October: Cybersecurity Awareness Month

 

 

With October being Cybersecurity Awareness Month, now seems an appropriate time to revisit some of the articles we have published on the subject. Doing so not only increases awareness of the threats posed, but also allows us to highlight once again some of the basic precautions all businesses can take to reduce the risks of a successful attack.

Cyber threats: 2021 a year of unprecedented growth

 

Back in March we took a look at what had been happening in 2021. The year showed a “meteoric rise” in the number of cyberattacks across all threat types. Not only did we consider the statistics but, more importantly, we outlined some of the steps that can be taken in order to protect your business.

In addition to looking at the different types of cyber attacks most common in 2021, we investigated how one can reduce the risk of becoming yet another cyberattack victim. Our recommendation is that a plan be devised adopting a risk based approach, prepared on the basis that (realistically) not everything can be protected. Priorities will need to be established, which can be summarised in the following steps:

1. Conduct an audit of key digital assets critical to the business
2. Assess the risks associated with those critical digital assets
3. Consider the controls and security currently in place for each potential threat
4. Highlight weaknesses and then define and implement controls to protect those assets, and after that
5. Formulate Cyber Incidence Response (CIR) plans

The threat to every organisation, regardless of size, should not be underestimated. Now more than ever, it is essential that organisations and their staff are aware of the threats and that systems and procedures are in place to protect them from damage and losses that have the potential to bring about the complete destruction of a business.

Ransomware: threats and precautions

 

Ransomware: not a subject to be treated lightly and an ever present threat. When we published this article back in September 2021, we saw in that week’s Splash247.com several Greek shipping companies, clients of Danaos Management Consultants, had fallen victim to a cyber attack over previous weekend, blocking communications and resulting in the loss of data.

In this article the focus was on ransomware, why such attacks are becoming more frequent and, importantly, what precautions can be taken to minimise the risks of losses from this particular threat.

Cyber Security Update

 

In April 2020 we noted that cyber attacks had evolved and become more frequent, unfortunately this being a trend that has continued unabated since then. At the time, many new scams were being aimed directly at individuals rather than organisations, as they were a bigger target given there was more time being spent using computers and laptops at home.

In order to reduce the risk of such cyber attacks affecting your organisation, we recommended reading our earlier articles on cyber security and, in particular, with employees being the weakest link, to revisit simple measures such as increasing awareness, managing passwords, etc. Then, if not already in place, the development of a plan to first identify risks, to assess and understand those risks, focus on the ones critical to the business, put in place controls and finally formulate a response in the event of a cyber incident.

Cyber Threats and Covid-19

One of those earlier articles was published at the start of the Covid-19 outbreak and is still very relevant now. The UK National Cyber Security Centre reported a surge in the number of phishing emails using coronavirus as a lure, where criminals were exploiting the pandemic to steal money or information. Phishing still remains high risk and, with hybrid working remaining popular, emails are still often purported to be from IT support teams, designed to encourage recipients to open attachments or links, and often claiming authentication is required to access systems from a user’s new location.

In order to protect files and devices:

1. Backup files on external hard drives or the cloud.
2. Ensure you have installed the latest software updates for apps, browsers and operating systems, changing update settings to automatic.
3. Protect devices and media with passwords that are not easy to guess (random combinations of letters, numbers and characters, different for each account etc) and never leave laptops unattended.
4. Encrypt devices that contain sensitive, personal information.
5. Make sure hardware used at home is up to the job – for example, ensuring your router offers the latest encryption methods and is protected with a strong, unique password.
6. Use two-step authentication to gain access to apps, thus providing another level of protection.
7. When sharing documents using Google Drive or Dropbox, for example, when given the choice between sharing a link or naming people use the latter.
8. Make use of software that only allows pre-defined teams access to both collaborative inboxes and associated file sharing.

and specifically for employers:

1. Understand the risks that your organisation has, both now and potential risks in the future.
2. Have in place a plan to both protect against and respond to threats, importantly a plan that has been tested.
3. Review the current controls and security in place for each potential threat.
4. Train staff and heighten awareness, especially with hybrid working, and ensure that security practices are followed from wherever they happen to be.

Email Scams: A Growing Threat

 

Just before the pandemic started we looked in particular at email scams. Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.

Make sure everyone in your organisation is aware of danger signals that should help protect against the scammer who is determined to steal from or damage your business. “Be vigilant at all times”. Examples of the danger signals include the following:

1. Whatever the lure happens to be, it often sounds too good to be true
2. There is a change in detail, such as a supplier’s bank account details
3. Emails are often badly worded
4. Misspelt email addresses and domain names
5. The “reply to” address is different to the sender’s address
6. There is often a sense of urgency involved, an apparent impending deadline, putting the recipient under pressure to respond quickly, without too much thought

Cyber security risks and their management

 

Our earliest article, and still consistently popular from October 2019, considered the different types of cyber risks that exist, the scale of the problem and the steps that can be taken to address those risks.

Phishing and the use of stolen credentials still remain the main causes of cyber breaches – essentially relying on human error. This means that in order to defend against such threats educating staff and improving their awareness of these risks has to be the first priority. As well as bringing the various forms of attack to the attention of staff, simple measures should be taken without delay, such as ensuring the use of more secure passwords that are then changed on a regular basis.

Employees remain the weakest link. Cyber security has to be a mindset, and an important part of any HR policy, the importance of which should be emphasised whenever the opportunity arises. As mentioned before, when developing a plan priorities will need to be established, which can be summarised in the following steps:

1. Audit of key digital assets critical to the business
2. Identification of risks associated with critical digital assets
3. Establishing the current controls and security in place for each potential threat
4. Highlighting weaknesses then define and implement controls to protect those assets, and
5. The development of Cyber incidence response (CIR) plans

For more detailed information and recommendations, please visit the original articles referred to above.

 
 

A few words about CompassAir


Creating solutions for the global maritime sector, CompassAir develops state of the art messaging and business application software designed to maximise ROI. Our software is used across the sector, including by Sale and Purchase brokers (S&P/SnP), Chartering brokers, Owners, Managers and Operators.

 

Through its shipping and shipbroking clients, ranging from recognised World leaders through to the smallest, most dynamic independent companies, CompassAir has a significant presence in the major maritime centres throughout Europe, the US and Asia.

 

Our flagship solution is designed to simplify collaboration for teams within and across continents, allowing access to group mailboxes at astounding speed using tools that remove the stress from handling thousands of emails a day. It can be cloud based or on premise. To find out more contact solutions@thinkcompass.io. If you are new to shipping, or just want to find out more about this exciting and challenging sector, the CompassAir Shipping Guide might prove to be an interesting read.

 

Contact us for more information or a short demonstration on how CompassAir can benefit your business, and find out how we can help your teams improve collaboration and increase productivity.