staying safe online - avivastaying safe online introduction as the threat of coronavirus continues...
TRANSCRIPT
Staying Safe Online
Contents02 Introduction
03-04 Phishing
05-06 Keeping Information Safe
07 Working From Home Securely
08 Further Guidance
In response to COVID-19, many of us are adjusting our ways of working. This pack will help you keep connected and stay secure throughout these challenging times.
Staying Safe Online
Introduction
As the threat of Coronavirus continues to spread globally, it presents opportunities for cyber criminals across the world to exploit uncertainty by using phishing emails, text messages and phone calls.
The risk of individuals falling victim to COVID-19 related financial crime is significant, and the number of scams circulating is unprecedented.
More people are working from home every day, some for the first time. Criminals are exploiting this, so we’ve created this guidance to help you stay safe.
As companies are stretched, supporting and communicating with their customers, it’s easier than ever for criminals to pretend to be someone they’re not.
To illustrate the scale, thousands if not tens of thousands of COVID-19 websites and email domains are being created in support of malicious cyber activity every day.
The police have advised us that organised criminals are moving at pace into COVID-19 related fraud. With financial institutions focussed on protecting core services to customers and so many colleagues working remotely, criminals sense opportunity. Please be extra vigilant and if in doubt, call us. We are here to support you and our customers.
WHAT’S THE RISK?
WHY THIS MATTERS NOW MORE THAN EVER
ALEKSEI GORNOI, THREAT INTELLIGENCE, CISO
PETE HAZLEWOOD, GROUP FINANCIAL CRIME RISK DIRECTOR
Staying Safe Online
Fraud & Phishing Scams: Covid-19HOW DO THEY DO IT?
Plausible Email & web addresses which look credible at first glance
Emotional & time pressure
Links or attachments to click
Often arrives without context
Linked to current affairs
Often references money
KNOW THE SIGNS
Phishing relies on manipulating your emotions and overriding logic.Phishing is one of the main ways criminals will try to scam you; Google has reported that they have blocked 126 million COVID-19 relating phishing emails up to the 17th April 2020.There are also 2 other main forms: Smishing (text or SMS phishing) and Vishing (voice phishing). All of them will carry similar hallmarks.
Staying Safe Online
Fraud & Phishing Scams: Protect Yourself Report and protectHelp protect others by reporting all suspicious emails, calls and texts you receive:
Report suspicious emails at work to your security or IT team.
If you receive an Aviva-themed phishing email or scam, please report it on our new Fraud Hub.
Suspicious contact at home – report using the Action Fraud website or to the National Cyber Security Centre on [email protected]
Pause and verifyDon’t click on links or attachments in emails or texts you don’t trust.
Find official guidance by visiting an organisation’s website via a Google search.
If you suspect a caller isn’t who they say they are, hang up the phone and call them back using a number you trust.
SpotCriminals actively use emails, texts, phone calls, messenger apps (e.g. WhatsApp) and social media to trick people.
Look out for suspicious contact across all of these channels, at home and at work. You could be asked to:
Make a payment, amend or confirm bank details.
Click links.
Often they will use emotion and time pressure to make you act quickly. Ask yourself if the context makes sense.
Action Fraud and the National Cyber Security Centre (NCSC) have a lot of up to date information on phishing and other
associated scams, and advice on how to deal with the different types of threats.
Stay up to date
Keeping Your Information Safe
Don’t send any sensitive information to your personal email account (customer information or payment information for example); security on your personal device may not be as strong as your organisation’s.
If you’re transferring information digitally, use company-approved services rather than sourcing options yourself. If you’re working on your own, the NCSC provides good guidance around 3rd party applications to help you make decisions. You can also ask clients to change details on their policies themselves via MyAviva to limit transfer of sensitive information.
Personal email restrictions
Transferring information
Avoid creating physical copies of documents containing sensitive data, they are easier to steal or lose. If you need to write down notes, consider using an electric notepad on corporate devices. Don’t write down customer or employee personal data on paper
Handling physical copies & writing
Staying Safe Online
Keeping Your Information Safe
Where possible, use your organisation’s approved messaging apps to stay in touch with your colleagues and clients. Often your security or IT teams will be able to advise which are approved for your business. You can also check NCSC guidance on 3rd party applications if you don’t have IT or security teams.
Using approved apps
As our homes are becoming increasingly interconnected, it’s important that other devices that are on our “Internet of Things”- like Smart Speakers, Smart Fridges and Smart Doorbells- are equally secure as our computers and laptops. The NCSC has published some excellent Internet of things guidelines on Smart Devices:
Check the default settings- make sure any default password, usually set to something like ‘0000’ are updated with a secure password. The NCSC has some great guidance for creating strong passwords.
Managing your account- Some products can be controlled when you’re away from your home Wi-Fi, by creating an online account linked to your device. This makes it easier for malicious actors to access your devices, so setting up multi-factor authentication (MFA) (like getting a 1 time passcode sent to your mobile phone) will help prevent unauthorised access.
Keeping your device updated- patching is crucial- make sure software is kept up to date, so that any weaknesses in previous software versions aren’t exploited by criminals on your device.
Internet of Things
Staying Safe Online
Staying Safe Online
Working From Home SecurelyKeep devices up to date by installing software / app updates.
Laptops should be shut down at the end of every day.
Be careful what you post on social media, and avoid taking photos that may mistakenly include sensitive work info.
Your work devices could be used to access lots of sensitive data. Make sure you are the only person who can access it.
If your work device is lost or stolen, report it immediately.
Prevent unauthorised users from accessing your
accounts when you’re working at home:
Strong and unique passwords make it harder for criminals to access your account.
Make sure your Wi-Fi is only accessible to your family, and is password protected.
At all times - lock your screen if you need to temporarily step away from your device.
Further GuidanceNational Cyber Security CentreHelping to make the UK the safest place to live and work online. They most critical organisations in the UK, the wider public sector, industry, SMEs as well as the general public.
Action FraudAction Fraud is the UK’s national reporting centre for fraud and cybercrime, where you should report fraud if you have been scammed, defrauded or experienced cyber crime in England, Wales and Northern Ireland.
Aviva’s Fraud PagesAviva’s dedicated pages for reporting Aviva-related fraud and learning about how you can keep yourself safe online.
NCSC Website
Action Fraud
Fraud Hub
Staying Safe Online
Staying Safe Online
GN63069 05/2020
Aviva Life Services UK Limited. Registered in England No 2403746. Aviva, Wellington Row, York, YO90 1WR. Authorised and regulated by the Financial Conduct Authority. Firm Reference Number 145452.
aviva.co.uk