32% of SMEs were the victim of a cybercrime last year, proving that small does not equate to safe. Fortunately, there are a plethora of free tools and resources that exist specifically to help small business owners protect themselves online. One such resource is the Police CyberAlarm (PCA), a free monitoring tool that helps identify suspicious activity entering your network and highlight some of your potential vulnerabilities online. Its purpose is limited to monitoring, rather than active defence, to support you in protecting your personal data, trade secrets, and intellectual property, all of which are valuable target assets for cyber criminals.
How does it work?
To be eligible for PCA, you need an internet connection, a firewall, and to be registered with the Information Commissioners Office, which most people are. A firewall is a network security device that monitors your network traffic. They are designed to establish a barrier between a trusted network and an untrusted network (for example the internet). Many modern devices have some sort of firewall built into their system during manufacture.
Once you sign up as a free member of PCA, you install a cyber alarm collector on your network. This collector works by processing online traffic logs from your gateway security devices. Whilst this could be your firewall, it could also be your intrusion detection system (IDS), intrusion protection system (IPS), network anti-virus/anti-spam system, or unified threat management devices (UTM).
The collector monitors these traffic logs, automatically filtering out internal traffic as well as data coming from identified and trusted sources. Any suspicious activity is flagged, encrypted, and transmitted to the PCA service, where it is analysed and reported back to your organisation.
This report helps you to identify malicious or suspicious activity on your network that you may be otherwise unaware of. It allows you to see certain details of the activity, including the source IP address, device ID and destination port. If you have additional anti-spam or anti-virus software on your device, you may also be able to access the recipient email, email subject line, and attachment name, if the activity was an email. This gives you a chance to investigate what sort of traffic is entering your networks.
PCA can also provide vulnerability scanning for your organization’s website and external IP addresses. This assists you in understanding your online vulnerabilities and keeps you up to date with any new and emerging threats that your external IPs and website URLs may face.
How can it help you protect your business?
Allowing PCA to process your online traffic helps police to identify new and emerging cybercrime trends. Receiving data from PCA members across the country gives police a broader picture of current threats, particularly if many members begin receiving lots of the same external traffic.
At the end of 2022, suspicious activity began to be detected across the country from PCA members. The PCA team could see the growth of this suspicious traffic and identified that it was originating from similar source IP addresses. These addresses were checked against a database detailing known suspicious IPs, which validated the information coming in from PCA collectors. This subsequently allowed UK police to get an understanding of what was happening, in turn helping members to bolster their cyber defences.
In another instance, the PCA team identified that one of their members, an education trust consisting of 17 schools, had been allowing an unusually high volume of suspicious traffic through its firewall. This suggested there was a problem with the firewall system that was allowing traffic from malicious sources on vulnerable ports to get through.
Additionally, they identified that one of the schools within this trust had allowed suspicious activity from a known ‘bad actor’ back in December of last year. Whilst this school was contacted by their local cyber protect officer to inform them of this, they assured the officer they would be fine, before being hit with a cyber-attack less than a month later.
After the attack, the school in question was able to work with the PCA team to examine the chain of events that led up to the attack. Had the school taken heed of the warnings from their local officer, the attack could have potentially been avoided. Regardless of this, PCA still proved to be a useful tool in the recovery process and helped to identify multiple instances where vulnerabilities could be exploited, and further attacks launched against the entire trust.
More recently, PCA has been used by organisations to help them mitigate cyber-threats from their supply chain- currently one of the biggest problems in the business community.
You can ask your supply chain to take on PCA, and request that the vulnerability reports that the software creates are shared with you as well. This allows you to analyse the risk of the organisations you work with and negotiate about managing any risks of concern before they create a problem for your business. This feature is starting to be rolled out across public sector organisations and is an excellent way for businesses to collaborate with the aim of protecting each other. Find out more about this by contacting us at the ECRC.
What do I do next?
Join the ECRC as a free member and we can help you figure out if PCA is the right tool for you to use. Your membership enrols you onto our ‘Little Steps’ programme; a weekly email series delivering bite-sized information directly into your email inbox, helping you to develop your cyber resilience week by week. These emails include steps such as enabling MFA on your accounts, as well as signposting free resources, including PCA, that exist to help you protect yourself.
SMEs are highly targeted by cyber criminals, and knowing about the free resources designed to address this is the first step towards being well-armed against cyber-crime. Alternatively, you can read more about the details of PCA on their website here.
Reporting a live cyber-attack 24/7:
If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress) please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day 7 days a week.
Reporting a cyber-attack which is not ongoing:
Please report online to Action Fraud, the UK’s national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.
Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050)