Prevention is better than cure, says Stuart Farr as he argues the case for greater protection against cybercrime
By the time you read this article, we will have sworn in a new Prime Minister and regardless of what political camp you sit in or which promises swayed your opinion of the contestants, I think we can all be assured of a renewed period of turbulence and frustration. More to come on that in the coming weeks and months, I suspect.
In the meantime, my thoughts have remained with some other problematic issues of the day. Recently, the internet selling giant known as Amazon (boo!) surpassed its 25th anniversary. Despite its perceived faults and critics that company has played a very significant part in changing the retail industry and the way we shop.
So much so the government has recently announced its intention to pump money into numerous town and city locations across the UK in an effort to re-vitalise the high street’s landscape as a result of empty premises and dwindling volumes of bricks and mortar businesses. This is nothing new, of course. It has been creeping up on us for years and we have discussed this sad state of affairs before.
The internet does, of course, offer many consumer and commercial advantages and nowadays it is a brave business indeed which decides not to engage in the internet to at least some degree or fashion. However, unless you are a business of the enormous size of Amazon, it is perhaps fair to say the majority of businesses are small fish in an ever increasingly large pond where the predators are often large or unseen or even deadly. For that reason, while the internet can offer potentially huge rewards for your hard work, it also carries a degree of risk which needs to be managed as far as possible.
Predators like nothing more than to circle around a new food source and in last month’s article I alluded to the problems which had emerged with regard to unethical practices around carbon offsetting which have already begun to taint the internet’s waters around the subject of climate change. It led me to advise the use of caution.
Even so, the examples of questionable internet behaviour are all around us. Another example cropped up during a recent exchange I had with the editor of this esteemed publication. That particular discussion concerned a website selling plots of land on other terrestrial planets – Mercury, Venus, Mars and so forth.
Was it a scam? To be honest I didn’t get to the bottom of it but let’s put it this way – in international (space) law, there is no formal recognition of private ownership in that sense. Besides, property ownership is only worth having if (a) you can go there during your summer holidays; and (b) there are proper mechanisms for legal enforcement of one’s property rights.
It is rather difficult to see how Mrs Jones from Lancashire – who was supposedly gifted an acre plot of land on Mars by her son for her 50th birthday – is going to sue NASA for unauthorised trespass and theft as the Rover passes over her bit of dirt leaving tracks, sniffing the air and licking up the soil for testing. Spend your money at your peril is all I can suggest – be content with the knowledge that even if your legal title is good (which it most likely won’t be) you will never be able to touch what you supposedly purchased.
The above is just an example of the blatantly obvious. Proper scams are much more subtle than that. Even I, a lawyer with a healthy dose of cynicism placed there by too many years of consumerism, have been taken in on occasion.
A change of employment is like nothing else when it comes to raising one’s levels of anxiety while you undergo your transitional stages with HMRC. It’s akin to an automatic reflex mechanism. So when I received a voicemail message demanding I call HMRC on a particular number to address my tax underpayments, you can imagine why – like so many others – I reacted immediately. Luckily, I had enough sense not call the number given to me by the scammer. However, I did actually call the real HMRC and a very nice lady with a gentle Geordie accent reassured me. “Don’t worry pet,” she said, “we’d never call you like that – it’s a scam”. Phew! Panic over – only a precious 30 minutes of my life wasted.
The term “cybercrime” serves to denote any crime committed by means of the use of a computer, though nowadays, in a business context, the vast majority of crimes are in some way connected to computer use/misuse. The primary legislation is the Computer Misuse Act 1990, which created three types of offences.
Section 1 – Causing a computer to perform any function with intent to secure access to any program or data held in any computer the person is not authorised to access.
Section 2 – Committing a Section 1 offence with the intention of committing further offences.
Section 3 – Doing any unauthorised act in relation to a computer that a person knows to be unauthorised, with intent to or being reckless as to whether his act will (a) impair the operation of any computer; (b) prevent or hinder access to any program or data held in any computer; (c) impair the operation of any program or the reliability of any data; or (d) enable any of the above things to be done.
The Computer Misuse Act 1990 is a bit of a blunt instrument in many respects and given the Act is older than Amazon it might even be due a re-boot. However, it covers a multitude of sins. Hacking, phishing, Trojan Horses and similar devices designed to exploit weaknesses in your computer system, access confidential data and use it for criminal or malevolent purposes are all covered by the Act.
Similarly “ransomware” – the theft of data and demanding payment to release it – falls within the Act as a crime. Copycat and bogus websites and even non-economic crimes such as cyber-stalking all fall within the ambit of this one broad piece of legislation.
Of course, the real issues with cybercrime centre around the practicalities of evidence and enforcement. Tracing the criminals is difficult. Proving their guilt can also require detailed technical evidence and a heavy commitment of resources. Local police do not have the necessary expertise. The National Crime Agency is more likely to focus its efforts and resources on larger scale cybercrime. Therefore, greater emphasis is being placed on self-policing – particularly in the context of social media providers.
For users, preventative medicine is the best – and perhaps only – practical option of avoiding becoming a victim of cybercrime. There is plenty of technical advice out there on how to protect yourself and deal with problems should they occur. Reputable malware software, virus software, firewalls and so forth should be obtained, installed and, most importantly, updated and maintained to ensure best protection.
Computer use policies are worth considering to avoid computers within the workplace becoming prone to misuse (internally and externally). If your IT systems are maintained by external providers do take time to check your contracts and see what you are covered for and consider what your insurers might be able to offer in the event a loss should occur.
To put it another way, I would suggest that space law is currently developing at a faster pace than the laws which were designed to protect you from cybercrime. All very well if you are planning to retire to your garden on Venus but not so helpful if someone decides to hack your system and steal your customer data – so please consider adding “IT health check” on your to-do list when you get a spare moment.