The fall of Secret Santa: 5 tips to keep your gifts secret while shopping online

Online shopping is a timesaver before the holiday season, but it can also betray our plans for Christmas gifts. Even though most households own more than one device used by everyone, there are several ways that family members or colleagues can accidentally find out what presents await them.

“In the past, people would find out about their Christmas gifts by accidentally discovering them hidden in a wardrobe or by checking browsing history on the family computer. Trends are shifting, and now IP addresses and poor digital habits are usually what betray us,” says Marijus Briedis, CTO at NordVPN.

To protect our privacy and retain the secret of gifts, Marijus Briedis advises these preventive measures:  

  • Use a VPN. When we shop online, websites and marketers track our every move to show us an offer we might like. The main issue is that ads based on IP address targeting are shown on all devices connected to the same router. This means that recipients of the gifts can start getting ads based on the searches of one user if they use the same Wi-Fi. One of a VPN’s core features is hiding your IP address, so it’s a tool that helps you stay private and avoid IP-targeted ads. 
  • Use incognito mode. Incognito mode does not exactly equal privacy, but this is precisely what it was made for – setting aside a single browsing session that won’t save cookies and won’t save browsing history. Incognito mode can help keep your online shopping a secret.
  • Get a privacy-oriented browser extension. There are plenty of powerful, free browser extensions that can help shake off trackers and keep holiday shopping searches private. There are lots of options, and they all work differently. NordVPN recommends these browser extensions.
  • Stop engaging with brands on social media (at least before the holidays). Likes and comments on Facebook or other social media show everyone which brands the user engages with. Usually, that’s not much of a problem, but it could give a hint to the intended recipient of what gifts to expect.
  • Mind your screens and windows. Users shouldn’t forget to close windows and lock their screen. This is the privacy hygiene of the digital age. Even advanced cybersecurity precautions cannot protect privacy and secrets if the user keeps their desktop open or screen unlocked.

Keeping people safe and secure online

£500,000 funding for communities

Projects providing practical help to support people tackle the growing risks posed by online crime will share a £500,000 fund aimed at ensuring a digitally secure and resilient Scotland.

Organisations including Scottish Union Learning and Community Enterprise, will use the money to provide workshops aimed at tackling scams and internet safety, deliver training to upskill under-represented groups into careers within cyber security and provide digital advice in different languages.

The projects will be targeted at specific groups, including disabled people and those with specific learning needs, minority ethnic groups, people living in areas of social deprivation or in rural or remote communities and those for whom English is not their first language.

Since  2019- 20 cyber crimes (crimes committed using the internet) have risen with an estimated 14,890 cyber-crimes recorded by Police Scotland in in 2022-23 almost twice the level in 2019-20 (7,710). This £500,000 fund is part of £1.16 million invested by the Scottish Government in 2023-24 to improve preparedness to withstand, defend against, manage, and recover quickly from cyber incidents.

Justice and Home Affairs Secretary Angela Constance said: “Cybercrime such as fraud and data theft can have a devastating impact on people, communities and businesses. 

“The Scottish Government is committed to building cyber resilience within all our communities and this funding will enable many more people across the country keep themselves safe and secure when going online by supporting them to gain practical knowledge and skills to recognise and avoid cyber-attacks.

“We will also continue to work closely with Police Scotland and the National Cyber Security Centre to ensure Scotland’s public sector is resilient to cyber threats.“

Online banking: 12 ways to stay safe

Dodge online banking fraudsters with these 12 cybersecurity tips

A recent Which? study tested the security of 13 of the UK’s most popular online banking sites between September and November 2022. The study found that Virgin Money, TSB and Nationwide were the worst at protecting their customers from online scammers.  

With so many well known banking sites falling short when it comes to blocking fraudsters, cybersecurity experts at VPNOverview have compiled a list of 12 safety tips to keep your money safe from malware and phishing scams. 

What are the possible dangers of online banking?

Financially motivated cybercrime, using malware and phishing, is growing at a rapid pace. In fact, by 2023, the number of internet users is set to increase by 275%, creating more targets for online banking fraudsters. Banks worldwide are doing all they can to protect their customers from banking fraud by raising awareness and utilising new technology to make online banking safer.

Malware

Cybercriminals can use malware like spyware to break into your phone or computer and potentially steal your banking details. Cybercriminals can use a keylogger to track your keystrokes and steal your banking login details as you are typing them. In the worst-case scenario, a hacker can infect your computer with a virus, allowing them to gain total control of your computer and possibly transfer your money straight into their account

Phishing

Phishing is where a cybercriminal attempts to obtain someone’s sensitive information by pretending to be a party this person trusts, such as a bank. This imposter would contact the victim via email or phone to trick them into surrendering login information. The scammer will often produce a plausible reason why they are asking for this sensitive information. It is essential to stay vigilant and remember: it is highly unlikely that your bank will ask you for login details, PIN codes or confidential information.  

12 online banking safety tips

1. Be wary of transfers: Only transfer money to parties you trust. Money transfers cannot usually be reversed without the explicit permission of the receiving party. 

2. Use a unique password and login details: Make sure your banking login details are different from your other online portals or services; it is much safer to have a different password for your bank if a hacker gains access to your device. The most secure password you can create will be at least ten characters long, containing a minimum of one uppercase letter, one lowercase letter, one number, and one symbol. It would be best if you considered changing your password to a new unique password every six months. 

3. Keep login details safe: Do not give your online banking login details to anyone. If you receive a phone call or an email asking for you to enter your banking login details, sensitive information or PIN codes, this could be a phishing scam. 

4. Use fingerprint and face ID: Make use of the newest technology when it comes to signing into your online banking apps. Using a fingerprint or Face ID login is much safer than the traditional username and password. Another security measure to consider is using two-factor authentication, essentially providing two methods of logging in to ensure that the right person is logging in.

5. Update apps: Ensure your device’s operating system is up-to-date. The same goes for your online banking app if you use one. The best practice is to configure your settings to update all updates automatically. 

6. Never click on suspicious hyperlinks: If you receive an email or a text from a number or address you don’t recognise that contains a hyperlink, don’t click on it. Do not download any files they may contain. 

7. Be wary of suspicious emails: Cybercriminals may send you a convincing-looking email with your bank’s logo and a professional-looking layout. If this email asks for sensitive information, including your password, login details or PIN code, delete this email. 

8. Check HTTPS connection: Always ensure the website you visit has a secure HTTPS connection before you log in to your online banking account. Many browsers, such as Google Chrome, Mozilla Firefox and Internet Explorer, show whether your connection to a certain website is secure. Some of these browsers may display a padlock symbol inside the address bar indicating the safety of a website’s connection. If not, you can check the URL: 

If the URL you visit contains “https://”, this is secure as the ‘s’ stands for secure. If you see “http://” the connection isn’t secure. You may have to click on the URL in the search bar to see the “https://” appear. If the connection isn’t secure, do not share any personal details with that page. 

9. Install antivirus software: Install antivirus software on your device to protect yourself from malware and viruses. The best antivirus programs will offer a built-in firewall, essentially a network security device that provides a barrier between a trusted network and an untrusted network. 

10. Be wary of phishing: If you suspect you have come across a potential phishing email or call that claims to have been sent by your bank, contact your bank immediately to notify them. If they do not know about this request, you were likely almost a victim of a phishing scam. 

11. Check your banking app frequently: Frequently check your online bank for peculiar activities and alert your bank of any transactions that you don’t recognise. 

12. Trust your gut: Ultimately, if something doesn’t feel quite right as you’re transferring a payment or entering sensitive details, trust your gut and don’t continue. 

A spokesperson from VPNOverview commented: “Although banks around the world are working hard to make online banking as safe as possible, it is still a good idea to take some safety measures yourself when managing your finances.

“By taking charge of your own online safety, you can prove to your bank that you are not negligent and are more likely to be reimbursed by your bank if something bad happens. By following these tips to protect yourself while online banking, managing, paying and receiving money will become a lot safer.” 

The growing threat of cyber warfare

Cyber security expert explains how to bolster your defences

Worried about cyber warfare? You’re not alone. With the threat of imminent attack from overseas malware and state-sponsored hacks increasing, the National Cyber Security Centre (NCSC) is calling for UK businesses of all sizes to “strengthen their cyber resilience” in response to the ongoing situation in Ukraine.

But what does cyber resilience mean, and what actionable steps can businesses take to bolster their defences? Anthony Green, CTO and cyber security expert at FoxTech, discusses:

“Intelligence suggests that cyber warfare will target critical infrastructure such as hospitals, schools, and energy supply chains. However, the real risk for the majority of businesses is collateral damage, and it’s never been more necessary for UK services and businesses to make cyber resilience an urgent priority.

“The goal of cyber resiliency actions is to give your organisation the best chance of preventing an attack and making a quick recovery if it does happen. Many organisations don’t even have basic cyber hygiene controls in place, which means that cyber education is vital and could have a potentially huge impact on the UK’s overall resiliency to cyber threats.”

FoxTech has provided its guide to the practical steps that businesses can take from today to strengthen their cybersecurity defences:

Stay informed

Can your IT strategy be summed up with the phrase ‘ignorance is bliss’? Businesses who are not fully aware of the extent of the threat and the actions they need to take will be the most vulnerable to attack. So, it’s vital to get informed.

As part of the Government Communications Headquarters (GCHQ), the NCSC website is frequently updated with the latest guidance, making it one of the best resources for UK businesses to get accurate, up-to-date advice to protect their IT ecosystem from attack. Brief your wider team on the heightened threat to ensure that your whole organisation is on board with the further security actions you may need to take.

Protect your devices

It’s vital to protect all devices that connect to your network, including those that are used remotely.

  • Ideally, make sure your employees are using company devices. If you do not provide company devices, ensure that all personal devices that connect to your network are secured
  • Ask employees not to conduct personal business on their company device
  • Ensure that all users’ laptops, desktops, and mobile devices have been tested and patched (patching is a process that repairs security vulnerabilities)
  • Turn on automatic updates and always install new updates as soon as possible

Practise password security

User accounts are a common entry point for attackers – make sure yours are not an easy target.

  • Install two factor authentication
  • Disable frequent password updates that encourage employees to write down their password as a reminder
  • Protect against password spraying by ensuring users choose uncommon passwords. The NCSC guidance recommends disabling complexity requirements which encourage password re-use, and instead use three random words, such as phoneradiuswhile or yelljamdistance

Secure your third-party software

All your third-party software needs to be secured and any vulnerabilities should be patched. If you don’t have the expertise to do this in-house, it is highly recommended that you consult cyber security experts who can conduct vulnerability scanning and implement remedial measures for you.

  • Check that any third-party software such as browsers, office productivity suites, firmware and cloud-based services are patched
  • Make sure your firewall, endpoint security and anti-virus is properly installed and correctly configured (if it’s configured incorrectly then you may not be protected)

Review what you’re showing the internet

It’s essential to review all your internet-facing data, as you might be displaying more than you realise.

  • Get a low-cost or free attack surface map to discover what you have exposed to the internet
  • Get an expert to conduct vulnerability scanning on your internet-connected services and patch any vulnerabilities
  • Secure your domain registration data by implementing a strong password on your registry account

Protect against phishing

Phishing emails are by far the most common form of attack, with 83% of UK businesses experiencing a phishing attempt every week.

  • Take advantage of the NCSC’s free cyber security training which has a useful module on spotting and reporting phishing emails – remember that employees are the first line of defence against phishing attempts
  • Instil a ‘no blame’ culture to encourage employees to report when they suspect they have clicked a phishing email

Only allow necessary access

Restrict access to your systems to only those who need it and ensure that all access is secured.

  • Delete any inactive accounts
  • Check your administrative access and ensure that only those who need to are enabled to access the network to make changes
  • Anyone not authorised to make changes should be set to view-only
  • Implement strong multi-factor authentication to all administrative accounts
  • Get a handle on any third-party organisations who have access to your IT estate. Understand what they do, who is allowed access and what privileges they have. Remove any access that is no longer required

Create an incident response plan

If the worst does happen, you need to have a comprehensive incident response plan in place. Only 31% of companies have an agreed cyber attack response plan set up, so this step will be an urgent action for many businesses.

  • If you don’t have a cyber security incident response plan, see the NCSC’s guidance on creating one
  • If you do have a plan in place, ensure all information (especially contact details) are correct
  • Make sure that your plan details who has the authority to make decisions, and what will happen if the attack occurs out of office hours
  • Ensure your plan includes information on how you will communicate if your normal systems are down
  • Make sure data is regularly and securely backed up in a safe place that is unconnected to your network

Contact cybersecurity consultants

If you don’t have cyber security expertise in-house, then consulting a cybersecurity expert can help you implement the steps above. They can also carry out more advanced actions to find and fix any other vulnerabilities that are particular to your organisation.

  • Get an expert security assessment to scan for any remaining vulnerabilities in your network, programmes, and cloud-based services
  • Join a security operations centre, which can constantly monitor your system and analyse any abnormalities against the latest threat intelligence to identify and block breaches before the attacker is able to steal anything.
  • Undergo penetration testing (also known as ethical hacking) to understand how an attacker is likely to gain access
  • Get a free CyberRisk score from FoxTech (it operates like a credit score for your cyber security) to get an immediate indication of your security posture.

The consequences of falling victim to a cyber attack can be dire, so in the current threat landscape, cyber security should be at the forefront of any business’ strategy for 2022.

Companies interested in finding out their CyberRisk score can order this for free from FoxTech here: https://www.foxtrot-technologies.com/cyberrisk-score

Further NCSC resources can be found here: https://www.ncsc.gov.uk/

CyberScotland Week:

Scotland’s ability to prevent and respond to the growing cyber threat will be increased with the creation of a new Scottish Cyber Co-ordination Centre (SC3).

The £1.5 million central coordination function will strengthen Scotland’s resilience to withstand the highest level of cyber threat. 

The Scottish Government’s Covid Recovery Strategy commits to establishing a recognised, authoritative and collaborative function to combat the accelerating threat of cyber attack.

This has led to the creation of the SC3, which will pool expertise to: share intelligence; provide early warning of cyber threat and attacks; manage incidents and lead recovery. Recruitment for a head of the centre is already underway, with SC3 set to be formally launched later this year.

SC3 was announced ahead of the start of CyberScotland Week (Monday 28 February – 6th March), which will feature over a hundred events and activities across Scotland, focusing on building the cyber resilience of individuals, businesses and organisations.

Deputy First Minister John Swinney said: “At times of heightened international tension, it is more important than ever to ensure that Scotland is ready to defend itself against cyber attacks. 

“Sustaining and increasing Scotland’s cyber resilience requires us to continue harnessing the power of working in partnership, and stepping it up at all levels.

“Establishing a new dedicated cyber co-ordination centre is a bold and ambitious development for Scotland.

“By providing a central coordination function that pools expertise from across a number of existing or developing Centres of Excellence, we can maximise our ability to work together to address cyber threats and attacks – whether that is sharing intelligence, providing early warnings, managing incidents or leading recovery.

“During CyberScotland week, I would urge individuals, businesses and organisations across Scotland to reflect on what they can do to keep themselves and others safe from emerging threats. The National Cyber Security Centre has trustworthy and up-to-the minute guidance on keeping safe and secure online.”

Heartbreaking: Britons lose £204.5 million to dating scams, hacking and more in past 12 months

  • The UK reports losses of around £204.5M over the past 12 months due to personal, digitally driven crimes
  • Almost 23,000 cases of fraudulent activity relating to plastic cards and online bank accounts have been logged since September last year
  • Alarmingly, 49% of Brits don’t know if their smartphone has security software installed, or have none at all

Following last week’s Twitch data leaks on 4chan, a new study reveals that the UK’s public has lost as much as £204.5 million to personal, digitally driven crimes in the past 12 months. Additionally, as many as 26 million British adults – 49% of residents over the age of 16 – report either not knowing whether their smartphone has security software installed, or having none at all.

App development company Bacancy Technology analysed statistics drawn from the National Fraud Intelligence Bureau (NFIB), focusing on crimes more likely to befall members of the public – such as dating scams, personal and social media hacking, computer viruses and banking app fraud.

In total the UK has filed a total of 60,297 reports of criminal activity dating back to September of last year, culminating in a total loss of £204.5M to the personal finances of British citizens.

Across the selected categories, cyber-assisted crimes involving cheque, plastic card and online bank accounts have seen the highest number of incidents, at 22,981 reported cases, with an overall personal financial loss of £102.3M – an average of £4,451 per case.

Social media and email hacking ranks second highest in the list in terms of the number of reported incidents, standing at 12,225 reports over the last 12 months. However, the high volume of cases is offset by an average loss per case of £204 – amassing to an overall financial loss of a lesser £2.5M.

With Dating scams, it’s the opposite. A smaller number of reported cases (9,388 over 12 months) has resulted in Brits taking financial losses of £97,600,000 – with each individual case costing over £10,000 on average.

Ranking fourth and fifth on the list are reported crimes surrounding computer viruses/malware and personal hacking – which relates to hacked devices, rather than accounts. Despite a large number of reported incidents over the past 12 months (7,893 and 6,649 respectively), each of these crimes have resulted in smaller average losses per case, with figures under £100.

Top 5 personal digital crimes – UK, over 12 months (Oct 20 – Oct ’21)

Type of crimeNumber of reported crimesReported financial loss (in GBP)Average loss per case
Cheque, Plastic Card & Online Bank Accounts22,981£102,300,000£4,451
Hacking – Social Media & email12,225£2,500,000£204
Dating Scams9,388£97,600,000£10,396
Computer Virus/Malware/Spyware7,893£348,400£44
Hacking – Personal5,649£511,900£90

Despite the variety of security apps readily available on both the Apple and Android stores, around 26 million Brits – a total of 49% – may be at risk.

Further data drawn from an ONS survey shows that one in three Brits (32%) are unaware of whether their smartphones have security software installed, while almost one in five (17%, or nine million adults) reported not having security software of any kind – leaving them open to potential cyber-crime and fraudulent activity.

Do you have security software installed on your smartphone?

 All16-2425-3435-4445-5455-6465+
Automatically installed/provided with operating system40394636443738
Installed/subscribed118914131211
Do not have smartphone security1727181915911
Don’t know32262731294241

Commenting on the findings, a spokesperson for Bacancy Technology said: “Recent events in the news have highlighted the importance of maintaining security over our personal data and finances.

“Even so, it seems that while the British public are aware of the potential dangers of online activities, many are failing to take steps to adequately protect themselves and their loved ones. Digital security is of the utmost importance, and everyone with a smart device should take necessary precautions to ensure their safety.”

This research was conducted by app development company Bacancy Technology, an exclusive hub of top software developers, UI/UX designers, QA experts and more, offering development services aimed at the creation of high-end, enviable applications.

Scots to lose £42.6million to online fraud

  • Scots expect to lose a staggering £42.6million to online fraud, with 13% of Scots expecting to become a financial victim losing an average of £600
  • Although 13% of Scots expect to lose money to online fraud in the future, the average they expect to lose is the lowest in the entire UK at just £600, compared to the UK average of £1,574.
  • Over half of Scots (54%) admit to using easy to guess personal information in their secure online passwords, with 14% using their birthday, and almost one in five (18%) admitting to including their pet’s name. 
  • Scots should ‘paws for thought’ with one in five admitting to using their beloved pet’s name as their supposedly secure passwords. 
  • Two thirds (66%) of Scots confess to sharing personal information, passwords and memorable words publicly on social media, without realising the risk they put themselves at.
  • Scots are amongst the most security conscious in the UK, with 59% saying they would change their password after a single breach had been detected, compared to a UK average of just 53%

ClearScore, the UK’s leading free credit score and credit marketplace, has launched ClearScore Protect Plus, offering round-the-clock online identity protection and fraud defence, alongside nationally representative research revealing that Brits expect to lose a staggering £15.7billion in the future due to online fraud.

With a first-to-market personalised security score, Protect Plus Cover and access to a dedicated fraud support manager if you do become a victim of fraud, ClearScore Protect Plus offers peace of mind, helping you to get ahead of fraudsters and stay ahead.

With Covid-19 restrictions beginning to ease and life beginning to feel a little more normal, fraudsters are preparing to take advantage as Britons begin planning to spend more freely in a post-lockdown era.

With the Bank of England governor Andrew Bailey predicting a post-covid spending binge, 65% of people have said that they are waiting for the Covid-19 crisis to ease before making big spending commitments.

Whilst planning their post-covid purchases, it seems people are also preparing to become the victim of an expected surge in online identity theft, with the average Brit expecting to lose an astonishing £1,574 to online fraud. With 15% anticipating losing money in the future, online fraud is predicted to cost the UK £15.7billion.

However, in spite of the large numbers of people who believe they’ll be a future victim of fraud, there is a disconnect between expectation and reality. Whilst the majority (53%) believe that they would change their password after one security breach being detected, internal data from ClearScore demonstrates that in reality, a staggering 94% of people take no action after a password breach has been flagged.

Worryingly, over half of people (55%) admit to using easy-to-guess personal information in their supposedly secure online passwords, with one in ten including their name, 9% their children’s name, 12% their birthday, and 17% including pet’s names in passwords.

With such a high proportion admitting to using easy-to-remember, but less secure, personal information in their online passwords, a staggering two-thirds (66%) confess to posting their secure personal information, including passwords and memorable words publicly on social media. Combined, these two traits make Brits a hacker’s dream. 

ClearScore Protect Plus provides round-the-clock identity protection, using advanced web scanning to find breaches of your personal data on the dark web and beyond. Searching for instances where passwords, email addresses, phone numbers and your date of birth might have been shared by fraudsters.

With daily credit report monitoring, users will receive instant alerts both when personal information or a password breach is detected, along with any upcoming changes to a credit report, so unexpected activity can be checked and verified instantly.  

ClearScore Protect Plus features include: 

  • Dark web scanning for passwords, breaches and personal information
  • Deep web scanning passwords, breaches and personal information including phone numbers, home addresses and date of birth
  • Credit report alerts in case of any unexpected activity on your report
  • Security tips and tailored actions in the event of a breach being detected
  • Personalised first-to-market security score out of 1000 to help you understand your personal risk of identity fraud
  • Dedicated fraud case manager  to help you get back on track step-by-step if you ever do become the victim of fraud 
  • Protect Plus Cover including access to a specialist team who’ll help replace lost or stolen cards on your behalf, up to £200 towards replacing a stolen passport or driving license, and expert help to resolve cybersecurity issues
  • Credit freezing as standard if you believe you’ve been the victim of fraud, meaning anyone taking credit out in your name must provide extra documentation (such as a passports or driving licence)

CEO and Co-founder of ClearScore, Justin Basini says, “Since launching ClearScore Protect in April 2020, we have helped over 2.6million people protect themselves from online fraud.

“The launch of ClearScore Protect Plus supercharges that level of protection, providing people with a complete round-the-clock support package, from identification of instances of fraud, to supporting you in improving your online security, to helping you deal with the fallout of any instances of password breaches or identity fraud.

“Having fallen victim to identity theft myself, I understand how it can impact a person’s financial and mental well-being, and ClearScore Protect Plus is here to give personal and tailored support to ensure your online security is protected, always.”

ClearScore Protect Plus costs £4.99 a month (or £49.99 a year).

For more information on ClearScore Protect Plus visit: 

www.clearscore.com/protectplus

Protect your passwords, protect your business

Businesses and projects in Edinburgh are being advised to put in place stricter rules around passwords to protect staff and systems, as the country switches to home-working amid the coronavirus pandemic.

Following UK Government advice for businesses to work from home where possible, due to the rise in cases of COVID-19, the Scottish Business Resilience Centre (SBRC) is warning employers how this can increase an organisation’s vulnerability to cyber-attacks.

This was demonstrated just weeks into the COVID-19 outbreak, with scammers already capitalising on fear and system frailties, and scams relating to the virus costing UK businesses nearly £970,000.

SBRC is advising businesses to quickly and easily increase their security by using password manager software and implementing a two-factor authentication.

Declan Doyle, Ethical Hacking Consultant at SBRC, said: “We’ve seen a huge increase in the number of phishing scams since the outbreak of the virus – including fraudulent emails targeting businesses about fake Government tax rebates and Coronavirus funding.

“Criminals are very smart, and as much as we can find, identify and shut down scams, the best course of action is to tell people what to look out for and give them advice to follow to minimise the risk of falling victim to these traps. Increasing your online security is one way to do this.”

Eamonn Keane, Chief Operating Officer for Cyber and Innovation at SBRC, said: “The last thing any business battling the impact of coronavirus needs right now is a crippling cyber-attack.

“The prospect of thousands of temporary home workers, potentially accessing a range of vital business servers and applications from vulnerable home internet connections, or using old or inadequate laptops or PCs, is a scary one.

“One of the easiest ways for businesses to avoid cyber-attacks is to set up a password manager to secure, store and generate passwords for your team which can be accessed across various devices.

“Attackers use different techniques beyond hacking to discover passwords, including phishing, automated guessing using the most commonly-used passwords, manual guessing and intercepting networks. Password managers and two-factor authentication can easily put a stop to a lot of these tactics.”

Andy Maclaren, Head of IT Services at SBRC partner, Consider IT, said: “Password managers typically generate a long, secure and unique password for each website a user logs into, avoiding reusing passwords across different websites.

“This way, if a particular website’s database is hacked or leaked, attackers won’t be able to use the same log in details to access all of the other services your email address has signed up to.”

Two-factor authentication asks users for their password as normal, but also asks users to provide a second piece of information such as a code sent to an email address, or a fingerprint scan on a phone.

Eamonn added: “Two-factor authentication is just another way of ‘double-checking’ you are who you’re claiming to be when you’re logging into business accounts – meaning even if someone hacks or gains access to your password, they won’t necessarily be able to access your accounts.

“At SBRC, we endeavour to maintain Scotland’s reputation as a safe place to do business, so we will do everything we can to keep our partners, members and the public as up to date as possible in these uncertain and ever-changing times.”

The Scottish Business Resilience Centre is a non-profit organisation which exists to support and help protect Scottish Businesses.

To ensure Scotland remains a safe place to live, work and do business, SBRC will be regularly sharing COVID-19 developments and advice from Scottish Government, their partners and members as they happen.

Over the coming weeks SBRC will be holding a series of 60-minute webinars aimed at helping Scottish businesses prepare and survive the human and commercial impacts of COVID-19.

SBRC maintains a unique connection to Police Scotland, Scottish Fire and Rescue Service and Scottish Government, which gives the organisation exclusive access to the latest information to advise citizens and businesses how to interact safely.

Employers can also reach SBRC by emailing enquiries@sbrcentre.co.uk.

Void Android?

More than one billion Android devices around the world are vulnerable to attack by hackers because they are no longer supported by security updates and built-in protection, new research by Which? has found.

The consumer champion crunched Google data, which shows a staggering two in five (40%) Android users worldwide are no longer receiving vital security updates from Google, potentially putting them at risk of data theft, ransom demands and a range of other malware attacks that could leave them facing bills for hundreds of pounds.

The findings come as Which? adds warnings to its reviews of potentially affected smartphones – which are not necessarily old models and are still available to buy through online marketplaces – so consumers are aware of the risk.

Which? experts took a selection of affected phones and tablets into its labs, including handsets still available to buy from online marketplaces such as Amazon, and found they could easily be hit by a range of malware and other threats.

Researchers tested a range of phones including models from Motorola, Samsung, Sony and LG/Google and found vulnerability to hacks including enabling personal information to be stolen, a hacker to take complete control over the phone or large bills for services that the phone owner hasn’t used themselves.

Recently out-of-support devices won’t immediately have problems, but without security updates, the risk to the user of being hacked goes up exponentially. Generally speaking, the older the phone, the greater the risk.

Anyone using an Android phone released around 2012 or earlier – including popular models like the Samsung Galaxy S3 and Sony Xperia S, should be especially concerned, since it’s likely they will be running a version of Android that does not include various security enhancements Google has been rolling out since.

Google declined to respond when Which? asked for data on how many UK users are likely to be affected. But the consumer champion estimates there could potentially be millions of old unsupported Android devices still in use in the UK.

Which? shared its findings with Google but the tech giant’s response failed to provide reassurance that it has plans in place to help users whose devices are no longer supported.

Which? is calling for far more transparency around how long updates for smart devices will be provided so consumers can make informed buying decisions. The industry must also do a better job of giving support and guidance to customers about their options once security updates are no longer available.

Proposed legislation for mandatory security requirements – putting the onus on manufacturers to provide clear information about how long security updates will be provided for – and strong enforcement for manufacturers, retailers and online marketplaces that fall short are essential to tackle the growing problem of digital obsolescence.

Which? believes Google and other manufacturers also have questions to answer about the environmental impact of phones that can only be supported for three years or less – meaning consumers frequently need to fork out hundreds of pounds to replace them, while old phones end up piled up in landfill.

Kate Bevan, Which? Computing editor, said: “It’s very concerning that expensive Android devices have such a short shelf life before they lose security support – leaving millions of users at risk of serious consequences if they fall victim to hackers.

“Google and phone manufacturers need to be upfront about security updates – with clear information about how long they will last and what customers should do when they run out.

“The government must also push ahead with planned legislation to ensure manufacturers are far more transparent about security updates for smart devices – and their impact on consumers.”

Which? Tips

My Android phone is working fine, so why should I ditch it?

If your Android device is more than two years old, check if it can be updated to a newer version of Android. Open your phone or tablet Settings app, then tap System > Advanced > System update. You can then see your Android version.

If you are on a version before Android 7.0 Nougat, try to update your system. Still in the System update section, follow the instructions to run the update.

If you can’t update to a newer version, you’ll need to consider that there will be an increased risk of using your device going forwards – especially if you are running a version of Android 4 or lower.

What should I do if my mobile phone is no longer updated?

The older the phone, the greater the risk. Anyone with a smartphone that runs Android 4 or earlier should seriously consider whether it’s worth the risk to their data and privacy to continue using the device. However, there is an increased risk to any device that is no longer being supported by security updates. If you are still using such a phone, carefully consider the following advice until you upgrade.

1. Be careful what you download: The majority of threats come from downloading apps from outside the Google Play store, so be very wary of that. If you do sideload an app, check carefully that it is official and always manually re-enable the ‘unknown sources’ block in your Android settings after you’re finished. This is done automatically in newer Android versions.

2. Watch what you click on: As well as traditional phishing threats that might arrive via email, variations on these threats can be sent to a phone via SMS or MMS messages to take advantage of vulnerabilities found on some older versions of Android. Be very wary of clicking on any links that look suspicious, especially if they are from senders you’re not familiar with.

3. Back up your data: Make sure all your data is backed up in at least two places (a hard drive and a cloud service). If something goes wrong and you do get infected, this will help to ensure you won’t lose access to anything vital.

4. Get mobile antivirus: There are a range of additional apps that can provide some protection for your older Android device against security threats. Bear in mind, though, that the choice might be limited for really old Android builds. We could barely find any reputable services for the Sony Xperia Z2 running Android 4.4.

Which? advice guide for people who are using phones that no longer receive security updates: https://www.which.co.uk/reviews/mobile-phones/article/mobile-phone-security-is-it-safe-to-use-an-old-phone