, WiFi router or mobile data connection. Each method will have security built into the hardware, but not all of us know how to use it or have access to the security controls.
All digital devices have security built into their operating systems, making sure it is used, updated regularly as well as having it personal data backup are the basics of minimise risk.
The greatest potential for risk is ourselves, a lack of knowledge, forgetfulness, carefree or risky behaviours increases exposure to cybercrime threats. Or simply making a mistake which we are all prone to do many times in our lives.
Criminals rely on this. Hence the term “Phishing” scam emails are literally criminals fishing for people with hope to net an unsuspecting victim. Often posing as your ISP, PayPal, Apple, Microsoft, or Amazon suggesting there is a problem with your account or are offering a refund (“a carrot or stick”). The “hook” is the internet link in email which delivers the malware onto your device. If you click on the link you are “caught” and the damage is done.
GTT launched the Cybercrime Vigilance project with the support of the West Yorkshire Police Community Safety Fund. GTT hosts regular monthly workshops to discuss, share information, and learn about cybercrime prevention. It is a continual challenge for everyone as new technology develops.
The aims of the GTT Cybercrime Prevention Hour workshops will explore and collaborate to develop on going shared resources. GTT encourages everyone to Participate, Learn, Achieve, and Innovate together
What is Cybercrime? How do we identify cybercrime risks?
What impact does cybercrime have on victims?
Looking statistics and unreported crime, how common is cybercrime?
The fear of crime – how safe do we feel?
Managing behaviours and risk – How do I use my technology?
Review my risk controls – what I am doing? is it good enough? What should I be doing?
Training in good practice and developing good habits
It is free to join the workshop book a place by contacting GTT or via Event Brite.