National Cyber Security Awareness Month – October 2018

Since its inception in the USA in 2004, National Cybersecurity Awareness Month aims to focus on raising awareness of cyber security threats, promote cyber security amongst companies and the general public and provide resources to protect themselves online enabled through education and sharing of good practices.

The European Cyber Security Month (ECSM) has a number of stated objectives:

  • generate general awareness about cyber security,
  • generate specific awareness on Network and Information Security (NIS),
  • promote safer use of the Internet for all users;
  • build a strong track record to raise awareness through the ECSM;
  • involve relevant stakeholders;
  • increase national media interest through the European and global dimension of the project;
  • enhance attention and interest with regard to information security through political and media coordination.

Running for the entire month there are four weekly themes:

Practice Basic Cyber Hygiene
Assist the public in establishing and maintaining daily routines, checks and general behaviour required to stay safe online.

Expand your Digital Skills and Education
Transform your skills and security know-how with the latest technologies.

Recognise Cyber Scams
Educate the general public on how to identify deceiving content in order to keep both themselves and their finances safe online.

Emerging Technologies and Privacy
Stay tech wise and safe with the latest emerging technologies.

ECSM comes against a number of reports, breaches and fines for security failings over the past few months, including:

  • On the 4th October 2018 the National Cyber Security Centre (NCSC – part of GCHQ) announces their belief that government sponsored military intelligence services of a major European country are behind indiscriminate and reckless cyber-attacks targeting political institutions, businesses, media and sport.
  • The Financial Conduct Authority (FCA) fined Tesco Bank £16.4m for security vulnerabilities that resulted in £2.26m being taken from 9,000 customers’ accounts in 2016 citing the bank’s failure to demonstrate ‘due skill, care and diligence’ in protecting personal current account holders.
  • In September 2018, Facebook acknowledged that hackers had gained access to nearly 50m Facebook accounts giving them the ability to take over user’s accounts through the theft of ‘access tokens’. On 3rd October 2018 the Irish Data Protection Commission announced it had begun an investigation into the issue which under GDPR regulations could result in a fine of $1.6bn (4% of global turnover)
  • On 29th Sept 2018 the Conservative Government suffered a highly embarrassing major breach of its 2018 conference app when it found that absolutely anyone could access and change personal details of senior MPs and attendees at the conference including names and profile pictures resulting in some highly embarrassing amends to senior politicians details. Apparently there was no password login, reportedly available from the app developers for an extra £399. The Information Commissioners Office (ICO) has confirmed they are investigating and it will be interesting to see how they respond!
  • On 28th September the ICO announced it had fined BUPA Insurance Services £175k for ‘failing to have effective security measures in place to protect customer’s personal data’. It confirmed that between Jan and March 2018 a Bupa employee had stolen the personal data of 547,000 Bupa customers before offering them for sale on the dark web.
  • Last month (as reported here) a massive data hack occurred at British Airways resulting in the credit card details of 380,000 customers being hacked.
  • In August 2018 (as reported here) Dixons Carphone reported that 10m customer records had been compromised.
  • And, unfortunately, many more

Make National Cyber Security Month the month that you decide to take action to ensure the protection of your customers, employees and potentially your company’s reputation and future!

If it is your job to protect your company from such potentially devastating outcomes Focus on Training can help with a wide range of Security, Cyber and Governance, and GDPR courses including: