Cybersecurity Awareness Month 2023

2 October 2023

Cybersecurity Awareness Month 2023 runs throughout October and at Veritau, we’re raising awareness of cybercrime and cybersecurity issues affecting the public sector.

What is Cybersecurity?

Cybersecurity covers a wide scope, from high-level robust IT infrastructure to simpler measures relevant to all members of staff, like password security.

Councils, schools, multi-academy trusts and other public bodies can all fall victim to any type of cyberattack, including:

Whaling

A targeted type of spear phishing where the attacker targets the senior management of a company or attempts to impersonate senior management to get employees to perform an action such as providing financial details or clicking a link.

Phishing

A type of cyber-attack designed to trick the victim into revealing information to the attacker or placing malware onto the victim’s computer. This often takes the form of an email seemingly from a reputable source, but can also be carried out via social media, text, or phone call.

Spear Phishing

A more sophisticated type of phishing, where the attacker has gathered information about their target recipient e.g., their name, job title etc.

Mandate Fraud

Where the attacker will trick their target into changing details such as bank details, direct debit payments or they may even request a bank transfer. The attacker will usually pose as an organisation that their target is already familiar with.

Ransomware

Where the attacker will use a malicious software to deny access to a computer system and essentially hold the user to ‘ransom’ by demanding a sum of money is paid.

Malware

Any type of software designed to damage or disrupt a computer system, for example a virus.

Denial of service (DoS)

An attack designed to shut down or disable a computer system or network.

Hacking

Where an attacker will discover and exploit weaknesses within a computer system to gain unauthorised access.

How can you help to prevent cybercrime and protect against a cyberattack?

View our recommended measures below to help protect you and your organisation against a cyberattack.

1. Set strong passwords

Individuals are encouraged to use different passwords where possible. It is important that a strong password is used. The National Cyber Security Centre recommends that passwords are comprised of three random words. Avoid using significant dates like birthdays and predictable phrases or words such as your child or pet’s name.
The NCSC also promotes the use of multi-factor authentication, where possible.

Scroll to the bottom of this page to download our Strong Password infographic.

2. Be alert to data breaches

Be alert to data breaches and ensure you are familiar with your organisation’s procedure on what to do should a data breach occur.

If you are a customer of an organisation which has suffered a data breach, the NCSC has published detailed advice on actions you should take, you can read more here.

3. Familiarise yourself with our tips on spotting a suspicious email

Does the sender claim to be someone in a position of authority? For example, your manager at work, a government body or bank.

If the email is claiming to be from someone you know, is the email in the same style and tone as their usual emails?

Is the email prompting you to act quickly? For example, it asks you to ‘act immediately’ or provides a time limit such as ‘48 hours to respond’.

Does the content and language used cause you to feel worried or concerned? Cyber criminals often devise frightening situations or use threatening language, in the hope this will prompt a reaction. Many scams also exploit current events, so look out for any references to these.

Is the message offering something which is limited or rare to find? This may be designed to entice you to click a link or open a document to find out more. If something seems too good to be true, it usually is.

Is the email addressed to you as ‘friend’, or ‘colleague’ rather than by name? This can be a sign of a scam email. However, emails that refer to you by name can still be scams: in a spear phishing attack the attacker may have acquired these details to make their email seem more authentic.

Look for any inconsistencies such as spelling or grammatical errors and formatting changes such as font, logos and headings which do not look quite right.

Remember to never…

• Assume that a request is safe purely because it is branded correctly, or a colleague trusts the source.
• Allow yourself to be pressured into bypassing agreed verification processes or internal controls.
• Never click on any links or attachments contained in a suspicious email, or from an unknown sender.

4. Log out and store your device securely

Remember to log out of systems when they are not in use, particularly when working remotely. Devices should be stored securely when not in use.

5. Complete regular backups of important systems

We recommend regularly completing backups of all your organisation’s important systems. Routine testing should take place to ensure that the backups work in practice.

In the event of a cyber-attack, backups are crucial to restoring systems and limiting impact on an organisation’s day-to-day operation.

Further support

For more information about cybersecurity, contact your IT team, or visit the NCSC website.

If you have suspicions of fraud affecting the council, call our team on 0800 9179 247 or email [email protected].

If your organisation doesn’t receive counter fraud services from Veritau, please contact us for more information. We can support you with prevention, through providing policies, frameworks and fraud awareness training – or we can investigate matters as they arise.

Download our Protecting Against Cybercrime poster