Now Is A Good Time to Review Your Basic Cyber Hygiene
Another well known name got added to the ever expanding list of cybercrime victims recently. Tesco can now sit alongside TalkTalk, eBay, LinkedIn and others in being compromised by an invisible enemy.
They confirmed this week that they had detected online criminal activity in 40,000 of current accounts of their Tesco Bank customers. In order to mitigate further compromises, or fraudulent activity they suspended the accounts as they had witnesses sums in excess of thousands of pounds being syphoned off.
Further investigation led to the announcement that they believed only 9,000 customers had money taken from their accounts and they refunded the £2.5million that had been taken. Their initial assessment was that the had been hit by a “a systematic & sophisticated attack” which they knew “exactly” of it’s nature.
Tesco must be praised for their swift action on this attack and have subsequently pulled in the services of the NCA (National Crime Agency) to lead an investigation. They have no also contacted the recently formed NCSC (National Cyber Security Centre) a division of GCHQ who is providing “on site assistance” in additional investigation to this attack.
Reports in the mainstream media are saying that this is the “the most serious cyber attack ever launched against a British bank” and that there are fears that this attack may have been state sponsored.
The steps that Tesco have swiftly taken one has to assume comes as the result of planning and preparation for such an attack. It’s been long known that financial organisations are a major target for cybercrime due to the potential rewards and that so many financial services organisations IT systems have been built over many years, through mergers acquisitions and are still held on legacy hardware and software that require major engineering work to secure to a level that would be impervious to compromise.
So where does this leave the consumer in all of this? It appears that they are not out of pocket and that their personal details have not been compromised, but that is not an excuse to be complacent or believe in anyway that the responsibility for cybersecurity can be left to others. We all have a role to play and we all must remain vigilant for any activity in our personal data powered world that looks unusual.
We are just on the cusp of the major holiday shopping sprees of the year where days such as ‘Cyber Monday’ and ‘Black Friday’ will no doubt set new records for the billions that are spent online. Will you track every last purchase you make? Not just through Amazon, or other trusted internet shopping destinations? But through the lesser known providers that you have found in that last minute impulse buy for the perfect holiday gift for a loved one.
I urge you to not get caught up in a buying frenzy where your credit card number is being hurled around the internet with wilful abandon. Before you start your shopping make sure that your computer, smartphone or other shopping device of choice is updated with the latest security patches. Make sure that your antivirus and anti malware solutions are up to date and if need be run them in full to check that there is no dormant issue on your devices that are just waiting to be activated by a surge of transactional activity.
It’s also advisable to consider where you are shopping from. Are you using your laptop on an unsecured public WiFi? These are hotbeds for criminals looking to obtain your personal credentials. Always secure yourself using a VPN.
If possible look to change ALL your passwords for the providers you will be buying from online. And change them before you start purchasing anything. Keep a note of the day and time your ordered something, the amount and which payment method of choice was used.
One final recommendation is that should you see any payment that looks unusual, or you can’t recall making it, then I urge you to investigate it. If it looks wrong, if it feels wrong, then it probably is. Don’t hesitate to report it to your bank or credit card company. They actually want to hear from you in such cases.
This may sound obsessive, but it’s not. It’s basic cyber hygiene to prevent you becoming a victim. If you take all these steps you will be well placed for a safe and secure holiday period. Once you get into the routine of securing yourself it will never seem overly burdensome, but in fact will make online shopping a more pleasurable activity.
Tesco has had to take steps to secure itself and you are encouraged to do the same, as they say ‘Every Little Helps’, which in these days of heightened cyber crime couldn’t be more true.