Information security never ceases to be a hot topic. Here, Sarah Coles looks at three recent cyber security updates and shares her takeaways on how you can stay protected.
1. Zoom attacks tricking you into giving system access
Attackers have been impersonating legitimate organisations and scheduling fake Zoom meetings to trick people into giving them remote access during video calls. Attackers might ask the victim to participate in a podcast or conference or set up fake interviews or business meetings.
Once on the call, the attacker will rename themselves to “Zoom” in the participant list and prompt the victim to present their work by sharing their screen. When the app prompts the victim with "Zoom is requesting remote control of your screen” it looks like the request is coming from the Zoom app itself - not the person on the call.
This is a subtle trick designed to catch people off guard. If the potential victim is not paying close attention, they might accidentally grant remote access, which allows the attacker to take over their device, steal data or install malware.
Stay protected
Disable the remote-control request functionality in Zoom (or other platforms you use) if you don't plan on using it. Always verify the identity of anyone requesting remote control access and remember - Zoom will never ask for remote control of your screen. If you receive a prompt like that, double check its authenticity. Always be cautious of unsolicited meeting invitations, especially from unfamiliar sources.
2. Large ICO fines for firms lacking MFA
The Information Commissioner’s Office (ICO) has recently fined an NHS software provider, Advanced, £3m and law firm, DPP Law Ltd, £60k following cyber-attacks which resulted in the loss of personal information.
In both cases, the ICO noted the absence of multi-factor authentication (MFA), and how this lack of appropriate security measures breaks the data protection law. Other gaps included a lack of comprehensive vulnerability scanning and not keeping systems up to date with the latest security patches.
Stay protected
Following a breach, the ICO will investigate your controls, and compare them to information security best practice. Use of MFA is a crucial step in implementing robust security measures to protect clients’ personal information. Look into where you store personal information and protect it with MFA. You can enable MFA on your Parmenion account by downloading the Parmenion app, or check out these free cyber security tools which can help you stay protected.
3. Marks & Spencer customers in limbo as cyber-attack chaos continues
M&S recently experienced a significant cyber-attack that disrupted its operations across the UK, including the suspension of online orders, issues with contactless payments, and the temporary closure of one of its distribution centres. With around 200 agency workers told to stay home, remote workers were locked out of IT systems and reverted to manual processes for essential tasks. The company is collaborating with the National Cyber Security Centre and the National Crime Agency to investigate the breach, which resulted in a drop in its share price.
Stay protected
As well as underscoring the importance of strong cyber security controls, this incident highlights the need for comprehensive incident response plans. Developing and regularly updating business contingency plans to maintain client services during unforeseen events can help minimise disruptions to your business. If you were affected (e.g. orders/refunds) by the M&S outage, watch out for scammers capitalising on the incident by trying to trick you into giving away your information (e.g. fake refund emails impersonating M&S). If you have an online account with M&S, with a password you’ve reused elsewhere, its recommended you update the passwords for those online accounts as a precaution.
This article is for financial professionals only. Any information contained within is of a general nature and should not be construed as a form of personal recommendation or financial advice. Nor is the information to be considered an offer or solicitation to deal in any financial instrument or to engage in any investment service or activity.
Parmenion accepts no duty of care or liability for loss arising from any person acting, or refraining from acting, as a result of any information contained within this article. All investment carries risk. The value of investments, and the income from them, can go down as well as up and investors may get back less than they put in. Past performance is not a reliable indicator of future returns.