Working to support the regional communication from online crime
Detective Inspector Steve Leach, NEBRC,
I was contacted recently by a hairdresser wanting to understand how a cyber security program could help them. Does cyber security really apply to hair?
The short answer is, yes.
Forget the phrase cyber-security for a minute (the more I hear it, the less I like it…) and instead think ‘security’ or ‘crime prevention’ and ask the question again. And if you’re still not convinced, think in terms of reducing the chance of theft and criminal damage - because that’s what we’re really talking about when it comes to cyber-crime. So, the real question to ask yourself is, as a business owner / manager are you interested in reducing your chances of being a victim of theft of criminal damage… and of course the answer is, yes.
This hair salon itself is physically situated among a row of shops on a high street in a local town, benefitting from a gated carpark to the side, which customers can use, free of charge. At the back of the building is a well-lit and secure fire-escape door, that can only be opened from the inside. The front of the salon is also well lit, displaying an alarm box and roller shutters that are pulled down and secured when closed.
As an overview, security looks good. The area looks and feels relatively safe, and customers only have a very short walk if using the free carpark. Plus, there is a bus stop 100 yards away: close enough to be used, and far enough away as to not be a problem.
As a customer we can see and get a sense of how secure the salon is, and how safe you feel using it. Clean, well-lit and easily accessed all help to make this feel secure, and all our senses tell us this.
Indeed, the owner can take a step back and look at the security of the salon in comparison to its neighbours and neighbourhood and get a sense that they have things covered. They have some understanding of who may target the business from a theft and damage perspective and have taken steps to reduce this chance. They are as happy as they can be, and ensure they empty the till each evening.
The owner of this salon runs their business as a sole-trader, advertises online and rents out a couple of chairs. Most bookings are taken over the phone with customer details being taken and entered into a computer, which helps to manage who see how. They also let customers email to arrange bookings, or even send pictures in of what cut and colours they like. The owner can manage these bookings on their mobile phone when not at the salon. It’s a pretty standard and fairly straight-forward customer focused approach.
But as a customer how secure does it look now? What happens with the information you give to them? For example, your name, email number, phone number, payment details, the information around the times you are not at home etc? Do you know? Do you really care?
And as the owner do you understand what your ‘online’ neighbourhood look like? Who is next to you, website wise? Who is in this online neighbourhood? Who is likely to try and break in? What do they want? How do they do it? When do they do it? What are the steps you can take to reduce the chance of being subject to crime?
Quite often physical security understanding is built into us by utilising our senses, experience learned or passed down, or just simple instinct. But where do we start with online? What do we need to do and how do we understand what to do?
In this particular case, we started with passwords – how to create them, how to use them (once only!) and how to remember and store them. The owner had a favourite password that they changed a bit but used over and over again. They realised their 10-year-old son knew it as it was the Netflix account, but that was ok as the son promised not to tell anyone…
We talked this through together. You wouldn’t have one key to unlock the shop, shutter, backdoor, carpark gate, house, garage etc. And if you did. you wouldn’t give this key to your 10-year-old son and make him promise to keep it safe too. So why do it with a password?
Password reuse is a well exploited opportunity by criminals. Even better if it is a common one, or one that can be worked out as it is made up of something personal to you - your kid’s name, pet, favourite place etc. Maybe you are a bit smarter have introduced numbers or characters such as !, @ or $ perhaps?
As a team we have worked with this salon owner to explain the merits of stronger passwords. In this instance we suggested basing this around Three random words (NCSC advice SOURCE WEBSITE) and using a password manager.
Have one password for each log on you need, and store these safely and securely in a password manager. Also, enabling two factor authentication (2FA) where possible – as annoying as this can be, those texts do come through almost instantaneously now.
It didn’t take that long to set up – a few hours on a Sunday morning. However, time did pass quickly when they realised the same password was associated with same email over 70 times. And the realisation that they were making themselves significantly more secure made the task oddly enjoyable!
In this particular case we also reviewed what steps they had in place around the website, customer data, backups, phishing etc and what other steps that could be taken to reduce the risk further. However, the password change and understanding why, became the game changer.
Don’t sit and wait for criminals to find you.
Speak to us today about the necessary security for your business and an understanding of how we can help. Email our team of online security experts at firstname.lastname@example.org