A daily nightmare for us all, whether as an individual or in business, is the prospect of having our email or computer hacked and then locked-down and frozen. Most of us will have experienced this or we will know someone who has. The hacking is very often followed by blackmail in the form of a ransom note. Here, we hope to help those of you who are worried about on-line hackers. While this is extraordinarily distracting and distressing, there are ways you can protect yourself.
As technology changes and becomes more and more complex, this problem increases. The attack is often on-line, through the very technology we rely on daily. It may be through the use of APPS that spy on us, or even seize control of our data and that data may be on our website, our mobile phone or our social media sites.
These hackers are bullies.
Their objective is to control you or your business and then hold you to ransom. Receiving an email that purports to know what you are doing and what sites you visit (even those you would not ordinarily dream of looking at) can be very distressing. These hackers sound convincing. Some even claim to have captured images of you that might cause you embarrassment if uploaded to an online forum.
Don’t be fooled. These emails are not personal. They are sent out by the millions probably, in the hope that someone responds to the hacker and attempts to reason with them. These are not reasonable people. You cannot reason with them. All you will achieve by engaging is to place yourself at greater risk. Increasingly, we hear about cyber-attacks on entire businesses and Corporations and even Government. It’s not just individuals and small businesses that are targeted.
Our NHS, for example, suffered an attack over recent years due to a device called Ransomware. Simply, they were targeted by international cyber criminals. Computers were hacked right across the NHS, UK wide. Surgeries had to be postponed, patients referred and Ambulances diverted. The public were concerned about breaches of confidentiality. Through gritted-teeth the NHS assured the public that “Urgent patient care had not been compromised” but how could they possibly know the magnitude of the problem at that stage. Was patient confidentiality jeopardised? Probably not, since very often the hackers cannot actually access the data which they claim they have frozen and captured. Was patient data encrypted or lost forever? Absolutely yes. Lost medical data may have resulted in lost lives.
A recent trend emerging, it seems, involves the simple uploading of an APP called Spyware which may be purchased for a cost equivalent to just one cup of coffee per day. It’s easy to upload to a mobile or computer and ‘hey presto’ the bully is in complete control. Where this happens in the workplace it is up to the employer to investigate and manage the behaviour. This will no doubt be a nightmare for the most skilled of managers, even those with an appreciation for employment law and Corporate Risk.
If you are cyberbullied by someone you know, there is a lot you can do. There is an Act in the UK called The Malicious Communications Act. Fortunately, the easiest form of bullying to prove is cyberbullying, particularly where you have explicit evidence and know who is responsible. Anyone who bullies you on-line is taking a huge risk. In cases, where you both know the perpetrator and know where they live, you can prosecute. Potential penalties includes imprisonment if the case is proven. But generally, have we not seen this coming for some time as technology increasingly controls and rules our lives.
Hackers are bullies. They want to control you. We are all potential targets, from a one man-consultancy to the UK-wide or even International Corporation. These criminals will attack if they can. Be under no misunderstanding, hacking and blackmail is a crime.
The objective ultimately results in an attempt to blackmail the recipient. The hackers don’t care who you are. They ask for money for return of your business or data. The truth is, the hacker probably does not have the level of control they claim they have and if they do, you will never see your data again and the blackmailing will escalate. If you attempt to engage with the hacker, or offer them money, they have won. After you have met their demands and forwarded them money, they tap into your bank account and then demand more money. By this point, they will know who you are, where you are and how to reach you.
So, what do we do if we receive that ‘Oops email..’ followed by a freezing of all data and a ransom note. We know this is a cause of significant frustration and cost to our business but we can do something about it. As technology changes, these cyber bullies become more cyber-savvy. We need to be cyber-savvy too. They are clever – or they think they are clever. We need to be even more clever. Risk to industry will increase tenfold as we rely more and more on technology, so we have to safeguard ourselves. If you were worried today about ‘Big Brother’ monitoring you, you haven’t seen anything yet.
We cannot stop these ruthless individuals from attempting to hack us but we can take steps to protect ourselves. Here are just a few words of wisdom.
Take regular back-ups of your data. Whether you are working for a large employer or for yourself, do this routinely. It’s common-sense and good housekeeping.
Password protect confidential documents.
Password protect your laptop and computer.
Change your passwords regularly. Don’t share your passwords with others.
Ensure your website is an https secure site. This provides an extra layer of security for you and your clients.
Always have an anti-virus package working on your website and in Outlook.
If you are worried about your email account, go to the email provider and log into your account and change the password. You can do this through a password re-set option and if you have forgotten your password, you can click and re-set it with a fresh password.
Ensure your passwords are strong and lengthy. Use multiple cases, numbers and special characters. Avoid real words. Make sure you remember your password.
Remember to change passwords for your social media sites such as Facebook, Twitter, Amazon and/or other on-line shopping sites. Do this routinely.
Check your inbox and trash files for emails for ‘password reset messages’ that have not been instigated by you. This could be a hacker. Do not reply but permanently delete those messages.
Some hackers will use your email account in order to hack your contacts. They then use your email address to send spam emails to your friends and family hoping to trick your contacts into thinking you need help. It is difficult to ascertain whether your email has been abused in this way but a quick check of your sent messages, or your inbox, for dodgy replies - will help you identify whether you are being targeted and by whom. In most cases your family and friends will tell you if they have a concern. Reassure them that the bogus message was not from you. Urge them to destroy it and then change their own passwords.
Make sure you can access your email and website from Outlook and associated Apps. Change any compromised password on those Apps too. Often, we overlook this.
If you suspect a potential data breach and need to report it to a third-party, such as a client or employer, do so immediately. You have an obligation to declare potential data breaches. You may need insurance and you may need to register with the Information Commissioner (ICO).
Once you have re-set your computer, change your passwords immediately. Do not use the same password twice. The longer and stronger the password, the better.
As said above, back up your data regularly onto a stick or disk which is kept off-line and very separate from your computer. If your computer is hacked and/or frozen, take it back to factory settings and start again. You will, hopefully, have an independent copy of your client files and valuable documents. Include your Word document and Outlook. You will be inconvenienced for a short while, but hopefully that is all. Remember, these hackers are highly unlikely to actually hold the data that was on your computer.
Without doubt we have seen nothing yet. Whether it is a giant cyber attacker or an individual working through an APP, whether it is a small employer or a national public sector body, the principles are the same. These crooks will use any technology platform they can to bully, abuse and blackmail.
The hackers do not discriminate. Given opportunity they will target our Parliament, utility providers, small or large organisations worldwide, including Google and even Mark Zuckerberg. Future risk of hacking and spying across industry, worldwide, is frankly probably beyond the comprehension of most of us today.
Stay safe in cyber-space.