Copy
Regional Cyber Briefing
Tweet
Share
Forward

Current Threats


Unsecured Databases

Databases are a major target for criminals - they contain all of the sensitive information linked with your organisation (e.g. employee/customer personally identifiable information, financial details, as well as other sensitive information such as Intellectual Property).

An unsecured database is the equivalent of leaving your front door wide-open.

Advice

We're always keen to simplify cyber security, as we often find that when things get a little more technical (e.g. terms such as 'databases'), key decision makers who need to be engaging in the topic can take it as a cue to retreat.

Although you might not be anywhere near responsible for physically maintaining a database, below are a few basic concepts which should help you think about your data, how to talk about it, and how to secure it:

>  Authentication
- A huge number of incidents stem from databases being misconfigured to allow anyone access. As per any other account, databases need to have strong password/2FA and protected admin accounts.
- Following on from the above point - who actually has access to the data in the databases? Who actually NEEDS to have access? In any circumstance, is it easy for someone to access the data and extract it? On that last one....

> Encryption
- Encrypting data makes sure that if it is lost or stolen, it is inaccessible. Recently we've seen the ICO hand out some hefty fines for data breach incidents. Whether or not data was encrypted will likely play a huge part in the outcomes of these sorts of incidents. In short, make sure that any data which, if leaked, would prove incredibly damaging to your company and/or those who it relates to, encrypt it.

> Back up your business critical data
- If anything does happen to that data, then you can restore from those backups. Usual caveats apply (e.g. know what's on them, test them, keep backups separate from internal network, consider using cloud storage)

>  Patches/Updates: 
- As with any other app, operating system, website, hardware - database software needs to be constantly patched to fix known vulnerabilities.

>  Website vulnerabilities
- A common technique to manipulate data in a website's database is to insert malicious code into an entry field, such as an online form. If a website has a vulnerability, those malicious commands can allow attackers to bypass authentication. It's important to at least ask the question to your website provider/in-house teams how confident they are that you're protected against these types of attacks, and what evidence they have to show this.  

> If you suffer a cyber attack, please report it.
We always encourage victims to report the crime to ActionFraud via phone (0300 123 2040) or website (https://www.actionfraud.police.uk).

Events

Brixham Chamber of Commerce General Meeting - Berry Head Hotel, Brixham, 23rd July

For more information on this event, see the Brixham Chamber website at https://www.brixhamchamber.co.uk/chamber-general-meeting-230719/.

If you're interested in either hosting or attending a workshop/presentation, please let us know!

News
Airport email scam thwarted by UK's cyber-defender NCSC.
An attempt to defraud thousands of people using a bogus email from a UK airport was one of a range of cyber-attacks prevented last year. (Read more at https://www.bbc.co.uk/news/technology-48990724).
ICO Intention to fine British Airways £183.39m, Marriott International £99m under GDPR for data breaches. 
[BA] https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/07/statement-ico-announces-intention-to-fine-british-airways/).
[Marriott] https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/07/intention-to-fine-marriott-international-inc-more-than-99-million-under-gdpr-for-data-breach/).

Useful Links
Smart devices: using them safely in your home
Many everyday items are now connected to the internet: in this blog post the National Cyber Security Centre (NCSC) explains how to use them safely.
https://www.ncsc.gov.uk/guidance/smart-devices-in-the-home

'Deadliest Dupes'
Santander, Kurupt FM and the Take Five campaign have teamed up to bring a take on the shady underworld of fraudsters. Check out the website https://www.deadliestdupes.co.uk/ for a mini video series, quizzes, and other resources.
Subscribe to this mailing list
Copyright © 2019 SW Regional Cyber Crime Unit, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp