SEERS GUIDE

FOR
CYBER SECURITY

Contact us: support@seersco.com Website: www.seersco.com

Who is this book for?
This book is for:
The beginners
Executives and managers
Employees
Students
Privacy and data protection experts
Data Protection Officers

This book will help you:

Define and use key terms and concepts in the field of cyber security
Differentiate between the various forms of malware and how they affect computers and networks
Understand how hackers actually hack
Identify and distinguish threat actors and their motivations
Match appropriate types of controls to the actions of different threat actors
Take up entry roles for IT and Cyber security Positions

For instance, you’ll learn how to protect your personal privacy online while gaining additional
insight on the challenges companies, and governmental and educational institutions face today.
Contents
Cyber security and cyber crime 1
Cybercrime 1
Cyber security 2

Cost and consequences of cyber crime 3

Cost of attacks 3
Cost of security 3

Threat actors and their motives 4

Types of attacks 5
Social Engineering 5
Denial of service (DoS) 5
Botnet 5
Distributed Denial of Service Attacks (DDoS) 5
Direct-access Attacks 6
Malware 6
Ransomware 6
Internal privilege misuse 6
Physical card skimmers 6
Eavesdropping 6
Spoofing 6
Tampering 6
Clickjacking 6

Solutions 7
Cybersecurity Solutions Require a Multi-Pronged Approach 7

Install and update anti-malware 7

Real-time threat Intelligence 7
 Patching frequently 7
Whitelisting software applications 7
Incident Response, Disaster Recovery & Business Continuity Planning 8

Continuously backing-up data 9

Passwords 9

Access controls 9
Multifactor authentications 10
Ensure the security of third party 10
Staff training and awareness 10
Do not share your work devices with friends and family 10
Think before you click: Avoid phishing attacks 11

Social media safety 11

Security of mobile devices 12

Securing the workplace mobility (BYOD) 13

Steps to deal with a data breach 14

Do not pay the ransom 14

Mobilise your response team 14
Isolate the breach 14
Investigate and document the breach 14
Notify the ICO 14
Contact clients 14

Use backups 14
Tighten the security 14

Introduction to Seers 15
 Cyber security and cyber crime
Cybercrime
Cyber Bank Robberies Contrib-
The ride sharing service Uber became a viticm of cyber-
ute to $1 Trillion in Cybercrime
crime in 2016 when the data of about fifty-seven million
Losses
customers was compromised. The breach revealed
customers' names, email addresses, and phone num-
bers. Uber kept the breach a secret and paid $100,000 in
ransom money, admitting it later.
Robert Morris, a Cornell Univer-
In November 2016, cyber criminals hacked the Britain's sity graduate student, created
Tesco Bank exploiting deficiencies in the design of Tesco the first computer worm in
Bank's debit card system. The attackers netted £2.26 1988. There were only around
million during the 48-hour incident. 50,000 plus workstations and
mainframes at the time, making
Cybercrime is a global issue that's been dominating the it easier to detect the problem
press and media. It not only threatens individual security one day on November 2. The
but also large organisations, banks, governments and worm, famously known as
national defence. Cybercrime is relentlessly increasing Morris Worm, slowed down the
and unlikely to stop. It is easy, and when successful, computer processes and
results in high payoffs. copied itself to other devices.
As a result of this worm, CERT
A sophisticated cybercriminal can make millions of (Computer Emergency Readi-
dollars with almost no chance of legal consequences i.e. ness Team) was created at MIT
arrest and jail. With access to anonymised, secure pay- under the U.S government
ment systems like Bitcoin, it’s very hard to catch the contract.
cyber criminals. That makes it a low risk crime attracting
thousands of cybercriminals creating even more power-
ful malware and causing increasing number of security
incidents.
NotPetya/ExPetr, WannaCry,
and Bad Rabbit as leading
examples of malicious attacks.

1 Seers guide to Cyber Security

 Cyber security
Our world becomes increasingly digital and reliance on computers has posed great challenges.
Everything is digitized and online, from banking to maintaining friendships, to industrial controls,
national defenseand nuclear reactor control systems. With interconnectivity and so much data to
exploit out there, Cyber security has become essential.

Cyber security is the processes and methods that secure computer devices, networks, and data
and information against attack, theft, misdirection, misuse, or disruption.

Cyber security encompasses the following aspects:

Network security: focuses on protecting the internal data and The strength of the cyber
infrastructure of a small or enterprise-sized organization, and security chain is only equal to
manages access control, passwords, firewalls, scans, and the strength of its weakest link.
antivirus software. And user is the weakest link.
Application Security: An effort to build robust security features
into applications, especially those that are available through the
internet.
Information Security (InfoSec): The processes, policies, and
tools that secure digital and non-digital data and information
from attack and misuse.
Operational Security (OPSEC): The goal of OPSEC is to identify
and determine methods to protect assets. Operational security
usually consists of five steps: identify assets, identify threats,
determine vulnerabilities, assess risks, and invoke countermea-
sures.
Disaster Recovery and Business Continuity: Disaster recovery
anticipates security events and provides a plan for recovering
assets and resuming business.
End user Education: Good cyber security practice empowers
every member of an organization to recognize and resist

2 Seers guide to Cyber Security

 Cost and consequences of cyber
crime
Cybercrime is expected to cost more than $2 trillion globally in 2019, says Juniper Research in
their report The Future of Cybercrime & Security: Financial and Corporate Threats & Mitigation.
This is four times the estimated cost of cybercrime in 2015.

Cost of attacks
The cost of cyber-attacks can be attributed to different factors including:
Loss of information and resources
Cost of business disruption due to system downtime
Cost of recovery and reinstalling the systems
Cost of damages claimed by affected parties
Cost of legal penalties
Loss of customers and revenue
Loss of reputation and goodwill

NotPetya attack is an example of how cyber-attack can

cost hundreds of millions of dollars to the businesses. According to the CSIS/McAfee
Among the victims of NotPetya attack, Reckitt Benckiser, report, the global cost of
FebEx and Maersk falling faced huge losses as a result of cyber-crime is almost $600
system downtime. Maersk had to reinstall 4,000 servers, billion that constitutes 0.8% of
45,000 PCs, and 2,500 applications, impacting on the global GDP.
firm's ability to do business.

UK telecommunication provider TalkTalk lost £60 million

and over 100,000 customers as a direct result of a high An IDC report estimates the
profile data breach. worldwide security technology
market will surpass $100 billion
Cost of security by 2020.

As cyber security risk and complexity increase, so do the

resources needed to respond to them. In 2017 alone, all
of those protection efforts cost businesses $86.4 billion.

Cyber security jobs will increase by 350 percent from

2016 to 2021. There were one million openings in 2016
and to this number will be added 3.5 new unfilled cyber
security jobs in 2021.

Businesses will invest increasing amount of resources in

hiring security professionals to avoid ransom ware
attacks and maintaining customer privacy. This is a
serious revenue dedication to cyber security.

3 Seers guide to Cyber Security

 Threat actors and their motives
Cybercrime does not seem to end soon because it's a highly rewarding full-time activity for hack-
ers. These guys are living lucrative lives by being criminals. They drive Mercedes and own private
jets.

The threat actors are broadly classified in following

categories:
1. Financially motivated organised cyber-criminal groups. Most
of these groups are from Eastern Europe.
2. Nation-state actors: Hackers working for government and
security agencies to steal sensitive information and disrupt
enemy’s capabilities. This category of consists of most sophisti-
cated hackers with 30% originating in China.
3. Hackivists: Their primary motive is not financial gain but to
promote their political or religious ideas or cause. They intend to
impact reputations or influence clients.
4. Insiders: These are employees operating from within a
Gary Mckinnon
company. These are blackmailed or over-helpful employees who
London based Mr. McKinnon was arrested by
reveal sensitive information to third party without realising the police in 2002. He allegedly hacked into US
potential harm. military computer systems in an attempt to bring
them down. Gary McKinnon admitted hacking into
US computers but he said that he was in search of
classified information about UFOs.
Hackers attempt to deny, destroy, degrade and disrupt
the networks for different motives.
In the beginning, they broke into systems as a hobby or for the
According to the CSIS/McAfee
thrill of it.
report, the global cost of
Some carried out attacks to show weaknesses in system
cyber-crime is almost $600
security and win bug bounties.
billion that constitute 0.8% of
Some hack for financial gain, either stealing credit card
global GDP.
numbers or for ransom money by encrypting the victim's data
and asking for money to revert it. Stealing money by hacking
has become a profession on its own.
Some hackers work for local, national, or international inter-
ests.

Julian Assange
famous for creating WikiLeaks, started hacking at
age of 16, using the name 'Mendax'

4 Seers guide to Cyber Security

 Types of attacks Types of cyber security attacks

Phishing attacks
Social Engineering
SQL injection Attacks (SQLi)
A sophisticated elevation of phishing wherein attack- Cross Site Scripting (XSS)
ers use web pages, email, and even phone calls to
pose as authority figures or friendly agents to acquire Man-in-the-middle (MTM)
sensitive personal or company data. Social engineer- Attacks
ing often involves research on an individual through Malware Attacks
social media so that they can leverage the victim’s
lifestyle, work, and interests. Examples can include an Denial-of-Service Attacks
email under the name of a CFO asking for HR records, Distributed Denial of Service
or a message requesting money from a “grandchild.” Attacks (DDoS)
Other examples include emailing invoices under the
guise of a legitimate vendor in order to secure pay- Spear Phishing attacks
ment into the accounts of thieves. Whaling Phishing attacks

Phishing
A phishing attack is carried out by sending an email pretending to be someone you know. The
phishing emails may ask you to provide sensitive information like your bank account details or
social media credentials.
The phishing email may also contain malware. The moment you click the link it installs a key-logger
that spies on your web activity and steals your credentials.
Sometimes the phishing email contains a link to a malicious website that pretends to be your bank
account login screen, asking you to enter the credentials and stealing the login information the
moment you provide it on that screen.

Phishing email utilises psychological manipulation, i.e., a sense of urgency or fear, so that you are
tempted to perform the required action.

Denial of service (DoS)

A DoS attack attempts to disrupt the network service by sending high volumes of traffic in the
way. Your network becomes overloaded and stops functioning. The purpose of DoS attack is to
block the user's access to the network.

Botnet
A network of private computers, including portable devices that are surreptitiously controlled as a
group to propagate spam or break passwords.

Distributed Denial of Service Attacks (DDoS)

A DoS attack in which network traffic is sent from hundreds of thousands of devices is called
DDoS attack. It utilises Botnets that is a network of many different infected devices in different
locations obeying the hacker's command. The distributed network is used to amplify the effect of
blocking and making it difficult for the victim to locate and block the IP because there are so many
of them.

5 Seers guide to Cyber Security

 Direct-access Attacks
Attackers may gain unauthorized access to a laptop to add malware, but attacks can also spread
through other devices. Camcorders and storage devices, for example, directly access computer
memory for high-speed transfers, which make them vectors for worms, key-loggers, and other
malware.

Malware
Malware has different types including virus, trojans and worms. The terms malware stands for
malicious software. Malware is used to gain access to systems, and it is sent via phishing email
attachments, infected file downloads or operating system vulnerabilities.

Ransomware
Ransomware is a type of malware that freezes the systems or encrypts the data and making it
useless for the actual owner. The hacker then demands ransom money to restore the data or
system to its original form. Ransomware may be installed through a phishing scam.

Internal privilege misuse

An internal user with access privilege can secretly obtain confidential data hoping to misuse it.
Such misuse can include increased access by stealing access credential to higher systems, for
financial fraud, identity theft or sometimes only for gossip.

Physical card skimmers

It is carried out by physically installing a spy device to read valuable information from the victim
device or network. Such a device can read magnetic strip data from ATM, gas pumps or PoS termi-
nals.

Eavesdropping
The surreptitious conversation monitoring, whether by listening in on a room, tapping into a
landline or cell phone, or intercepting an email.

Spoofing
The act of pretending to be something or someone you are not in order to gain access to sensitive
information. You can spoof people or equipment, such as spoofing email addresses to distribute
spam or spoofing caller IDs on VoIP networks.

Tampering
The act of modifying devices, such as installing surveillance capability on a router or installing a
rootkit, with software that permits access to parts of a computer that are usually inaccessible.

Clickjacking
Through hijacking webpage links or user clicks, clickjacking redirects a user to a page that spoofs
a legitimate page, often to collect sensitive information.

6 Seers guide to Cyber Security

 How to ensure cyber security?
Cyber security Solutions Require a Multi-Pronged Approach
There is no single solution to all cyber security problems. Ensuring cyber security is a combination
of technological and human components. The particular solution matrix depends on the peculiar
characteristics of each organisation. However, certain measures are common in all cyber security
solution matrices:

Install and update anti-malware

Antivirus products are only 30-40
Install some real anti-virus program with support. Update the
per cent effective. That’s because
anti-malware as soon as you receive the update notification.
You can’t fight what you don’t yet
These updates contain security patches that take care of
know exists. Malware writers
vulnerabilities. Not updating the anti-virus means you will
develop more than one hundred
provide the hackers an opportunity to take advantage of the
thousand new strains of malware
vulnerability. Install anti-virus not only on the computers and
each day. Antivirus products can
laptops but also on mobile device.
only protect against known
malware, and it’s dangerously easy
Firewalls for new strains to go undetected.
A firewall is a barrier between your data and the cyber-attack- This type of malware is called a
ers. It is generally one of the first lines of defense in a compa- zero-day exploit because once it’s
ny's cyber security efforts. In addition to external firewalls, you released, there’s no available cure
can install internal firewalls for additional protection. You until antivirus guys write antidotes
should also require your employees working from home to or signatures to contain it.
install a firewall on their devices and home network and
provide them with technical support and resources.

Real-time threat Intelligence A 2013 study by the Ponemon

Institute revealed that IT execu-
The longer it takes you to identify a cyber-attack, the more tives believe that less than 10
damage occurs. Identifying a threat before it actually happens minutes of advance notification of
reduces the hefty consequences. a security breach is sufficient time
to disable the threat. With just 60
Real-time threat intelligence is an effective measure for seconds’ notification of a compro-
preventing cyber-attacks. An advanced notification will help mise, resulting costs could be
you to disable in the threat in sufficient time and prevent the reduced by 40%.
damage. On average, it takes companies more than seven
minutes to discover a malicious attack.

Patching frequently
A software patch is a temporary update in software to fix a bug, address a security vulnerability or
stability issue. A software patch may also be released to make the existing software compatible
with the latest hardware components.

Regularly scan for any updates and fixes by the software vendors and install them as soon as
possible. This will confront the vulnerability and increase the integrity of software, thereby reduc-
ing the likelihood of data breach.

Whitelisting software applications

Create a list of all approved software that you deem necessary and fit for the purpose. The
whitelist will then prevent the non-approved software, i.e. malware, from automatically or manual-
ly being installed on your systems and server. It will also give more control to the network and
system administrator.

7 Seers guide to Cyber Security

 Incident Response, Disaster Recovery and Business Continuity Planning
An incident response plan is a set of instructions on how
your organisation will respond to and recover from Steps to create a good inci-
network security incidents. dent response plan:

The goal of incident response is to minimise damage, Conduct a complete risk assess-
reduce recover time and mitigate breach expenses after a ment
cyber-attack or network security breach. Identify all stakeholders
A comprehensive incident response (IR) plan can help your Define security incident types:
Identify what counts as an
team persona rapid and effective response to a data
incident
breach incident. Your incident response plan should be a Create a list of resources and
clear and actionable document that your team can refer to assets
in a variety of scenarios. Recovery plan hierarchy and
information flow
Incident response plan also includes Disaster Recovery Prepare a variety of public
Plan (DR) and Business Continuity Plan (BCP). statements
Prepare an incident event log
Disaster Recovery Plan includes information and resourc-
es to resume a company's operations after a cyber-securi-
ty incident.

Disaster recovery plan provides detailed procedures to Significant components of DR

facilitate recovery of capabilities at an alternative site. include:
These procedures are often focused on IT capabilities. Establishment of recovery teams
Development of recovery proce-
Business Continuity Plans are designed to help organisa- dures
tions protect themselves from the losses to critical infra- Training of the recovery team
structure and resources caused by natural disaster, pan- Change management to keep
demics and terrorism. plan current
Provision of necessary resources
The purpose of a business continuity plan is to provide a Arrangement of alternate tech-
procedure for sustaining essential business operations nology program and retrieval of
back up data
while recovering from a significant disruption. It addresses
business processes.

BCP planning includes:

Establishment of cross function-

al teams
Inventory of people, processes,
resources and technology (PPPT)
Risk/Threat identification and
categorisation
Impact analysis and loss estima-
tion
Prevention, mitigation, and
recovery strategising
Gap analysis and Resolution
planning

8 Seers guide to Cyber Security

 Continuously backing-up data
Back up is critical to disaster recovery and is an essential component of a business continuity
plan. The backup will ensure that you do not need to pay ransom money to recover your data, in
case a ransomware attack locks your computer systems and servers and compromises the integ-
rity of information.

Make sure you update the backups on regular bases and utilising best technology and methods.

Passwords
One of the most common methods for hackers to access the systems is by guessing passwords. Hackers
can use automated software to guess your username and password combination.
Hackers also use phishing to gain access to your credentials. A phishing attack is carried out by sending a
spoofed email pretending to be someone you know or someone from a reputed organisation, asking you to
provide credentials or clicking on a link that could install malware on your computer.

A stolen password can result in identity theft and cause long-lasting damage. Once your password is
stolen, the hacker can get access to your contacts and ask them to provide their confidential information,
spreading the damage to more and more people.

Here are some guidelines to strong password security:

Do not use the same password for multiple accounts.
Your password should be at least 8 characters long and should be a combination of upper case, lower case, a numeric
and special character.
Do not save passwords in one single file and to make the matters worse, save this file on the cloud.
This is very important: Do not store your usernames and passwords for financial institutions, credit card companies,
utilities, email, and social media on OneDrive, Dropbox, Google Drive, or iCloud. Write them down on a sheet of paper
and store the physical copy somewhere safe.
Be aware of phishing emails. Scrutinise every email before opening them and especially before clicking a link in them.
Scan your system for spyware and keylogger

Access controls
Do not allow non-employees and unauthorised people to access the rooms where computer, server or
paperback information is accessible. Implement monitoring cameras to detect any intruder in your office
premises. In server rooms and record rooms, implement RFID access control cards and only give them to
relevant staff members.

Never let the third-party suppliers and guests roam freely in the premises and always accompany them
with one of your trusted staff members. Keep the waiting room and meeting room separate from the
workspace. This will reduce the chance of strangers or unwanted persons overhearing your employees
discussing work related matters.

9 Seers guide to Cyber Security

 Multifactor authentications
Multi-factor authentication uses two or more separate authenti-
cation channels. Its main advantage is that the user receives a Examples of Multi-Factor
notification when the other channel experiences an activity. So a Authentication
user can know if some suspicious activity is going on. Swiping a card and entering a
PIN.
Using the multi-factor identification settings on most major Logging into a website and
network and email products is simple to do and provides an extra being requested to enter an
layer of protection. If the cyber attacker gains access to one additional one-time password
factor, they still have one or more barriers to successfully break (OTP) that the website's
through the security. authentication server sends to
the requester's phone or email
Multi-Factor Authentication can be based on something you address.
know (passwords, PINs and code words), something you have Downloading a VPN client
(keys, smartcards and token device) or something you are with a valid digital certificate
(fingerprints, palm scanning, facial recognition, retina scans, iris and logging into the VPN before
scan and voice verification). being granted access to a
network.
By combining two or three factors from these three categories, a Swiping a card, scanning a
multi-factor authentication is created. fingerprint and answering a
security question.
Security tips:
Turn on multi-factor identification settings on network and data
access, where possible.
Make sure that the multi-layer security covers the entire company,
all endpoints, mobile devices, IoT, applications and data base.

Ensure the security of third party

Choose a vendor with good track record of security. Keep an eye on any hint of past data breach of consider
volume and impact. Assess their current security level and see if they have best security measures in
place. Ensure that they comply with your security policy and enter them into a contractual agreement. The
agreement will grant you a right to audit their security measures and practices.

Grant your vendor a minimum level of access to your information, only to an extent that is necessary for the
performance of the task. Regularly review the use of credentials if you have provided any.

Staff training and awareness

Human lack of awareness plays a major role in data breaches. An ability to comprehend what is going on
when you are about to click on a phishing email can prevent the whole organisation from great damage.
Educate and train your staff about the warning signs of cyber attack and how to respond when the security
is compromised. Ensure that all the staff adhere to safe practices. Staff awareness can prevent and mini-
mise the damage caused by cyber-attack to a significant extent.

Do not share your work devices with friends and family

It is not wise to share your work devices and applications with your friends and family. They are not much
aware of the risks involved and can indulge in irresponsible use. By clicking a malicious link in the mail link
that leads to malicious sites, they can compromise the security of your device and work data. Even if they
did not have any bad intentions, the consequences could be severe.

10 Seers guide to Cyber Security

 Think before you click: Avoid phishing
attacks
Become a human firewall and think before clicking on emails.
Phishing emails are more sophisticated than ever and it is
easier for us to be tricked into clicking them.
Your email account is a gold mine, and, once they have access,
they’re going to use it to trick other people into giving up their
usernames and passwords too. Or they’ll just install malware
on their computers to do it for them.
Following are some advices to save yourself from phishing
emails:
Closely scrutinise every email you receive. Validate the authen-
ticity of the sender. The cybercriminals want you to click on the
obscure email and malicious link or attachment in it.
Observer the time when email was sent. If it does not confirm
to the working or chatting hours of your friends, family and
colleagues, do not open it.
How many recipients are included? If there is a large number of
recipients, chances are that the account was compromised
and a robot sent the messages.
Do not click on an email containing a friend request from social
media. Cybercriminals use social media requests to target
criminals. Delete such email and then log in to actual social
media account to see if there is really a friend request.
In May 2017, there was a massive
phishing attack on Google email
users. Highly sophisticated malware
sent an emailed invitation to users
from someone they might have
known that asked them to click a link.
Once users clicked, the recipients
were taken to a legitimate Google
sign-in screen, where they were asked
to continue to Google Docs. By
clicking yes, however, the users were
actually giving permission to a
malicious third-party application that
was programmed to steal passwords,
emails, and everything else they’d
linked to a Google account. The
scariest part about this particular
worm is that it worked within Google’s
system. When users clicked the link,
the malware sent spam messages to
the people in the victims’ address
books, replicating the scenario over
and over again. Google said about one
million (only one percent) of its email
accounts were infected by the Google
Docs malware, but that’s still a lot of
people who were compromised. The
Google attack is another reminder
that Internet users need to think
before they click a link, even if it
appears to come from someone they
know.

Social media safety

Social media constitute a considerable volume of our commu-
Tips to guard social media
nications and documentation of our daily life activities. It's Install two-factor authentication
astonishing to know how many people around the world are on social media platforms such
using social media apps like Facebook, Twitter, Instagram and as Facebook, Twitter, Instagram,
LinkedIn. These realities make social media a rich target for or LinkedIn.
hackers, and they can do significant damage with little effort. Don’t click on the friend requests
Corporate social media accounts are trusted platforms for that are sent through emails or
clients, associates, and friends. A cybercriminal breaching messages to your phone.
your corporate platform can lead to identity theft, and he can Don’t share too much informa-
start pretending to be you. tion on social media.
Don’t post your work history on
Suppose one day you received a spear-phished email from an social media apps like Facebook.
unknown sender and you clicked a link in the email. That link Take control of who can see what
could install key-logger and steal your password. With these your posting and limit what
credentials, the hacker can get access to your corporate social personal information is shared
media accounts. with others.

We do not advise you to stop using social media as a business

tool; it can be very beneficial. You only need to prevent cyber-
criminals from accessing your social media. How can you do
that? With multifactor or two-factor authentication.

11 Seers guide to Cyber Security

 Security of mobile devices
Phishing emails are not the only way to steal credentials.
Is iOS really secure?
Cybercriminals come up with new methods to steal the log in Even the Apple products are not
details of people. One such methods is called smishing, which immune to malware. In 2011, a
is a combination of "SMS" and "Phishing". Cybercriminals use cyber-attack was attempted hoping
smishing to steal your personal information, access your to steal the credentials of Apple
accounts by stealing credentials, steal your identity or infect users by sending out an email from
your device with malware. a spoofed email address
'appleid.apple.com'. The email
In a smishing scam, cybercriminals send a malicious link in subject line was "Update your
SMS that may lead to installing a key-logger on your phone. billing information".
Key-loggers are malicious programs that steal your credentials
or install other malware on your mobile device. In 2018, a fraudulent pop-up on
Apple devices asked the users to
Other incidents include a text message asking you to call a enter Apple IDs and passwords. We
phone number to resolve an emergency issue (for example, strongly advise the Apple users to
some supposed transaction in your bank account), and then never enter your Apple ID and
asking for credentials. If you receive such a text, never call the password in pop-ups, rather only in
number included in the text message. Instead call the number Settings app or iTunes Store.
provided on your bank statement

12 Seers guide to Cyber Security

 Securing the workplace mobility (BYOD)
Tips for Securing BYOD Devices
BYOD stands for "Bring Your Own Device". It allows employees
to bring their own mobile devices and laptop to the workplace Use strong passwords for
and use for office work. BYOD has several benefits. However, controlling access to the BYOD
these benefits come with increased exposure to security risk. devices.
Due to the following reasons, BYOD is increasingly becoming
Connect the BYOD device only to
more of a headache for the IT departments.
trusted networks. Keep Wi-Fi and
When employees bring their own devices, they end up Bluetooth connectivity turned off
interfering with corporate data. when not in use.
These devices result in organisations having minimal control
Keep your operating system,
over the corporate data, essentially exposing the data to applications and anti-malware
attacks. up-to-date as they contain security
Employees can expose their devices and hence the corporate patches to protect your system
data if they connect to unsecure public Wi-Fi spots or down- from latest exploits.
loading unsecure applications that can result in serious data
Back-up your data on regular basis.
breach.
Subscribe all BYOD devices to a
Employees often do not care about installing the best antivi- device locator service. These
rus programs on their personal devices, which further services can locate a device and
increases the chances of security breach. wipe the data remotely in the event
of a lost or stolen device.
Establishing BYOD security starts with BYOD policy creation.
Some considerations for BYOD policy include: Never store personal financial data
Have adequate measures (anti-virus, firewall and security on BYOD device
settings) been applied to secure these devices prior to use?
Do not install free apps. Consult
Will the data from BYOD devices be stored locally or in the with your IT department to provide
cloud? you a list of approved applications
Is there be an agreement in place for employees who wish to i.e. the whitelist.
bring their own devices?
Will BYOD employees be bound by an agreement? Install antivirus on your BYOD device
and regularly update it.
What is the procedure and penalty if an employee violates
BYOD policy? Use Mobile Device Management
Will the IT department provide technical support (trouble (MDM) software as recommended
shooting, software updates and maintenance) to BYOD users? by IT: These software enables IT
What are the preventive measures in case if the device is teams to implement desired
compromised? security settings on all BYOD
devices that connect to company
How will the data be securely disposed of before the device is
networks
retired?

13 Seers guide to Cyber Security

 Steps to deal with a data breach
Do not pay the ransom
Cybercriminals will tempt you to pay ransom to regain control over your servers and data. You might also
think it is feasible to pay ransom money, which is little in many cases, instead of hiring an investigating
team. But the hackers actually use this strategy to advertise their skills as a hacker. But the worst part is that
if you pay the ransom you leave your business open for future attacks.

Mobilise your response team

Make sure that everyone necessary to respond to the incident is engaged. They may include your HR
department, the IT guys and the lawyers to take care of the legal aspects of the breach. The response team
will investigate and document the breach, notify the regularity body and the customers, clients and employ-
ees, and work on fixing the issue so that everything is restored to normal process.

Isolate the breach

Isolating the breach is crucial for containing the damage. Once your technical team isolates the breach they
can work on it to remove the malware.

Investigate and document the breach

You need to gather facts about the breach, i.e, the vulnerability, the severity of damage, amount of data
compromised, the number of victims. These facts not only help to get you prepare for the future but also as
an evidence for regulatory purposes and for maintaining public relations.

Notify the ICO

If the security incident results in loss of control over personal data, you need to notify the Information
Commissioner’s Office (ICO) without undue delay and within 72 hours of first becoming aware of the
breach. The breach notification should be as per Article 33 of the GDPR.

The breach notification to ICO should include the following details:

The nature and categories of personal data compromised
The approximate number of individuals concerned
The likely consequence of data breach
The measures taken to contain the damage and prevent further loss
The name and contact details of the Data Protection Officer or other contact point responsible for data securi-
ty and compliance.

Contact clients
You need to reach out to the clients and customers and let them know that the breach has happened. You
can provide them detailed facts about the breach so they can take appropriate measures, for example,
changing passwords or PIN, to guard themselves from further damage.

Use backups
If you have been keeping backups of your crucial data, you can utilise them in case of an unfortunate
incident while your team is working to fix the issue.

Tighten the security

No matter how costly the security seems, it is nothing when compared to the cost of breach. You will realise
this if your company have experienced even a mild data breach once. So, a prudent initiative is to spend
more budget on tightening the security so that you can prevent future attacks.

14 Seers guide to Cyber Security

 Introduction to Seers
Seers is Software-as-as-Service platform founded by its CEO Adnan Zaheer.
Seers mission is to help organisations comply with latest privacy laws, protect their systems and informa-
tion against internal and external threat actors.

Seers provides a wide range of GDPR and cyber security compliance solutions, as well as latest news and
updates with industry insights. Seers products range include:

GDPR Audit
PECR Audit
Cyber security assessments
Cookie compliance solution
Data Control
Data X-Ray
Articles and blog
eBooks and videos
Hiring platform for privacy and information security experts

Visit our website www.seersco.com now and sign up to explore more of our solutions and receive our
newsletter to get updates.

15 Seers guide to Cyber Security

Seers is the UK’s leader in Cybersecurity & Data protection. The users gain access to an
extensive range of GDPR & ePrivacy compliance tools, all designed to take the hassle out of
complying with the new data protection regulations.

Seers mission is to help organisations comply with latest privacy laws, protect their sys-
tems and information against internal and external threat actors.

It provides a wide range of GDPR and cyber security compliance solutions, as well as latest
news and updates with industry insights.

Seers products range include:

Cyber security assessments
GDPR Audit
PECR Audit
Cookie compliance solution
Data Control
Data X-Ray
Policies
GDPR Staff eTraining
Hiring platform for data protection and information security experts

Visit our website www.seersco.com now and sign

up to explore more of our solutions and receive
www.seersco.com
our newsletter to get updates.