It is something that we often hear about but we can feel just happens to someone else; or just to glamorous, global businesses which are a million miles away from our own everyday lives.


But the reality is that there are two types of people in this world; people who have lost data and people who will lose data, through cyber-attacks.


In this modern cyber-jungle we live in, a hidden scammer or a hacker looking in on your network, is highly likely to target you, your family and/or your business, or someone you know or work with, compromising your own data by association.


This could be through your mobile, your children’s computer games, via laptops, emails, social media channels, dating sites or via pop-up ads or links to fake, copycat websites.


The more unsecured devices you have around the home - known as the Internet of Things (IoT) - from your virtual personal assistant to your CCTV, the more open you are to attack.


We obviously don’t want to become a victim of cyber-crime.


However, as technology gets more advanced and encroaches on almost every aspect of our lives, from work to play, the likelihood of us being duped increases.


As the Covid19 global recession looms large, we are highly likely to have some sort of data breach, with its severity depending on how robust our whole security network is.


While many of the more astute companies have cyber insurance, even they may not realise that they won’t be covered unless they have strict stipulations about what they do, or don’t have, in terms of technology back ups.


For instance, what would happen if you walked into your office one Monday morning to discover all the screens are down, you are locked out from your own passwords and you do not know how to get your computer system up and running again?


In order to protect yourself from that horrible sinking feeling as watching your precious business assets getting sucked away from you before your eyes and into the control of an unknown hacker -who could be anyone, anywhere - you will need to have in place a tried-and-tested Disaster Recovery Plan in place to protect your business and personnel.


This could work in the same way as a Fire Escape Plan would. In a Fire Drill, you protect everyone in your home and/or business by fitting alarms and fire extinguishers and knowing where to direct all your staff to know they are safe from the flames and to make sure that they know how to get to safety in the fastest and most efficient way.


A Disaster Recovery Plan works in a similar way for cyber-security defences.


If a cyber-criminal switched off your whole company, how long would it take to get it up and running again?


Questions you need to ask yourself include:

Are your Sales and Production areas separate?

Is all your equipment up to spec?


Suppliers in particular, need to have the confidence that you won’t go under if you suffer a cyber-attack because they could well be dragged down with you.


If Sales and Production are not separate, if one area of your business goes down, they all go down.


For example, if you use a metal lathe in a production line, with access to the internet on the main network, with an old version of Windows, with no patches, your whole system is vulnerable to an attack.


Or if you have a VoIP - Voice over Internet Protocol – you may need to get a telecoms expert to make sure that someone doesn’t call in using an old, unchanged password.


By taking a number of simple but important steps, you will be far more prepared to deal with cyber-crime and to fend it off.




Detective Constable Gareth Jordan has been a police officer for 13 years and prior to that, was employed in the IT and Pre-Press and Print sector.

Gareth is now based at Police HQ in Carmarthen and has been involved in investigating all forms of crime that have a cyber-element to them.

He has a wealth of knowledge regarding Cyber Security and continues to expand this (delete knowledge) by being involved in the day-to-day investigation of cyber-based crimes.

Gareth knows about the latest cyber scams and can explain how they are carried out – and more importantly – how you can avoid falling foul of them.


#TARiANEXPERTiSE #cybersecurity #cyberwatch

8 views

Dyfed Powys Police Economic Crime Team have become aware of a new Covid Vaccine scam.


Detective Constable Gareth Jordan, from the Cyber Crime Unit, says that in the latest variant of the scam, the victim receives an email that they are on the Covid vaccination list and they need to select whether they do or don’t want the injection.


Either choice will take the victim to a site where they will be requested to enter personal/financial data, such as bank account details, card numbers, Driving licence ID, on the pretext that the site is checking their validity.


But the site is doing exactly the opposite; it is taking their details so they can be used for more direct ‘spear phishing’ or to utilise the details for ID theft and also financial fraud.


A simple check of the URL will show that this is a scam – but too many people don’t check.

In the example below, at first glance the email appears to come from [noreply@nhs.gov.uk].


If you hover over the reply email address – the real return address can be seen.


The NHS are not sending these emails out – it is a scam.


Stop: Take a moment to think before parting with your money or information - it could keep you safe.


Challenge: Could it be fake? It’s ok to reject, refuse or ignore any requests. Only criminals will try to rush or panic you.


Protect: Contact your bank immediately if you think you’ve fallen victim to a scam and report it to the Police.


Report suspicious emails to: report@phishing.gov.uk.


You can also report suspicious texts by forwarding the original message to 7726, which spells SPAM on your keypad. The police, or your bank, will never ask you to withdraw money or transfer it to a different account. They will also never ask you to reveal your full banking password or PIN.


Do not click on links or attachments in unexpected or suspicious texts or emails. Confirm requests are genuine by using a known number or email address to contact organisations directly.


Report to Dyfed Powys Police: https://www.dyfed-powys.police.uk/en/contact-us/report-an-incident/


Or call 101.




Detective Constable Gareth Jordan has been a police officer for 13 years and prior to that, was employed in the IT and Pre-Press and Print sector.

Gareth is now based at Police HQ in Carmarthen and has been involved in investigating all forms of crime that have a cyber-element to them.

He has a wealth of knowledge regarding Cyber Security and continues to expand this (delete knowledge) by being involved in the day-to-day investigation of cyber-based crimes.

Gareth knows about the latest cyber scams and can explain how they are carried out – and more importantly – how you can avoid falling foul of them.


#TARiANEXPERTiSE #cybersecurity #cyberwatch

3 views

It doesn’t matter how big or small – all businesses need to look at their own staff and where the entrances could be for cyber-criminals using social engineering.



All of this may sound a little bit like James Bond but unfortunately, we don’t always know where the cyber-criminals are these days; they could be ‘sitting on your software’ or sitting on a sofa in the coffee shop across the road, trying to steal your company’s secrets or data.


The easiest way into a company these days is via a computer system, rather than the front door.


And it is people who are the most breakable aspect of any kind of computer network.


Social engineering is a process where hackers use psychology more than any kind of

software or code to gain access to your network through your staff.


Phishing, where you get a fake email or a hook, Vishing which is purely voice phishing and Smishing from an SMS text, are all part of what we call social engineering.


Social engineering is one of the areas that we can all fall foul of so easily because we are humans and as such, we like to trust people.


But it has always been said that a criminal only has to be lucky once, whereas we have to be on our guard 100 per cent of the time.


Social engineering will often start with a simple phonecall.


So the first point of entry into your company is likely to be the person who answers the phone and who is in charge of fielding the calls at the very first point of contact.


If you have a receptionist, do they know about Phishing, Vishing and Smishing?


Receptionists are key access points to companies a lot of the time.


Does your receptionist have good cyber-knowledge?


Do they know how people socially engineer?


Sales people are quite gregarious and tend to talk to anybody. Have you gone through cyber-security with them?


How do they protect themselves and their passwords on screens when they are with clients?


Do they know that they shouldn’t be seen typing their password into a keyboard?


If you are in an internet café, someone could be shoulder-surfing you as you type in your password.


Is that password generic to everyone in the company? All of these things need to be looked at.


Social engineering criminals do their research. They will most likely visit a website, route through your contacts and might even have the nerve to visit your company, so we all need to raise our level of skepticism.


Dating Sites – there is nothing wrong with them, but make sure staff are aware of the dangers of leaving those sites to continue conversations, and also be careful what information and pictures they exchange. Many criminals use these sites as a first contact point to gain access to someone’s heart, using fake profile pictures and details. They then go on to use the ‘trust’ they have built up to gain personal and business details that may be sold to others, or used to blackmail them. Often, criminals may take weeks and months building up the pretense to become a ‘trusted’ friend. They may look to gain some form of hold over the victim by exchanging nude pictures that can later be used to blackmail that employee.


The ABC of policing is: accept nothing, believe nothing challenge everything.


By challenging things, you will filter out these criminals; ask them questions, ask them to email you something from their company and to prove they are who they say they are.


Nowadays, we have to assume that people will be pretending to be someone else.


They could even meet you in the pub and gain information about you and your habits.


Do your staff know what information they are sharing on social media, and who can see it? What are their privacy settings and is there a company policy surrounding the use of social media?


Do they know how to lock their accounts down on Facebook and Instagram to make sure other people can’t see everything about them?


If I was a criminal wanting to break into a building, I would find out where the weak points are, just like someone trying to break into a building looking for the weakest point to break in.


What if the criminal places a USB stick in the car park, loaded with malware? How many of your employees would pick it up, load it into the works PC to see who it belonged to – or have a good nose around to see what was on it? By the time they realise there was malware on it, your network could already be infected. What is your company policy on USB sticks and external devices in general?


Who is disgruntled with the company and doesn’t like it who might have left but still has access privileges?


When someone leaves a company, how quickly do they become unable to get onto their account?


Do your employees know when a colleague leaves the company – so they know not to allow them access back onto the network?


Is it immediately? Is it two months? Does your company have people who left your company years ago, who could, if they wanted to, log back onto your systems?


If that is the case, you need to address it now!




Detective Constable Gareth Jordan has been a police officer for 13 years and prior to that, was employed in the IT and Pre-Press and Print sector.

Gareth is now based at Police HQ in Carmarthen and has been involved in investigating all forms of crime that have a cyber-element to them.

He has a wealth of knowledge regarding Cyber Security and continues to expand this (delete knowledge) by being involved in the day-to-day investigation of cyber-based crimes.

Gareth knows about the latest cyber scams and can explain how they are carried out – and more importantly – how you can avoid falling foul of them.


#TARiANEXPERTiSE #cybersecurity #cyberwatch

3 views
© 2021 Tarian Technology Limited
Company Number: 11248922
Registered Office Address: 4 Ravenscroft Court, Buttington Cross, Welshpool, Powys, SY21 8SL, Wales