CYBER STREETWISEConsumer Cyber Security

IntroductionData from Ofcom reveals that half of us1 now access the internet on a mobile phone and UK households have, on average, three different types of internet-enabled device2. Notably, a further 11.75million internet-enabled devices were received as gifts during the Christmas period3. Whilst the internet plays an increasingly integral role in our modern lives, according to the Government’s most recent National Cyber Security Consumer Tracker4 results, most of us urgently need to brush up on our cyber security skills and take some simple steps in order to keep ourselves, our families and friends safe online.

• Only half of us check a website is secure when buying online (44 per cent) or install internet security software on new internet devices (44 per cent).

• Well below half of us use complex passwords (30 per cent) or download the latest software updates when prompted (37 per cent).

• Still fewer of us download software updates for our smart phones as soon as we are prompted (21 per cent) or adjust our online social media account settings to ensure privacy and security (21 per cent).

Monica Whitty

1 Half of all UK adults. 2 The Communications Market Report, 2013, Ofcom. http://stakeholders.ofcom.org.uk/binaries/research/cmr/cmr13/UK_4.pdf 3 Figure provided by retail experts Conlumino and based on items bought in the 5 weeks up to and including Christmas week 2013. Figure includes tablets, smartphones, connected e-readers, laptops, desktops and connected games consoles. Data derived from Christmas tracker which surveyed 22,762 consumers over the run up to Christmas 4 National Cyber Security Consumer Tracker – Wave 3, October 2013 Figure based on 16% of the adult UK population (8,028,924) Population Estimates for UK, England and Wales, Scotland and Northern Ireland, Mid-2012 Release, Office for National Statistics, 8th August 2013

‘As we migrate to multiple mobile devices, it’s getting harder and harder for us to keep track of cyber security,’ says Monica Whitty, Professor of Contemporary Media and cyber-psychology expert from the University of Leicester. ‘We need a more general awareness.’

According to Whitty, the internet has evolved so quickly and so dramatically over the past few years that we’re all playing catch-up to some extent, having to adapt and learn as we go along. ‘Computing experts originally designed the net to move information around freely,’ she explains. ‘Consequently, it’s a platform that’s still evolving to fit the social purposes it’s being used for. We’re still finding out how to add the human element to the internet and there are basic issues arising, such as privacy online that simply weren’t anticipated originally.’

For most of us, logging off is not an option. ‘So much of our society operates online now,’ she continues. ‘If we were to divorce ourselves from the internet, then we would ostracise ourselves. We just need to be more aware of the risks and use the internet in a safe manner.’

While many of us have anti-virus and firewall security software installed on our personal computers at home, our mobile internet-enabled devices – such as phones and laptops – are often neglected in comparison. ‘Psychologically, a phone feels like a very personal device – we put covers on them and have our photos on the screen. It feels like an extension of ourselves, but it’s actually a portal to a public realm.’

It’s not just personalised gadgets that can give us a false sense of security online – it’s partly down to where and how we surf the net, too.

‘Lots of us feel very relaxed and comfortable online because we’re using the internet at ease, in our own homes,’ reveals Jacky Parsons, Director of Sense Worldwide and an expert in online behaviour.

‘Any mobile internet-enabled device – such as a tablet or laptop – gives you direct access to the outside world, but it doesn’t feel like that. Unlike walking down a dark alley in an unfamiliar neighbourhood late at night when we’re totally on our guard, when we’re surfing the net at home, we don’t adopt the same sort of wariness. We’re in our comfort zone, so we’re much more likely to take risks online.’

According to the National Cyber Security Tracker survey, 94 per cent of us feel we should take personal responsibility for our online security but, despite this, we experience a seeming inability or reluctance to take the basic steps necessary in order to protect ourselves online.

Understanding Our Online Behaviours

Jacky Parsons  

Digital divide

Simple steps such as updating software when prompted can make a huge difference to our online security, but Parsons believes that the language used by technology developers isn’t always helpful. ‘One of the key findings from our research is that the language about and on the internet is all about speed and convenience; the messages are about easy access to whatever you want to do online, such as accessing entertainment, shopping, communicating and sharing with friends – we carry that with us.’

Because of this, Parsons points out, alerts instructing us to update our software can seem annoying: ‘We see it as a massive inconvenience that’s going to slow us down. It might just take a few minutes, but in our fast-paced digital life, that feels like too long to wait,’ she says. ‘In reality, if you train

Keeping Up-To-Date yourself to hit the: ‘yes, update’ button when a prompt appears, then go and make a cup of tea, it will be done by the time you return. We just need to adopt the mentality that it’s worth taking two minutes to do it, rather than simply clicking on ‘remind me later’ – and then forgetting.’

Professor Monica Whitty agrees that prioritising software updates is a simple action we can all take in the fight against cyber crime, but something that most of us don’t even realise the importance of, assuming, incorrectly, that updates just offer us flashy new versions of our existing programmes, with unnecessary extra features.

‘We think: ‘I’ll just do that later.’ We don’t realise that it can be a security risk to put off updates,’ she says. ‘Even if it seems annoying and you’re in the middle of doing something important, you should always install updates immediately - it’s not OK to hit the ‘later’ button. It’s something lots of us get wrong, but it’s understandable because it’s not always made clear when updates relate to security. It’s been proven in past psychological studies that people are more likely to comply if you give them a reason. If the update alerts said: ‘Please update your software immediately, otherwise you could be at risk’ we would all understand the importance of doing it and we’d be much more likely to take action.’

Remember To Be StrongAnother simple step we can all take to improve our cyber security is to strengthen the passwords we use for online accounts. Jacky Parsons has gathered advice and security tips on this subject from a range of experts in the field including a former spy and a criminal hacker.

‘As part of our research, we looked at the most commonly used passwords,’ she explains. ‘Number one is ‘password’! You have to make the effort to find passwords or create a system that’s unique to you and in particular, it’s important not to use the same password for everything.’

The former spy Parsons worked with revealed some great techniques for creating safer but easy-to-remember passwords. ‘He said that the longest passwords of at least 10 characters are better,’ she recalls. ‘You could start with a line from the lyrics of a favourite song or a poem and then customise it in a way that’s relevant to you or your sense of humour. Don’t forget to change some of the characters for symbols or numbers’.

He also advised using patterns on your keyboard to remember passwords instead of actual words. ‘You just remember the first key (for example, A) then work around the shape on the keys, so ‘~Aw3eDScxZ’ would be a triangle. Obviously don’t use this example!’

Lots of us use the names of our children and their dates of birth as passwords in the mistaken belief that these are difficult to guess but, even though these aren’t words that can be found in a dictionary, they’re still risky choices. ‘Those words never show up in the most common password lists…’ says Parsons, ‘…but they’re very easy for somebody to find out if they have access to any of your personal data elsewhere. Hackers can join up the dots.’

Doctor Sue Black, Founder and CEO of Savvify, agrees that choosing strong passwords is crucial. ‘People can be a bit relaxed about passwords, but it’s a very easy way to keep you and your family secure online,’ she says. ‘It’s so important to have one that’s easy for you to remember but difficult for somebody else to guess. Make it at least eight characters long and incorporate upper and lower case letters, symbols and numbers.’

Professor Monica Whitty together with colleagues at Leicester and Oxford, are currently studying the relationship between password choices and security. ‘Many of us make silly mistakes,’ she says. ‘It might sound obvious, but you should never write down your password on a post-it note and stick it on your computer for example – it makes it very easy for somebody to log into your account and carry out criminal activity under

your name or steal your identity. Your data is precious, so take care of it. You wouldn’t leave your credit cards around for anybody to see or use – your online data is just as important.’

If you find it difficult to remember long passwords, Whitty has a useful technique: ‘It helps to ‘chunk’ the information in your memory,’ she advises. ‘We used to remember telephone numbers in this way years ago. If you learn characters in groups of three, you have fewer pieces of information to remember than if you try to memorise each element individually.’

Dr Sue Black

The online reputation opportunity lies in three stages, according to our research:

Don’t be afraid of engaging with the Internet. Get active

online to avoid missing out on valuable new business

opportunities.

1. Get onlineJust being online gives businesses a fighting chance of forging a positive reputation in the digital world. This might sound obvious, and indeed the vast majority (87 per cent) of SMEs tell us the business rewards of using the internet outweigh the risks, yet more than a quarter (27 per cent) don’t have a website.

The majority of both consumers (82 per cent) and industrial buyers at large companies (x per cent) tell us they expect all businesses, no matter what size, to have a website these days, and that they tend to chose companies that have a website over those that do not (65 per cent of consumers, x per cent of procurement managers).

When asked why, consumers say they want to be able to visit a website for information about the business to inform their purchase decision (as cited by 75 per cent). Meanwhile, x per cent of business buyers visit company websites as part of their due diligence process when selecting new suppliers.

2. Look sharpLooks don’t count for everything, but in the digital world, SMEs are losing valuable custom with out-dated or cheap looking websites.

Consumers say that a well-designed, informative site gives them a sense of security about the business’ reliability (x per cent), but that a poorly designed or cheap looking site damages their trust in the company (x per cent). The majority (x per cent) of business buyers say likewise.

Yet consumers often encounter SMEs with badly designed websites, putting them off doing business with the company (x per cent), and feel that most SMEs’ sites don’t do justice to the quality of the companies behind them (x per cent).

Ensure your online presence reflects the quality of your real life offering to propel

your business forward in both worlds.

Checking Out Securely

We’re shopping online more than ever before and we’re feeling much more confident about it, according to the latest data from Ofcom5. The amount spent by UK shoppers online increased on average by 16 per cent per person in 2012 compared to 2011. The average annual spend per person was £1,175 compared to £1,017 the year before – more than double the average spend per head of other countries in the survey. Also, shoppers in the UK trust online retailers more than shoppers in other countries.It’s easy to stay safe online when you know what to look out for. ‘Shop on reputable websites wherever possible,’ says Doctor Sue Black. ‘Only shop on sites that have secure encryption. Make sure the web address starts with ‘https://’ instead of just ‘http://’ – the ‘S’ stands for ‘secure’ – don’t share any of your personal details on a page that’s not secure.’

A locked padlock symbol should appear in the web browser window frame (or in the address bar depending on your browser) and the name of the retailer should turn green, too.

‘It’s better to use your own device for shopping when you can rather than public computers (in internet cafés, for example) and always make sure your Wi-fi connection is secure and password-protected at home. If you have to use a shared computer, always log out when you have finished shopping and delete the history,’ advises Black.

One basic check to make before you place an order online is to check that the retailer displays their full contact details. ‘It would be a bit odd if they just had a PO Box address,’ says Black. ‘Reputable traders are always easy to reach. Keep your email confirmation form as proof of your order in case of any problems.’

5 The Communications Market Report, 2013, Ofcom. Ofcom’s research for online shopping was based on data from IMRG, the industry association for online retail sites. See: http://stakeholders.ofcom.org.uk/binaries/research/cmr/cmr13/UK_4.pdf

Shopping online – case study: Anna, 33

Anna Yandas knows only too well how easy it is to be taken in by a fraudster’s online scam. ‘I wanted to buy some jewellery as a present for my partner, to celebrate our ten year anniversary,’ she says. ‘I saw an advert on TV for a silver bracelet, so logged onto the website shown on the screen to order.’ Because the company had paid for TV advertising on a reputable channel, Anna wrongly assumed that it was a legitimate business. ‘The website looked so professional, too,’ she reveals. ‘It was well designed, with a good range of stock. I was impressed.’

Anna spent £1,200 but was disappointed when her order did not arrive. She looked online for a contact telephone number or postal address, but only found an email address, which she emailed, to no avail. ‘It wasn’t until I went to take some money out of my bank account to book a holiday to America that I found out there was no money left in my account. They had taken over £4000 from me – everything I had saved. I contacted my bank and they reimbursed me for the lost money, but we couldn’t book our holiday and I didn’t get the money back until months later. It was so stressful.’

Having been stung, Anna is now much more cautious, preferring to shop on websites that belong to brands she already knows and trusts, ensures she’s shopping on an encrypted connection and checks out the company’s contact details before she orders.

‘On social networking sites such as Facebook, it can seem like a pain to adjust your privacy settings,’ admits Doctor Sue Black. ‘Especially when the settings get changed by the firms who run the sites from time to time – you have to keep up-to-date with it.’

Professor Monica Whitty believes we need an increased general awareness when it comes to keeping our data private online. ‘Many of us leak out much personal information without even realising it’ she says. ‘Even the username you choose might give away your age and gender – just in one word. Research has shown this to be the case. The way you write online can reveal your age, your gender and whether or not you’re being deceitful. We have a perception that we’re being private online, but the reality is that we’re being very public. Information can be forwarded on and shared very quickly.’

Whitty believes we need a shift in thinking. ‘When we go online, we need to ask ourselves: What is the space that I’m communicating in? Who can get access to it? We need to understand that there is a big difference between our actual audience and our intended audience.’

‘I think we’re often more worried about our children’s safety online than our own,’ says Jacky Parsons. ‘But even when it comes to our children’s cyber security, in our research, we found that our good intentions often fall down at the last hurdle!’

Parsons found that although many of us set out to do the right thing online – putting parental controls in place, finding out what settings are best and activating them – we often undo our hard work. ‘The problem arises when we’re busy cooking a meal or working from home – the many things we try to do! When your children pester you repeatedly for passwords, it’s tempting just to give in but it’s important not to,’ she adds.

Check Your Privacy When Being Social

Sharing Personal Data – Case Study: Georgina, 34

Georgina Giorgiou was tricked by a clever cyber criminal into disclosing her bank details. ‘I was on a big, reputable website I trust, when a pop-up window appeared, telling me about a competition to win an iPad. My laptop had broken, so it seemed like the perfect time to enter. I clicked on the link in the window and typed in my name and email address,’ she explains. A few days later, Georgina received an email saying she’d won the prize. ‘I felt really lucky,’ she says. ‘The email said I had to enter my bank details to cover the postage cost of £9.99, which I thought was fair enough, considering I was getting a brand new iPad, so I shared my bank details.’

Shortly afterwards, Georgina had a nasty surprise, when her bank phoned her to say that unusual activity had been detected on her account. ‘The fraudster had used my card details to spend around £1000 of my money, even buying a TV worth £500,’ she says. ‘My bank immediately cancelled my card and returned the money to me, but it was a horrible experience and I felt so angry with myself and embarrassed that I’d been so naive. I’m much more careful now. It’s so easy to get scammed online.’

Keep It Cyberstreetwise And Reduce The Risk Of Cyber Crime

6 For further information on The National Cyber Security Programme, visit https://www.gov.uk/government/policies/keeping-the-uk-safe-in-cyberspace

The new website: www.cyberstreetwise.com will be updated with fresh material on a regular basis, providing us all with the latest information, resources and advice. As well as easy-to-digest information and downloadable content, there are interactive resources such as videos and quizzes to help us get to grips with our online security.

Videos can be viewed online at http://www.youtube.com/user/becyberstreetwise/videos, while the new Facebook (www.facebook.com/cyberstreetwise) and Twitter (www.twitter.com/cyberstreetwise) channels will offer the most up-to-date news on cyber security. We can all join the conversation online using the hashtag: #becyberstreetwise

‘The internet is so integral to our lives now that it’s ubiquitous,’ concludes Professor Monica Whitty. ‘It’s an everyday part of our lives and because some clever person has created the technology – we just trust it. But there are also clever people out there who can use it for their own gain. While we all want to enjoy new technology, we need to be safe and careful with it as well.’

‘You wouldn’t leave your house with your front door unlocked, just hoping that nobody comes in,’ points out Doctor Sue Black.’ If you don’t keep yourself and your family safe online, then that’s basically what you’re doing, but in an online space. You’re leaving yourself vulnerable to attack.’

It’s impossible to underestimate the impact of our current unsafe online behaviour; the cost to us, our families, friends and the wider community is enormous. The research shows that a whopping 40 per cent of us have experienced a cyber crime in the past year alone and last year there were nearly 60,000 cyber-related fraud reports, with an average loss of over £3,000 per incident.

To tackle this, a new cross-Government cyber security campaign, ‘Cyber Streetwise’, has been launched as a part of the government’s National Cyber Security Programme6 to show us how to up our cyber security and stay one step ahead of online fraudsters. The five actions people can take in order to protect themselves and others from cyber crime and the key behaviours the campaign is focussing on changing are:

1. using strong, memorable passwords2. installing anti-virus software on new devices3. checking privacy settings on social media4. shopping safely online – always ensuring to check online retail sites are secure5. downloading software and application patches when prompted

Dr Sue Black (senior Research Associate, Department of Computer Science, University College London)Sue is an award-winning computer scientist and radical thinker, who brings people together to solve complex issues. She’s a Senior Research Associate in the Department of Computer Science at University College London, is a champion for women in computing - and recently launched Savvify, a social enterprise which aims to empower people through technology. Savvify is currently running #techmums a program to get mums tech savvy. Sue is a frequent public speaker, a social media-holic, and currently writing a book about saving Bletchley Park.

Jacky Parsons  

Dr Sue Black

Monica Whitty

Jacky Parsons (Psychologist and Research Director, Sense Worldwide)Jacky has 20 years’ experience in researching consumer behaviour and attitudes on behalf of some of the world’s best-known brands. Her work has resulted in new products and services better suited to people’s needs, in the areas of technology, communications, financial services, food & drink and footwear. Increasingly, her work is focusing on digital behaviour as clients in all sectors are asking for greater understanding of how their customers are using digital media and devices.

Monica Whitty (Professor of Contemporary Media, Leicester University)Monica began her career in academia in Australia, where she worked as an associate lecturer in the School of Psychology at Macquarie University (1995-1996). She then took up a tenured appointment as a senior lecturer in the School of Applied, Social and Human Sciences, at the University of Western Sydney (1998-2003).

In 2007 she moved to England and took up an appointment in Psychology at Nottingham Trent University and was promoted to a Reader in Psychology (2008-2010). She recently took up a Chair in Contemporary Media in the Department of Media and Communication at the University of Leicester.Monica’s research predominantly focuses on Internet relating (both the liberating and debilitating aspects). She has carried out research on the following topic areas: Online dating, cyberflirting and cybersex, Internet infidelity, Online identities, video games, online scams (e.g., romance scam), misrepresentation of the self across different modes of communication, online trust, availability of social support online, cyberstalking, Internet privacy, security and surveillance issues and cyber-ethics.