Weekly Threat Report - 13th December 2019
UK government warns charities of cyber security risk
The government has issued a cyber security alert to charities warning them of a spike in the number of criminals trying to access and change the private information of staff.
The Charity Commission has received several reports from charities that have been targeted by fraudsters impersonating HR staff members, specifically attempting to change employees bank details. In all cases, the request was made through an email.
Charities should look out for email requests from spoofed or similar email addresses to their legitimate HR departments, finance departments or staff with authority to change bank details. The NCSC has provided guidance which can help with this.
Like most businesses, charities are increasingly reliant on computer technology and are at risk of falling victim to cyber criminals. The NCSC has published guidance on how to improve cyber security within a charity with the collection including specific phishing advice.
Concerns about smart toys published by Which?
With Christmas shopping well underway, this week consumer association Which? revealed it had found “serious security flaws” in some children’s smart toys.
Working with cyber security specialists, Which? raised concerns about some connected toys sold by major retailers, claiming that they lacked basic cyber security measures and were vulnerable to attack. This investigation highlights the importance for manufacturers of internet connected devices to take every measure to ensure their products are safe to use.
Earlier this year the NCSC supported a DCMS consultation on regulatory proposals for consumer Internet of Things, which would create a minimum baseline for security requirements in smart devices.
Which? has outlined five tips to help when buying and using smart toys:
Read the description of the connected toy carefully in the shop or online. Find out what the toy actually does and how your child will interact with it.
Search online to see if there have been any security concerns raised about the toy previously, such as a leak of personal data. If you are at all concerned, consider a non-smart toy instead.
If you do buy a smart toy, submit only the minimal amount of personal data required when setting up an account for your child. So, not too much data is exposed if things do go wrong. Do set strong passwords, though, to ensure any accounts are properly protected.
Keep an eye on your child when they’re playing with the smart toy, particularly if it can send or receive messages.
When your child is not playing with the smart toy, make sure you turn it off completely.
NCSC guidance on how to secure internet connected devices in the home is available.