By Nick Duley.

As technology is becoming an increasing part of our lives. It’s important to protect our privacy and security from online trolls and hackers. Facebook is one of the most common social networks out there and by default, the privacy features for one’s account are very limited. Leaving your personal information open. In this article, I’ll go over 3 simple and effective ways to protect your privacy on

Change who can look you up using your phone number and email address.

Putting up personal information such as your phone number and email address for anyone to see is extremely dangerous. If someone has your phone number, they can send you spam messages and track down your location. And if a hacker has your email address and if you already have poor security practices for your email account, a hacked email address allows a hacker to view your banking statements, the activity of other online accounts you have, etc.

To rectify this, go into Facebook settings, click privacy and for “Who can look you up using the email address you provided?” and “Who can look you up using the phone number you provided?, choose from the dropdown menu “Only me”.

Turn off Search Engines Linking your Facebook Profile.

If you’re not comfortable with employers or random people looking you up you may want to turn this feature off. Someone who doesn’t have Facebook can look up your name on Google or any search engine, find your Facebook profile and can see the information you made public on your profile.

However, this is very simple to fix. Go into Facebook settings, click privacy and where it says “Do you want search engines outside of Facebook to link to your Profile?” untick the box “Allow search engines outside of Facebook to link to your Profile”.

Hide your Friends List.

You may not feel that your Friends list is a big threat to your privacy, but if you keep it open, it’s easier for a malicious user to contact people who know you. For example, if someone has a grudge against you, they can go through your friends list and send your friends malicious messages about you.

Like all my other tips, this can be resolved through Facebook settings. Go into Facebook settings, click privacy and where it says “Who can see your friends list?”,  choose from the dropdown menu “Only me”.

By Mustafa Obousy

Employees are proposed to be possibly the weakest link in a business in terms of its’ security system, as they are most liable to hacking schemes – as they are usually targeted through emails and attachments which could potentially bring down the reputation of a business eventually leading to organisation failure.

A liability to the system

Employees could be considered a threat to the security system in businesses, as they are most liable to fall for hacking and phishing scams, which substantially are distributed through emails containing vast links or attachments. Although workers have been proven to be a great asset, they can also be deemed a liability due to the loosely affiliated cybercriminals that have made a business off of scamming individuals – thus the amount of data breaches has been exponentially increasing over the years, as in 2017 there have been 1,000 data breaches – compromising just under 2 billion records compared to only 784 data breaches in 2016 (Ismail, 2018), by 2019 the number of data breaches had expanded to 5,134 (Henriquez, 2019).

Hacking and Phishing scams

Phishing scams are essentially a fraudulent method of obtaining information such as account credentials and credit details through disguising themselves as a trusted entity over electronic communication, hence with the use of employee information the hacker can get into the users’ network and hence possibly sabotage the system. There has been an upsurge in scams over the years – whom certain individuals have made a profit out of vulnerable users – with the rise of the internet in recent times this has become more common. The most common types of phishing methods are spearfishing and whaling. Both including manipulating user information. Whaling includes targeting anyone in an organisation, and harpooning their information – if this attack is proven successful then they can conduct CEO fraud – this is when they can abuse the compromised email account to authorise fraudulent wire transfers to the institution. In spearfishing, this includes impersonating your target user including his name and address, subsequently to expedient the victim into clicking on a malicious URL or attachment to hand over potential data for the company – this can lead to a sabotage of the system or the theft of intellectual property or money.

How to protect your employee

An employee has the potential to be a security asset to a company, however, some tools are needed to be obtained to protect your company and fight cybercrimes. Thus, the employee must receive training to detect emails to preserve the organisation from malicious software; such as, carrying out authorised penetration testing which can be used to help alert the user for potential threats and how to spot them, authorised penetration testing include an attack assessment, in which a penetrator sends a genuine phishing email impersonating a well-known social media company, using their name, email etc. – the email is designed to impersonate the trusted corporation or third party, the targeted phishing user must observe whether or not this is a genuine email or a phishing attempt. Emails with malicious intentions usually have inaccurate domain names, typos in their email/username; such as misused capital letters or full stops when unnecessary, which is rarely done by professional companies (King, 2019 ). However, if there are further suspicions of authenticity- you can detect phishing attempts within the email by identifying dodgy links, or you will receive threats to spur you into action, such as threatening to close your account or ban you if you do not click on the link provided.

Security systems impact on business

The breaching of a security system can compromise a business – bringing up issues such as business disruption and reputation damage, potentially damaging an organisation significantly. Business disruption is an innovation creating a new market and value network which eventually disrupts the current market and network and hence a possible displacing of current brands, firms and alliances. This is a problem for the business as different types of disruption requires different types of strategic approaches. Thus if we handle this incorrectly, such as a failure of integrating insights from subsequent research the manager may use the wrong tools for the problem, thus reducing the success chances. The failure to sort out business disruption could bring up issues such as reputation damage. Reputation damage is essentially how a business responds to a disruption, it is important to respond to disruption appropriately to protect the reputation of the business and avoid damage to your organisation. This may include a loss of customers or products and services – To circumvent this, you could provide extra protection to your cybersecurity system such as to educate your employee on cybersecurity practices and constantly update your security system. Further methods to deal with reputation risk is to have a plan when disruption takes place – to meet a requirement, such as how to deal with your employee and changes to made to a business, with intentions to prevent further damage to the organisation and prevent encompassing the risk of organisation failure.

However, despite the drawbacks of the employee towards a company, they do also make an important asset in business – hence, to maintain company security they would have to undergo further staff training to protect themselves from phishing, as these scams could endanger the company and its assets.

Henriquez, M. (2019). The Top 12 Data Breaches of 2019.

Ismail, N. (2018). Why Employees are a Businesses Weakest Link.

By Atul Periwal.

Women play a key role in transformative cultural, environmental and social changes essential for sustainable development. Occupying a critical function, any mistreatment or subjugation of her reputation was seen as disrespectful, not just to her but to society as a whole. Yet the same doesn’t seem to be the case a few millenniums later. 

Whereas the world is struggling with the COVID-19 pandemic, it is evident that the expansion of the internet and the growing number of internet users have somewhere directly contributed to the increase in cyber space crime against women. Cyber crime is a criminal offence where the computer, computer network or networked device is being targeted or used as a tool to commit any offence. Cybercrime is often perpetrated but not always by cybercriminals or hackers who want to make money. Cybercrime can be carried out by individuals or organizations. If we speak about prosecuting these offenders, we have various cyber crime laws and even though they are backed by several other legislation, they do not have a clear mechanism to deal effectively with cybercrimes against women. 

Cyber crimes against women: Classification 

1. Harassment via E-mail – Harassment through email involves blackmailing, intimidating and persistent sending of anonymous identities of love letters or daily sending of humiliating mails. 

2. Cyber stalking: Stalkers are encouraged by the privacy provided by the Internet. Criminals can be on the other side of the earth, or a neighbour next door, or a relative close by! It includes tracking the movements of a person over the Internet by posting messages on the victim’s frequently visited bulletin boards, attempting to enter the victim’s visited chat rooms, continuously inundating the perpetrator with emails, etc. The stalker aims to inflict emotional harm in general and has no clear motive for his communications. 

3. Cyber pornography: It refers to sexually explicit material being circulated, made, edited, published or posted. 

4. Cyber defamation: Also known as cyber smearing, can be understood as a deliberate violation of the right to ‘another person’s good name. ‘Cyber Defamation takes place with the aid of computers and/or the Internet. Because of its speedy existence, it is deemed more of a hazard. 

5. Cyber grooming: Cyber grooming is when a person develops an online relationship with a new person and bribes or forces him/her into sexual acting. 

6. Cyber bullying: A type of abuse or abuse caused by the use of electronic or communication devices such as computers, cell phones, laptops, etc. 

Separation of some types of cyber crimes is very difficult because constituent acts involving one type can correlate with actions involving another type. However, the following guidelines are applicable when we address cybercrimes against women.

Criminal Offence Provision (India, UK, USA) 
Harassment –       Section 354A of the Indian Penal Code, 1860  –       Harassment Act 1997  –       The Civil Rights Act of 1964    
Cyber Stalking –       Section 354D of the Indian Penal Code, 1860  –       Harassment Act 1997  –        Violence Against Women Act 
Child pornography –       Section 67B of the Information Technology Act, 2000  –       2003 Communications Act  –       Section 2251 of Title 18 of the United States 
Defamation –       Section 499 of the Indian Penal Code, 1860  –       Defamation Act 2013  –       Section 230 of the Communications Decency Act of 1996 
Cyber grooming –       Section 67B(c) of Information Technology Act, 2008  –        s.15A of the Sexual Offences Act 2003  –        18 U.S.C. § 2422 
Cyber bullying –       354A and 354D of Indian Penal Code  –        Harassment Act 1997  –         

Did COVID-19 worsen the situation for women? 

Cyber crime is more horrific and devastating for women than men according to a Pew Research Centre survey in the US. The increased prevalence of cybercrimes toward women is not an issue for a particular country. A study of more than 9000 German Internet users (between the ages of 10 and 15) revealed that women are particularly susceptible than men to cybercrimes such as online sexual harassment and cyber stalking. According to the survey, women between the ages of 18 and 24 experience cyber-harassment disproportionately. It is assumed that the average screen time has grown dramatically with work from home and being restricted to limited physical space. Besides, the CSC e-Governance Services observed an increase in internet services use from 2.7 TB (March 10) to 4.7 TB (March 30) respectively. 


–       Encourage women to consider cyber security as a discipline, and our school system will deliver the educational process from middle school at least. 

–       Conducting qualitative and quantitative research to recognize victims’ issues and recommend suitable solutions. 

–       Formulation and enforcement of a policy to avoid the exposure of the identity of the victims in these cases. 

–       Give them the experience: hire a female intern. 

–       Scholarships and role models for women in this field. 

–       Render constructive discrimination by consciously hiring. 

–       Leverage the role models of women leaders and those coming into cyber security today.

By Atul Periwal.

You might be thinking of how a wallpaper can be a medium of malware? There might be an error but no, a wallpaper on android phone can be used as a medium of malware to crash your android mobile phone.

The image above, which can be directly downloaded from Google images, causes certain android phones to crash.

What is malware?

Before I explain to you about wallpaper as a medium of malware, I will explain about malware first. So basically malware is a paragliding word for malware that includes viruses, Trojan, ransomware, keyloggers, spyware, adware, worms, and so on. The exact motive can differ depending on the specific malware. The mutual interest among all of them is that they are all created with the goal of d and destruction.

Malware Wallpaper: What is it?

A member of Twitter i.e. Ice universe issued a warning on Twitter which states, “Never set this picture as wallpaper, especially for Samsung mobile phone users! It will cause your phone to crash! Don’t try it! If someone sends you this picture, please ignore it.”

When you download this image and set is as a wallpaper, an android phones tend to crash that make us to assume the maker of an image can have malicious intent. While some mobile phones after the crash can be rebooted and used in safe mode, some mobile phones can’t be recover. In such a scenario, it is natural to think that the picture has inserted some code that has caused the phone to crash.

To create this, the attacker has used the method called steganography. Using steganography, an attacker can insert malicious code in image and can send the image through different forms. Once the image is downloaded and opened, malicious code will automatically run on the device and perform its actions.

Malware Wallpaper: Causes

The investigation took place for this image and it was found that the image color changed when it was uploaded to Weibo. After the further investigation, they looked into the metadata of the image and discovered that Google Skia has a peculiar ICC colour profile-E3CADAB7BD3DE5E3436874D2A9DEE126. The investigation lead to the following:-

            Dimension: 1440 * 2560

            Colour space: RGB

            Colour profile: Google/Skia/ E3CADAB7BD3DE5E3436874D2A9DEE126

The colour profile for some Android devices tend to trip Google Skia’s graphics engine forcing them to reboot.

Technically while attempting to load the wallpaper with the embedded color profile, ImageProcessHelper crashes from an ArrayIndexOutOfBoundsException.

When Android UI loads, the wallpaper loads which triggers another reboot. Due to that, the smartphone get stuck in a boot loop – which keep on rebooting when the wallpaper start loading.

Malware Wallpaper: Solutions

We can use a photo editor (like Photoshop) to remove the ICC color profile from the image and save the image without embedded color profile. It won’t trigger the malware, when we take a screenshot of the image and set it as a wallpaper. Another way is to use an EXIF software or app to remove the metadata from it which will also remove the colour profile. The only problem if we remove the colour profile is that it will make the image look less vivid.  


This wallpaper looks aesthetically beautiful but is it really important to download a wallpaper from an unknown sites or get it from a known or an unknown person? You might have a question as to what the problem is in transferring a picture from a known person. How would you know about the main source from where the wallpaper has been downloaded?

Don’t just get attracted to such wallpapers and download it from an unknown source. If you like to download it and set it as a wallpaper, download it from credible source like your phone company’s official Website/App. Please be safe and alert from the different methods that are used by attackers which causes harm to your digital systems as well as from Coronavirus that can harm your body system.

By Atul Periwal.

The outbreak of coronavirus (Covid-19) has halted the entire world for months and it’s not ended yet. In this pandemic as the figure of infected people is rising due to a virus, simultaneously cybercrime threats are increasing at a rapid rate. It is pointless to mention, there are thousands of examples showing how hackers are taking the advantage of current situation and exploiting people. According to statistics, it shows that the average amount of time spent on the internet has increased by 2 hours after many countries around the globe have imposed the lockdown. Not only that but work culture has also changed in this pandemic, people used to work in their firms but now they have started working from home due to which cyber threat has increased rapidly.

During the outbreak, the most serious cybercrimes that are identified include phishing, ransomware, fake news, etc. Criminals have started using innovative techniques to harm people such as creating a fake advertisement for goods and services that is not available easily or not available in discounted rates or using fake challenges that are posted on social media. Due to their selfish nature, people get excited and end up in problems.

According to statistics, cyber threat has increased by more than 500 % as compared to last year’s. According to the FBI, cybercrime occurrences seem to have jumped by as much as 300 % since the start of the coronavirus pandemic. UK’s National Cyber Security Centre had reported that coronavirus-related fraud and scams rased by 400 % in March, indicating that this is due to the rapid move to remote work. Recently, the office’s Internet Crime Complain Centre (IC3) said it receives around 3,000 and 4,000 reports a day.  To better appreciate COVID-19’s effect on customers, 9,215 adults in the United States, Canada, Colombia, Hong Kong, India, South Africa, and the United Kingdom where surveyed in the week of April 13. The result stated that approximately 3 out of 10 respondents (29%) said they were targeted by COVID-19-related cyber fraud, with Millennia’s (those between 26 and 40 years of age) being the most affected at 34%. Besides, consumers who say that their household income is being negatively affected by the COVID-19 pandemic are more likely to experience digital fraud with 32 % reporting being targeted by online COVID-19 scams compared to 22 % of people who are not financially affected.

Popular cybercrimes during this Pandemic

  1. Phishing

Phishing is a malicious effort to acquire personal information or data such as usernames, passwords, and credit card details by disguising yourself in an online message as a trusted person. According to statistics, phishing has increased by more than 600% in the pandemic time.

According to Computer Misuse Act 1990 (in police and justice act) and Fraud Act 2006 in the UK, it states that if phishing and another form of cybercrimes take place, the attacker has to pay compensation to the victim and up to 10 years of imprisonment. The Anti-Phishing Act of 2004 and the Anti-Phishing Act of 2005 would impose more stringent penalties on those convicted of phishing.

Examples of phishing crime taking place during the pandemic:- Netflix and Amazon Prime fraud states that you get a free subscription. Users have to add their bank details on these movies and series streaming apps but are unaware of the background process that’s taking place.

Typical phishing or smishing message.

2. Malware/Ransomware

Software primarily designed to disrupt, damage or gain unauthorized access to your computer network. That software can be ransomware, viruses, Trojan horse, worm, spyware, adware, etc. COVID-19 is used in several malicious campaigns including spam mail, BEC, malware, ransomware, and malicious domains. While the number of those infected continues to grow by thousands, promotions often increase that use the disease as a lure. According to the statistics, the ransomware attack has been spiked by 148% in this pandemic. 

The attacker took advantage of COVID-19 and created a lot of ransomware namely being COVID-19 Tracker among the few.Once the system is attacked by the ransomware, the attacker asks for a ransom of $100 in bitcoins within 48 hours and failing to do so while result in loss of personal data and information and shared on the social media platform. Another malware called AZOrult was found to be concealed inside a downloadable program for monitoring Coronavirus. It is a Trojan horse and aims at stealing usernames, passwords, and other sensitive data.

3. Fake news

Fake news is a problem not for months but years and its increasing gradually in this pandemic. Attackers are taking advantage of the current situation and bringing out false information and sharing that information on social media. Posting information on social media is easy but controlling them is very difficult. One of the fake news that came out stated that WHO requires funds for COVID-19 and donate in bitcoins. When investigation took place for this news it came out that WHO doesn’t have any bitcoin account. It’s not only fake news but also a scam. The attacker uses to send the link in message and opening that link will display the exact copy of WHO’s website and will ask for a donation which goes to the attacker.

Using current events to scam


These days about COVID-19 a multitude of scams and phishing campaigns are being carried out to target the general public at massive scale. It is important as an end-user to be aware of any potential attack. It is a fact that false information spread faster than the virus. During this pandemic, we are not only fighting against COVID-19 but also against an infodemic. Individuals and organizations need to take care of security and should take steps to protect against threats. We shouldn’t open malicious sites, links, software, etc. It is important to know why attackers ask ransom in bitcoins because tracing is very difficult and if the attackers exchanges Bitcoin into Dogecoin or Litecoin and then exchange back to bitcoins which would screw everything up making it untraceable. So please be careful while you are in a digital world especially during this period. Till then stay home, stay safe, and be careful from both viruses, one which enters your body and the other which enters your digital world

By Chloe Wood.

It has been 99 days since Boris Johnson announced to the UK that we will be going into lockdown due to Covid-19. This lockdown saw us swap our offices, to make-shift home set ups. Although lockdown rules are starting to be eased in the UK, (I’m sure we all can’t wait for a pint in the pub on the 4th), it would appear working from home is going to be our new normal, for the foreseeable future. During the pandemic, naturally our focus has been on staying safe, and protecting the NHS. However, with a 600% increase in phishing alone, a lot of us are working remotely making ourselves and our data vulnerable to cyber criminals.

So, before we get into how to protect our digital assets, let’s see why cybercrime has increased. Naturally, to work remotely we need some sort of internet connection, which of course opens a huge range of vulnerabilities. We are away from the security infrastructure of the office environment. Yes, you cannot really see the cyber security within your office but taking your device away from the office infrastructure means you no longer have the security provided by things such as firewalls and IP blacklists.

Cyber security can be hard to implement completely, even for the professionals, so this post will address the 5 common threats to remote workers and outline some simple techniques to mitigate against them.


As I mentioned before, phishing scams have skyrocketed since the end of March 2020. This includes traditional scams and the introduction of new scams exploiting our fear and worry of Coronavirus.

To mitigate against phishing, if possible, all work should only be carried out on corporate devices – especially if a Bring Your Own Device (BYOD) policy has not yet been thoroughly designed and delivered. Not only will this ensure you have the protection of the security controls implemented by your organisation, but it will help your IT guys manage this new, remote digital infrastructure the lockdown has created. This means the IT team can manage the corporate devices as normal, allowing them to monitor all activity on the network, which is vital if anything malicious starts appearing.

To really adopt a defence-in-depth approach against phishing we cannot just rely on the technical side of security, we can also use our own knowledge and education. It is so important to stay updated on what type of scams are going around, which can easily be done by visiting IT Governance “Catches of the Month”. By educating ourselves about this, we can stay alert when we go through our inbox. Alongside knowing the specific scams about at the moment, its always best practice to become suspicious of any emails asking to input sensitive data, such as your card details, no matter how legitimate the email appears. If you receive an email like that, always try and verify it before clicking on anything included in the email, such as messaging the person its claiming to be from in another way which is not email (phone call, skype message). Phishing scams play on a sense of urgency, forcing us to make quick decisions with huge consequences, so always take your time to verify the authenticity of the email. 


To ensure you are not allowing anyone unauthorised to access the network, it’s best to use an encrypted network. Now, I know this can sound quite technical, but you are probably already doing it. Most up-to-date home Wi-Fi networks provide this type of security, in the form of allowing you to set up a password to your Wi-Fi connection. Make sure you have changed your password to something different than the default one you were given. This can be done simply by logging into your router, which can be done by inputting your routers IP address (usually you can find this somewhere on your router) into the address bar of your web browser and logging in. Then go to the wireless settings tab and input your desired password in the password field. Remember it is always best practice to change passwords regularly.

As you are working remotely, it would make sense to use remote access security controls, specifically two-factor authentication. This is super easy to implement, I personally like to use the Google Authenticator app on my smartphone to generate one-time codes for all my logins.


To create an encrypted network connection that authenticates the user and encrypts data in transit between the user and the network, a Virtual Private Network (VPN) should be used. Most corporate devices should have this set up for you already, but do not worry if your organisation does not have a state-of-the-art tech team, most business routers and some small home routers have built in VPN capabilities.

The two VPN technologies you should be interested in are OpenVPN and IPsec. OpenVPN is for those of you still accessing a business router, whereas IPSec is supported by lower cost, home routers. Both technologies can be configured by logging into your router and, most often than not, clicking a few boxes.  Once you have OpenVPN configured, you should install apps on the device that will access your brand-new VPN. These can be found on the OpenVPN website, then install and configure them with the files generated while setting up OpenVPN on your router. If you are using IPSec VPN, this is usually built into most devices, so you won’t have to go through the same app installation process as OpenVPN.


With modern day laws and regulations, such as the General Data Protection Regulation (GDPR) not taking any prisoners when it comes to dishing out fines and the current economic situation not looking too great, it’s probably best we all scrub up on our data protection techniques to avoid those hefty fines.

Information leakage can be easily avoided if we take the right precautions, especially when it comes to emailing information. You should try and avoid emailing sensitive information, instead adopt the use of corporate intranet resources, perhaps a SharePoint team site, to share working files – this is also super convenient at making sure files stay up to date! Obviously, when we’re all working from home adopting a new method isn’t the ideal situation, so if using the intranet is not possible and you do have to email sensitive information make sure you apply email sensitivity classifications in your email subject.

Alongside, these preventive measures we also need to adopt detection techniques. This can be achieved by installing updated anti-malware and anti-virus software. It is always best practice to keep any software on your device updated. To do this turn on your auto-updates and regularly restart your device. I know updates often do not seem to make any different to the app, but they regularly patch against vulnerabilities found in older software versions.

STAYING SAFE DURING VIDEO CALLS I’m sure now we’re all very used to Zoom calls both for our professional and personal lives, so I don’t need to give you a run down on how easy that is to use. However, the one bit of security advice I can offer is do not share the virtual meeting URL’s on any public facing platforms, such as social media.