By Nick Duley.

As technology is becoming an increasing part of our lives. It’s important to protect our privacy and security from online trolls and hackers. Facebook is one of the most common social networks out there and by default, the privacy features for one’s account are very limited. Leaving your personal information open. In this article, I’ll go over 3 simple and effective ways to protect your privacy on
Facebook.

Change who can look you up using your phone number and email address.

Putting up personal information such as your phone number and email address for anyone to see is extremely dangerous. If someone has your phone number, they can send you spam messages and track down your location. And if a hacker has your email address and if you already have poor security practices for your email account, a hacked email address allows a hacker to view your banking statements, the activity of other online accounts you have, etc.

To rectify this, go into Facebook settings, click privacy and for “Who can look you up using the email address you provided?” and “Who can look you up using the phone number you provided?, choose from the dropdown menu “Only me”.

Turn off Search Engines Linking your Facebook Profile.

If you’re not comfortable with employers or random people looking you up you may want to turn this feature off. Someone who doesn’t have Facebook can look up your name on Google or any search engine, find your Facebook profile and can see the information you made public on your profile.

However, this is very simple to fix. Go into Facebook settings, click privacy and where it says “Do you want search engines outside of Facebook to link to your Profile?” untick the box “Allow search engines outside of Facebook to link to your Profile”.

Hide your Friends List.

You may not feel that your Friends list is a big threat to your privacy, but if you keep it open, it’s easier for a malicious user to contact people who know you. For example, if someone has a grudge against you, they can go through your friends list and send your friends malicious messages about you.

Like all my other tips, this can be resolved through Facebook settings. Go into Facebook settings, click privacy and where it says “Who can see your friends list?”,  choose from the dropdown menu “Only me”.

By Eve Ferguson

Most grandparents are now joining the world of smartphones, social media, internet banking and following the global pandemic, online shopping. So, how do you explain to a trusting generation that some people on the internet are just plain evil?

My Nan, who is quite tech savvy – probably more tech savvy than my Mum, experienced many electronic hurdles throughout the lockdowns. Pre-Coronavirus these could’ve been solved by family members, popping in to sort the issue.  Of course, the Covid restrictions over 2020-2021 made this very difficult – leading to frustrating facetime calls, which usually involved that classic question: ‘how do I flip the camera, again?’

One of the issues that sticks out the most are communications she got from her mobile provider. They texted, emailed and even wrote to her saying they were sending her a new sim card in the post and that she had a few days to transfer all of her data from the current sim in preparation. This deadline and the style of the emails and texts – containing clickable links and phone numbers to call – led me to believe it was your classic phishing attempt as she hadn’t requested a new sim, and she wasn’t due an upgrade. But surely sending emails, texts and written letters was a lot of effort just to try and get one lady to give over a few details and possibly some cash?

I obviously told her not to click on any of the links or use any of the phone the numbers provided, but to use trusted numbers from the internet.  Whenever she phoned her mobile provider, she was left on hold for ages and didn’t really make any progress. She was worried that because she hadn’t complied with the instruction, she would lose all of her phone contacts and other data.  

We weren’t even sure the ‘new’ sim card was coming, we had not requested it, Nan was not due an upgrade so there was every possibility it was a scam.  We were left with the dilemma; Should she just wait to see what happened? Should she try phoning the provider again? Should she just do as instructed on the emails, texts and letter?

Eventually, my Nan finally made progress with the customer care call centre and found out this was all legitimate, the sim did come, and nothing was lost.

But what if it hadn’t been legitimate? What if it was all just some big, elaborate scam?

Many elderly people aren’t as lucky as my Nan, she has children and grandchildren, not necessarily with cyber security knowledge but with enough exposure to social media to know what to do and what not to do.

In 2015, it was reported that 43% of elderly people believed they had been targeted by a scammer. This makes the elderly the most vulnerable to fraudster attacks. Lonely pensioners may be more willing to talk and listen to fraudsters as well as being more trusting towards what fraudsters have to say. 

Following my Nan’s personal experience and my education in Cyber Security, I believe these tips to be helpful when teaching your Nanna about cyber security.

Steps to help your Nanna:

1. Use simple terminology. Most people over the age of 55 don’t know what a tweet, friend request or virus is. This means using scary words such as ‘phishing’, ‘malware’ and ‘hackers’ may worry your Nanna unnecessarily. Try using anecdotes and simple stories to explain a situation.

2.  Teach her why someone might want her information. Psychologists have found that we have clearer memory of information when we can put meaning towards it. When teaching your Nanna try to explain why someone might want her information, if she understands what you are saying then she will find it easier to remember and for her to understand why you’re teaching her these things.

3. Give her tips for things to look out for. Yes, not all scams are the same but a lot of them are built around the same layout. Teach her not to click links or share sensitive information online. If an email tells her to click a link to check her account, teach her to open a new window and log in through a web browser.

4. If it’s too good to be true, it probably is. Teach her this classic. If a deal online or something being sold over the phone is just too amazing, teach her that it’s probably a scam. 

5. Passwords are important. My Nan’s passwords are as random as British weather – none of them are remotely similar, so much so she has a little book with all of them written down, to help her remember. This little book is far from good practice but it’s more likely that she’ll get scammed online than burgled and her ‘little book of passwords’ being stolen. Teach your Nanna that strong, hard to guess passwords are winners – especially if they aren’t reused. It’s important too that she should know that she shouldn’t share them with anyone. ANYONE. 

6. Take your time with her. Cyber Security is not easy, even for the younger generations, so cut your Nanna some slack. Don’t be tempted to take the device from her and do it yourself because she won’t ever learn herself. Teaching your Nanna cyber security techniques may take time and she may ask you on multiple occasions to go over something you’ve already shown her, but she’ll learn with practice. 

7. Write down step-by-step instructions. This could help her with other technology-based activities too. As well as her little password book, my Nan has a book of things I’ve taught her, like copying photos off her phone and renaming them in a different folder. I also have a little book of instructions I’ve learned and can’t quite remember from my degree course, so there’s no shame in having written instructions – especially if it helps keep you safe. 

8. Celebrate the little wins with her. Like I said before, this stuff is hard. Even if your Nanna has completed something incredibly basic and mundane, to you, celebrate her success.  

So, those are a few of my tips for educating your Nanna on Cyber Security. I haven’t exhausted the list of possible tips, not at all, but hopefully these will help you help your Nanna.   Good Luck! 

References: 

www.acfe.com/fraud-examiner

www.ourwatch.org.uk/crime-prevention/crime-prevention-toolkits/scams/scams-older-people 

www.quora.com/What-is-a-good-method-for-elderly-people-to-manage-their-passwords

By Mustafa Obousy

Employees are proposed to be possibly the weakest link in a business in terms of its’ security system, as they are most liable to hacking schemes – as they are usually targeted through emails and attachments which could potentially bring down the reputation of a business eventually leading to organisation failure.

A liability to the system

Employees could be considered a threat to the security system in businesses, as they are most liable to fall for hacking and phishing scams, which substantially are distributed through emails containing vast links or attachments. Although workers have been proven to be a great asset, they can also be deemed a liability due to the loosely affiliated cybercriminals that have made a business off of scamming individuals – thus the amount of data breaches has been exponentially increasing over the years, as in 2017 there have been 1,000 data breaches – compromising just under 2 billion records compared to only 784 data breaches in 2016 (Ismail, 2018), by 2019 the number of data breaches had expanded to 5,134 (Henriquez, 2019).

Hacking and Phishing scams

Phishing scams are essentially a fraudulent method of obtaining information such as account credentials and credit details through disguising themselves as a trusted entity over electronic communication, hence with the use of employee information the hacker can get into the users’ network and hence possibly sabotage the system. There has been an upsurge in scams over the years – whom certain individuals have made a profit out of vulnerable users – with the rise of the internet in recent times this has become more common. The most common types of phishing methods are spearfishing and whaling. Both including manipulating user information. Whaling includes targeting anyone in an organisation, and harpooning their information – if this attack is proven successful then they can conduct CEO fraud – this is when they can abuse the compromised email account to authorise fraudulent wire transfers to the institution. In spearfishing, this includes impersonating your target user including his name and address, subsequently to expedient the victim into clicking on a malicious URL or attachment to hand over potential data for the company – this can lead to a sabotage of the system or the theft of intellectual property or money.

How to protect your employee

An employee has the potential to be a security asset to a company, however, some tools are needed to be obtained to protect your company and fight cybercrimes. Thus, the employee must receive training to detect emails to preserve the organisation from malicious software; such as, carrying out authorised penetration testing which can be used to help alert the user for potential threats and how to spot them, authorised penetration testing include an attack assessment, in which a penetrator sends a genuine phishing email impersonating a well-known social media company, using their name, email etc. – the email is designed to impersonate the trusted corporation or third party, the targeted phishing user must observe whether or not this is a genuine email or a phishing attempt. Emails with malicious intentions usually have inaccurate domain names, typos in their email/username; such as misused capital letters or full stops when unnecessary, which is rarely done by professional companies (King, 2019 ). However, if there are further suspicions of authenticity- you can detect phishing attempts within the email by identifying dodgy links, or you will receive threats to spur you into action, such as threatening to close your account or ban you if you do not click on the link provided.

Security systems impact on business

The breaching of a security system can compromise a business – bringing up issues such as business disruption and reputation damage, potentially damaging an organisation significantly. Business disruption is an innovation creating a new market and value network which eventually disrupts the current market and network and hence a possible displacing of current brands, firms and alliances. This is a problem for the business as different types of disruption requires different types of strategic approaches. Thus if we handle this incorrectly, such as a failure of integrating insights from subsequent research the manager may use the wrong tools for the problem, thus reducing the success chances. The failure to sort out business disruption could bring up issues such as reputation damage. Reputation damage is essentially how a business responds to a disruption, it is important to respond to disruption appropriately to protect the reputation of the business and avoid damage to your organisation. This may include a loss of customers or products and services – To circumvent this, you could provide extra protection to your cybersecurity system such as to educate your employee on cybersecurity practices and constantly update your security system. Further methods to deal with reputation risk is to have a plan when disruption takes place – to meet a requirement, such as how to deal with your employee and changes to made to a business, with intentions to prevent further damage to the organisation and prevent encompassing the risk of organisation failure.

However, despite the drawbacks of the employee towards a company, they do also make an important asset in business – hence, to maintain company security they would have to undergo further staff training to protect themselves from phishing, as these scams could endanger the company and its assets.

Henriquez, M. (2019). The Top 12 Data Breaches of 2019.

Ismail, N. (2018). Why Employees are a Businesses Weakest Link.