BSM-Be-Cyber-Aware-At-Sea

[CYBER AWARE FIDRAFILMS.COM/CYBER] [door bell rings] It's a business. We are professionals and we are growing as fast as the internet itself. [music and internet dial-up sound] The first thing to be aware of is that whether you're looking to take down a rival's website, steal someones identity or take control of a network, your first target isn't IT infrastructure. It's people. [camera zoom sound] 99% of attacks are aimed at people. People like you. Everyone uses email and a lot still fail to spot the signs of a simple phishing expedition. The unknown sender, poor grammar, incorrect information, irrelevance. [HAZIQ MOHAMED ABLE SEAMAN PORT AMBARLI, TURKEY] More effective is spear phishing. Individually target emails with a reasonable ask. It looks like it's from someone you know. Just because it says it came from the boss, doesn't actually mean that it did. Email doesn't work like that. [tapping of keyboard] People give up personal information so easily. Just think about it— Why would a company ask you for personal information or passwords they already have? But people don't think. [CHRISTOS STAMATIS CHIEF OFFICER NEWPORT, UK] Never more so than on social media. Every time you announce where you're going or what you're doing, you are telling us that you are not at home. Or worse, you can reveal important business information that someone, somewhere could make use of. [BREAKING: Somali Pirates Attack Commercial Vessel] [gun shots and incoherent talking] If you want to get on the inside of a business, target the individuals that work there. [GEOFF DANIELS LOGISTICS MANAGER SOUTH COAST, UK] Find their weakness, exploit it... everybody has one. Just because you think you're talking to a beautiful girl, doesn't mean that you actually are. We're all human. Some people are easily led into careless or foolish acts that leave them open to blackmail. Control the individual, we control what you do. People are the weak link. How many passwords do you have? People use the same password for their bank, their Facebook, their LinkedIn, their tax return. If I get your password, I can act as though I'm you. Spend your money, take out loans, even sell your house. I'll change the address for your statements, divert your emails. [PASSPORT CONTROL ROTTERDAM, NETHERLANDS] By the time you find out, I could have spent hundreds of thousands of dollars and committed crimes in your name. I can phish with your phone with texts or WhatsApp and upload malicious software to your phone without you knowing. When you connect it to a computer, the software can get to work paralyzing the system until you pay up, or, whatever we want to achieve. Technology is my friend. Every time you connect to a public Wi-Fi network, we can learn so much about you. Who you are, where you've been, who you work for. Use your phone for sensitive interactions like banking? Then you are helping us to access your life. This is what I do. It is a business and we are professionals. [static and beep] Haziq Mohamed spent three weeks in a foreign prison before he was able to establish his innocence. On his return home he found the cybercriminals had spent $12,000 on credit cards. His driving license had been used for insurance fraud which had lead to his arrest. Geoff Daniels couldn't face the images he shared with his virtual sex partner online being seen by family and friends so he followed the blackmailers demands and installed a remote device on his company's network. He worked at a large European port. With remote access, a criminal gang were able to alter records to enable goods to be smuggled out of the port unseen by customs. Christos Stamatis regularly posted information about his work on Facebook. As the chief of a container ship, traveling down the East African coast, he might have thought more carefully about who might be interested in this information. But it was his casual attitude towards how he used his personal devices on board that caused the most trouble. Having fallen for a texted phishing link, his phone was infected with malware. When he used the USB connection on ECDIS to charge his phone, the malware crashed the system. Without it's primary means of navigation, the ship was forced to divert for repairs causing a lengthily and costly delay to his voyage. Christos is now looking for a new job. Cybercrime is real. They target us because we are a weak link. Treat your personal and your company information like you would your cash or passport. Never hand it over unless you are 100% sure that you know who you are giving it to. Post on social media sensibly. Update your password to include letters, numbers, capitals and symbols. Keep different passwords for different sites. Watch out for unsolicited and irrelevant emails with urgent requests for you to click on a link or upload information. Never assume that an email is from who it appears to be from. Never charge your personal devices on ship equipment. Use a dedicated USB charger. Surf the web with care, stick to known sites. Avoid tempting links and free downloads. Nothing is free, even online, and the price you pay could be high. Never take part in anything online that you wouldn't want to show in the real world. 99% of successful attacks succeed because we fail to do the basics. Someone opens the attachment, clicks on the link, plugs something in. It only takes one careless click to expose the entire network. Make it difficult for cybercriminals. Don't be the easy target. [Cybercriminals are targeting the maritime industry.] [For more information visit Fidrafilms.com/Cyber] [Pukka FILMS] [NSSL Global]