CYBER SECURITY Guide for members Essential guide to keeping yourself and the Society safe when online
CONTENTS Introduction
1
Staying Safe Online
2
Phishing Explained
3
Email Awareness
4
Top Tips to Avoid Cyber Fraud
5
Guide for Dealing with Banks
7
Reporting Concerns
9
Taking Action
10
Further Information
11
Useful Websites
12
INTRODUCTION With most of us relying on the internet to communicate, manage our finances, buy products and services and enjoy entertainment, it is a wonderful resource. However, things can go wrong online and there is an increasing number of people being affected by fraud, identity theft and abuse over the internet.
The Society is aware of the increasing number of cyber fraud attempts so we have put this booklet together to help members protect both the Society and themselves when using the internet.
We can take simple steps to protect ourselves. Most problems can be avoided by making sure we always follow simple rules and use our common sense. This guide provides some useful tips which we recommend you follow whilst online. Keep it handy as a quick reminder as you never know when you may need it.
1
STAYING SAFE ONLINE Below are some golden rules to follow whenever you are online. That way, you and the Society have a better chance of staying safe online.
1
Choose, use and protect your passwords carefully, and use different ones for your most important accounts: email, online banking and social media.
2
Ensure you always have internet security software which is kept up to date and switched on. If you require help with this, always check with someone who understands IT security & software.
3
Be aware of the internet connection you are using. If on free or public wifi, your information may be visible to other users. Only use secure connections when conducting private and banking transactions.
4
Never reveal too much personal or financial information.....you never know who might see it, or use it.
5
Do not click on links or open attachments in emails if the source isn't 100% trustworthy.
6
Take your time and think twice, because not everything is as it seems.
2
PHISHING AWARENESS
WHAT IS PHISHING?
Phishing is defined as the act of attempting to access information (such as usernames, passwords, credit card details, and sometimes, indirectly, money) by pretending to be a trustworthy entity in an electronic communication.
3
3
EMAIL AWARENESS
Emails are becoming the most commonly used method of communication but there are some basic things to be aware of so - STOP, THINK & VERIFY before taking any action. Emails are used more and more to try and trick people into making payments or giving confidential information in order to steal or use the information to try and commit further scams.
Be aware of emails that: 1
Have forced or faked urgency to get you to respond before you think.
2
Offer a prize or reward to tempt you to click on a link.
3
Ask you for passwords or other confidential information.
4
Have website addresses that are similar but not the same as the real one e.g gbbgle.com vs google.com.
5 6
Use 'masked' links that look like a trusted website address but take you somewhere else when you click (hover the mouse arrow over the link to see the actual address). Use poor spelling or unusual grammar.
4
TOP TIPS TO AVOID CYBER FRAUD
1
Do not click on links or attachments in emails if you have any suspicions that the email is not genuine.
2
Never respond to messages that ask for personal or financial (banking) information.
3
Do not assume an email is authentic, even if someone knows your basic details. If the request is unusual or the language/ spelling is different then always check before responding.
5
Be alert! Always double check any random or unexpected emails, calls or texts requesting personal, Society or financial information.
4
5
6
Before processing any payment requests, check that the instructions are trustworthy and genuine. Remember that criminals can spoof email addresses to appear as someone you know or from the Society. If the request is unusual always check and verify before taking action. Report matters of concern to the Regional Council/Office if you think you are a victim of a fraud email or cyberattack. 6
DEALING WITH BANKS & FINANCIAL PAYMENTS
1
If you are asked to change or follow a different procedure for SVP money/banking transactions, call the Regional Office to confirm the validity of the instructions.
2
Ask your bank branch to use a 'callback' for verification of payment instructions on your SVP bank accounts.
3
If phone numbers, e-mail or contacts are changed you should ask for confirmation that these changes are valid. 7
Use caution when dealing with bank accounts and payments.
4
Never give out your or the Society's secure details such as full banking passwords, codes/ login details.
5
Ask for confirmation when funds from you have been received.
6
Be aware and be vigilant, raising your concerns to the Regional Office if you feel any request appears unusual or suspicious.
8
REPORTING CONCERNS ON CYBER FRAUD
If you suffer from fraud, identity theft or abuse, you should report it immediately to avoid repeat victimisation and prevent it from happening to others. Report the problem to the website, social network, ISP (Internet Service Provider) or organisation used by the fraudster, identity thief or abuser to commit their crime. If you receive a fraudulent email, phone call, text or social media post, report it to the organisation being falsely represented (for example your bank). This is the case however small the amount you have lost or the abuse suffered. Be aware and be vigilant, raising your concerns to the Regional Office if you feel any request appears unusual or suspicious as precaution is always best.
9
TAKING ACTION What is the Society doing? The Society takes the threat of cyber fraud very seriously and is continually monitoring IT services and systems as much as possible.
What can I do? All Policies and Guides are available on the online SVP CRM Conference Portal (Conference System) under your Knowledge Base Tab. These outline in detail everything you need to know to keep yourself and the Society safe when online. There is now online training available to any member who wishes to complete this.
You can request a GDPR Training link to log in and complete online training by sending an email to svp.gdprtraining@svp.ie with your name, email, Conference and Region.
10
FURTHER INFORMATION Where to go for help in SVP If you have any concerns about cyber fraud in relation to your SVP work contact your Data Champion.
Who is your Data Champion? For Visitation Conferences this will be your Regional Coordinator or Regional Manager. For members or volunteers within Specialist Services it will be the relevant Manager of that service.
For more information Email the Data Protection Officer (DPO) for the Society: svp.dpo@svp.ie
11
The work that the Society carries out relies on volunteers. If you know of anyone who may wish to help the Society please check out the SVP website and click on 'Get Involved'. https://www.svp.ie/get-involved.aspx
Useful websites: SVP website: www.svp.ie www.fraudsmart.ie www.ncsc.gov.uk/collection/charity www.actionfraud.police.uk
12
Cyber Security Booklet for members version 1 Summer 2019