Customers Brokers
Proudly part of the Benefact Group
Union Jack flag icon Canada flag Canada Ireland flag Ireland
News & press office Responsible business Careers Investor relations
Contact us Risk management Make a claim
Union Jack flag icon Canada flag Canada Ireland flag Ireland
Customers
Church
Insurance specialisms
Financial advice
Resources
Brokers
Insurance specialisms
Schemes
Resources
Risk management Make a claim
Risk management Personal cyber security

Protecting your world from online risks

Our lives are increasingly connected – we’re here to help protect what’s important to you, whether it’s on or offline.

Our world, our lives, and our homes are increasingly connected. This connectivity has opened the door for previously unimagined opportunities, but with this opportunity comes previously unimagined security risks that affect every one of us.

Cyber safety has become one of the fastest-growing security issues we face in the modern world. Where we were once ‘simply’ concerned with physical threats (burglary, flooding, storm damage, etc.), now we have to consider how the technology we use every day can be used against us.

It's far from just the concern of big business; we are all targets. With that in mind, there are things we can all do to keep ourselves a lot safer online – ensuring the convenience of having connected devices isn’t overshadowed by cyber threats.

This guide is created with security experts Blackstone Consultancy and designed to highlight just a few common cybersecurity issues and solutions to help you manage your online safety with the same scrutiny you’d manage your personal safety.

Please accept marketing-cookies to watch this video.

If you do experience a cyber-attack, your Ecclesiastical Art & Private Client insurance policy includes home systems damage, cybercrime, and cyber online liability as standard.

More details about the policy.

Phishing

Phishing is the practice of sending a high number of emails, disguised as though they are from reputable companies. The idea is to trick individuals into revealing personal information, such as passwords and credit card numbers.

More than 3 billion phishing emails are sent every day!

Sending millions of emails in a single campaign costs very little money. Even if one recipient out of 10,000 makes one purchase, the spammer can turn a profit.

Example

A hacker downloads thousands of leaked email addresses from the web.

More than 3 billion phishing emails are sent every day ... one of them goes to Harriet.

Harriet receives an email from ‘PayPal’, which she happens to use when making online purchases.

The email offers a discount if Harriet logs into her ‘PayPal’ account within the next 24 hours. The link redirects Harriet to a fraudulent site.

The fraudulent PayPal site scans Harriet’s computer and downloads keylogger software that can record every keystroke made.

With banking and online shopping passwords known to the hacker, he builds up a profile of Harriet’s online identity.

The PayPal account shows Harriet’s bank details, which are used to pay for a number of online purchases.

Harriet’s bank account is slowly drained so it isn’t noticed.

The hacker is also able to see the details of all of Harriet’s friends and family in her contacts... they are also targeted.

How to manage the risk

  • Don’t store passwords where they can be easily seen - draft emails or notes - and consider password managers.
  • Be suspicious of email discounts or offers. Always remember that banks will never contact you by email to ask you to enter your password or any other sensitive information by clicking on a link and visiting a website.
  • If you detect a phishing email, mark the message as spam and delete it. This ensures that the message cannot reach your inbox in the future.
  • Never respond to a message from an unknown source. Take care not to click any embedded links. Phishing emails are sent to a vast number of randomly generated addresses. Clicking embedded links can provide verification of your active email address. Once this occurs, it may facilitate the targeting of further malicious emails. Even “unsubscribe” links can be malicious. Ensure that the email is from a trusted source and you are, in fact, subscribed to the service.
  • Phishing emails will probably contain odd ‘spe11ings’ or ‘cApitALs in the sender’s email address.
  • Phishing hackers are unlikely to know your real name, so the email may address you in vague terms, for example, ‘Dear Valued Customer’
Download the phishing PDF

Spearphishing

Phishing attacks have grown far more sophisticated and targeted; even a personal email from a source you trust isn’t necessarily what you think it is.

Spearphishing is the practice of sending emails that are allegedly from a known or trusted sender. The aim is to encourage targeted individuals to reveal confidential information.

The email address will be ‘spoofed’ to look like a legitimate address from a known sender. Knowing what to look out for in a spoof email can help you identify them and respond appropriately.

Example

A hacker is able to research email addresses and personal information from social media groups for school parents.

A well-crafted email is sent to Simon, one of the parents in the group.

The email address has been ‘spoofed’ to look like the address used by the school’s fee payment department.

The email offers a fee discount for early payment, and a link is included.

The hacker has created a website that looks very similar to the school’s.

The discount was too good to ignore, so Simon transfers the money.

The real payment request comes from the school a week later!

Simon realises that he might have been the victim of a scam.

Simon immediately calls his bank, but as he voluntarily sent the money, there's little they can do.

Simon has now lost the term’s fees for his children and has to find the extra money.

How to manage the risk

  • The email address that appears in the ‘from’ field of an email is not a guarantee that the email came from the person or organisation it says it did... check.
  • If they are asking for money to be transferred, call any known sources by phone to check they are bona fide.
Download the spearphishing PDF

Online data sharing

Over-sharing online, through media and even government data sources like Company’s House, can mean you are giving away personal information to hackers. By gathering this information and building a profile on you and your family, hackers can make you a target.

Younger generations can be a big risk to families if they overshare on social media. Avoiding the sharing of documents, letters, licences and other sensitive information might seem obvious but even sharing daily activities, holiday pictures and hobbies can give too much information to the wrong people.

Example

Jeremy, a local businessman, and his family's home are featured in a national magazine article.

A hacker saw the article. With some research, he learned Jeremy was married with three children, and their social media accounts had limited privacy settings.

He focused on the son’s social media posts and was able to find university information and other facts.

The son's Instagram told the hacker that the family went skiing at the same place every winter.

This information allowed him to know when the house would be empty.

Posts about sports day told him which school the children attend. He was able to confirm patterns and wealth levels.

Posts about horse riding lessons and other leisure activities showed when the house was empty during the week.

Using open source data, the hacker was able to find photographs and the floor plan of the family home.

In a matter of minutes, he also has external imagery of the property, and he can see all security features present.

He wants to visit in person... so he pretends to be a delivery driver, as the homeowner will open the door every time to one.

After checking the response times of the local police, he picks a time when Jeremy and his family are away and breaks in.

How to manage the risk

  • Younger generations can be the biggest risk to a family’s online security if they overshare information on social media.
  • Ensure that you and your family have the appropriate privacy settings enabled on your social media accounts. Different social media channels might require different levels of privacy. Do you know who is following you online?
  • Think twice about the posts and photos you’re sharing. Make sure none of your sensitive information is in them – driving licences, passports, letters, and other documents. Or posts that show you are on holiday, signalling that your home is empty.
  • When you enter your details on a website or app, always check the terms and conditions, and even then, be careful what you’re agreeing to; others may know about you or your account.
  • Consider the amount of information you give Companies House, don’t use your personal address.
  • Turn off location services in app settings on your and your children’s mobile devices: social media apps, cameras, and others that might reveal the location. This isn’t just about privacy, but also you and your family’s personal safety.
Download the online data sharing PDF

Home network attacks

All connected devices in the home access the internet through a common point, the router. There is an assumption that they are always secure but in reality, this is not always the case.

Many of the popular routers have vulnerabilities. For example, if a hacker can log onto your Wi-Fi network, they can access all Wi-Fi run devices in the home, including smart devices, fire and security systems and monitor your web traffic. And they can do this anytime, 24/7.

Example

John and his family live in a nice home on a leafy road in the Home Counties.

John’s broadband router is clearly visible in a window.

The hacker, needs to get a closer look...

He waits for an empty driveway and approaches the house under the guise of a food delivery driver.

With the router type and password, he can easily join it.

Many of the popular routers have vulnerabilities and he is able to access all Wi-Fi-run devices in the home and monitor their web traffic.

When John checks his online bank account he sees that his money has been transferred to an unknown source!

How to manage the risk

  • Check with your broadband provider that the core software or firmware on the router is the latest version.
  • Ask how to disable WPS (Wi-Fi Protected Setup); it was supposed to be an easy way to get devices connected to a router. But the push-a-button-to-connect system came with flaws, and some routers use the same default digits.
  • Keep your broadband router out of sight so the password or device is not visible.
  • Remove the password from the back of the router.
  • Consider smart doorbells to capture who visits your home when you are not in (but don’t announce that you are not in).
  • If you use Wi-Fi signal boosters, check how they connect to your network.
  • Change any factory passwords on your smart home devices.
Download the home-network-attack PDF

Man-in-the-middle attack

A man-in-the-middle attack is when data shared from a computer to a server is intercepted.

Shared Wi-Fi networks are handy but not always completely secure. Not every Wi-Fi network you access is ‘genuine’, hackers sometimes create fake Wi-Fi networks. Once you are logged on, they can watch your every move.

Example

James, a local homeowner, enjoys the ‘café culture’ in his village and likes to visit the busy local coffee shop regularly.

It’s Saturday morning, and James walks to his local coffee shop to use the free Wi-Fi to complete a few tasks he couldn’t quite get to during his busy week.

James buys a coffee and sits down, and gets his laptop out.

A hacker has created a fake Wi-Fi network with a very legitimate-sounding name...

James’s identity and credentials have been stolen and he’s lost money and will face certain distress and inconvenience.

James logs on to the fake Wi-Fi network.

The hacker can now monitor James’s online activity as he’s placed himself in the middle of the connection, so he is able to intercept login details, bank card information, and more.

How to manage the risk

  • Use your mobile device’s data instead of public Wi-Fi, purchase a bigger data plan if needed – a mobile cellular signal is secure as there is no wireless network in between you and the internet.
  • If you need to log onto public Wi-Fi, then consider purchasing a VPN. They are approximately £80 per annum. (Virtual Private Network - an arrangement whereby a secure, apparently private network is achieved using encryption over a public network, typically the internet.)
  • Top 5 VPNs (according to techradar.com)...
  • ExpressVPN - NordVPN - IPVanish - Hotspot Shield - Surfshark.
Download the man in the middle attack PDF

Dissatisfied staff

We usually know and trust the people that come into our homes but in some instances, people may have sinister motives.

Keep an eye on domestic staff, construction workers and other people that visit your home who you may not know well enough to trust fully. If you find them to be disinterested in their work, there could be more to the situation.

Example

Harry moves into his new property.

As Harry’s new home is much larger than his previous property, he needs more domestic staff.

Harry speaks to his friends, and they recommend a new housekeeper who is available.

As Harry is a shrewd businessman, he haggles over the desired salary and hours. The housekeeper eventually accepts and commences work at the house.

After 6 months, the new housekeeper becomes disinterested in working for Harry and is very unhappy with her current salary and working hours.

A simple recording device bought online for only £10 is hidden in Harry’s study by the housekeeper who is now able to listen in remotely on all conversations in the room.

After months of recordings, the housekeeper has insight into Harry’s business deals including a large contract that Harry’s business is pitching for.

The housekeeper sells the information about the large contract to one of Harry’s competitors for a large sum of money.

Harry’s rivals use the information to undercut the contract and they are successful in winning the business.

How to manage the risk

  • Watch out for domestic staff that keep strange hours or if they appear disinterested in their work.
  • If you are recruiting outside of an agency, always obtain references for new staff, but also call their previous employer.
  • Consider online searches to see if the prospective staff member shows up in any online stories or news articles.
Download the dissatisfied staff PDF

Ecclesiastical logo

In collaboration with

Blackstone logo

About Blackstone Consultancy

Blackstone Consultancy is a security and investigative advice consultancy and is one of our preferred suppliers.

Find out more