Keeping you up to date with the latest from Bridge Insurance

05.10.2020 – Updated risk assesments for all offices

Please find below, links to relevant Risk Assessment and Policy documentation relating to visits to our Manchester and London offices.

• Manchester Office – Covid-19 Risk Assessment. (Updated 04.05.21)
• London Office – Covid-19 Risk Assessment.
• Health Screening Form for Visitors (Word Doc. download.) (Updated 04.05.21)
• London Office – Asset Readiness Occupier Update.

01.09.2020 – Covid-19 Risk Assessments – London.

Please find below, links to relevant Risk Assessment and Policy documentation relating to visits to our London Office.

• London Office – Covid-19 Risk Assessment.
• London Office – Health Screening Form for Visitors (Word Doc. download.)
• London Office – Asset Readiness Occupier Update

01.07.2020 – Covid-19 Risk Assessments – Manchester.

Please find below, links to relevant Risk Assessment and Policy documentation relating to visits to our Manchester Office.

• Cobac House – Covid-19 Risk Assessment.
• Cobac House – Customer site visits during Covid-19
• Essential worker policy

02.06.2020 – Keeping the business safe online at home. (Part 2 – by Cyber Cyril)

Socially engineered Phishing emails

We’re seeing a massive rise in phishing emails, emails that come from a different email address but they’ve used someone familiar’s name to try to scam you out of money and or data. Roger Potts is a popular choice for spoofing due to his seniority within the company!

It’s easy to detect a phishing email when they try to look like someone from Bridge, simply look at the senders email address. We block all incoming emails that try to spoof our email addresses so they will always be from a random names@hotmail or similar. If you’re ever asked to send information, provide passwords, transfer money or purchase anything it’s a scam!

If you double click the email in Outlook to open it fully and take a quick look at the address they’ve used at the top, you’ll soon know if it’s real or not.

Another tip is to think about the language used. For instance If you receive an email from Matt Mayo beginning with Hey (Americanism for Hi) it’s unlikely to be IT that’s messaged you.

Credential Phishing

This follows a similar tactic but instead of trying to extort money you might receive a link to change your expired password in Office 365 or Cascade etc. If you click the link in the email it will take you to a fake page that looks like the website. Once you enter your username and password they then have your information to hand and can go about trying to hack in to your online account.

Another easy one to avoid, quite simply, you will never, ever receive an email asking you to change a password unless you have specifically requested it via a “Forgot my password” link. If you ever receive an email with a link, think twice before clicking it, if you do click an email link and it asks you to enter your password IT’S FAKE. Close the web page and make IT aware immediately.

Ransomware and Malware

Ransomware is one of the biggest earners for Cyber Criminals! Malicious software is downloaded and run from one of our servers which then begins to encrypt all the data it can find from the shared drives and servers you have access to. Often the infection arrives as an email with a link to download a Voice message or an invoice.

Some of the more clever attacks will even try to make them selves look like a client sending you a proposal or asking for a quote with a link to view the document online. Once you click the link and download the malicious code it will try to wreak havoc inside the network. Whether that be extorting money for access to our data or collecting sensitive data and sending it back to the criminals servers which can then be used to blackmail or seriously compromise us or even worse, a client!

Bridge actually had an instance of this 5 years ago, something we managed to recover from successfully due to our excellent backup and DR practices. Other companies, including huge government agencies haven’t been so lucky and in some cases have had to pay £100’s of thousands in ransom to gain access to their data. Think NHS and WannaCry.

Whilst a little harder to spot these types of attacks, especially if a client has already been compromised and the hackers send emails through the clients servers, there are a number of ways to detect this kind of attack.

Links

If there’s a link in the email be very cautious before clicking it. Always check the email address it’s come from and if you’re even a tiny bit unsure if the email’s safe, ask IT, they’re always happy to review an email for you and let you know if it is safe.

Language

If you receive an email form a client or insurer it’s likely you’ve spoken with them before. Try to think about the kind of language used, the spelling and the layout of the signature. If it seems a little out of character for the individual, it’s highly possible it’s not them you’re speaking with!

Don’t email them back to ask if it’s real, they’re email system could have been compromised and the hacker could intercept and reply to the email! Always call them directly to check if they’ve sent you the email. It’s very hard to spoof a phone and a voice!

Expectance

This one’s easy, if you’re not expecting an invoice from that client, whilst it could be a mistake, it’s more likely to be something nasty. Again, call them, don’t reply by email, and ask!

Thanks for your continued efforts, you are the last line in defence and your actions save us all valuable time and money!

Stay aware, stay protected, stay safe.

Cyber Cyril

13.05.2020 – Keeping you safe online at home. (Part 1 – by Matt Mayo)

With the government mandated social distancing in place, we’re all likely to be heavily utilising online shopping at the moment. Online fraudsters are using this an opportunity scale up their operations.

There’s lots of tactics you can use to stay safe whilst buying that fitness mat or that special indulgence, to help you through the solitude that is 2020! Here’s your 10 steps to online safety, in order of importance.

A realistic approach to passwords.

Yes I know, haven’t we done away with these awful things yet!?! No, we haven’t, sorry. It’s more important than ever to use a good password to keep your accounts safe. Most providers force you to add extra characters to a password but that doesn’t help if you still just use Password1 or Password! To protect your online accounts!

• Make up pass-phrases that are easy to remember such as “Th3L0ngP@55w0rd” change an “e” for a “3” or an “a” for an “@”. If at all possible make sure to use over 12 characters in your password, especially for online banking and other highly sensitive accounts.
• Although it’s recommended to have a different password for every site, it’s not really practical or possible to remember them all. Instead you could try to have a small number of different passwords (J3nny123 and J3nny321 is not a different enough password!) not just one you use for everything.
• I have a very secure password that I use for online banking, another I use for online shopping and bill accounts and a few others I use for my less at risk accounts. Remembering 3-4 passwords isn’t all that difficult, especially if you use a phrase.

Use MFA/2FA – Multi Factor Authentication.

This a simple yet powerful extra layer of protection you can add to all or most of your online accounts. If your online shopping provider offer it as an optional security feature, use it! If you do somehow manage to click the wrong link in an email and provide a hacker with access to your online account login details, you’ll be glad you did. It’s rare that an account secured with MFA ever gets hacked.

Updates! – Install your Windows updates.

They are there for a reason! If you’re running out of date software you leave yourself open to be compromised by an easily avoidable attack.

Windows 7 is now end of life, if you’re still running windows 7 at home, do not use it for online shopping or purchases. To get back and online shopping again, simply upgrade, for free, using https://www.microsoft.com/en-gb/software-download/windows10

AntiVirus (AV) software.

The biggest and largest blackspot for most is not having current AV on their computers or, just as bad, having installed multiple AV software thinking it provides extra protection. It often has the opposite effect!

If you have multiple AV software on your computer they could be cancelling each other out. If you’re computer feels extremely slow when it shouldn’t be this is likely the case. Uninstall all of your security software and replace it with your favourite or use our recommendation below.

We recommend Sophos Home, it’s free and it offers the same great protection that the company pays a lot of money for. They also proved a premium product which is well worth the money, it provides even more protection against online fraud and scams. Click here to learn more about Sophos Home.

Use a Credit Card if you can.

Most credit cards offer online protection, you can ask your provider to find out if they do. At least if you do get hit with online fraud you can get some or all of the money back!

• Consider not saving your credit card or payment site details when shopping, it might be a bother to type in your details every single time but if someone get’s hold of your password they can spend your money with relative ease

• Use a payment service such as PayPal, you can save your details with them (use a good password you don’t use anywhere else) and then pay for online orders without the need to save and provide credit card details. Again, PayPal also offer online payment protection and can refund a purchase if it wasn’t as advertised.

Use a good web-browser.

Google Chrome is our recommended browser for online purchases. It’s a leader in its security practices and can actually warn you if a website is trying to steal your money.

E-mail scams.

Staying safe online isn’t just about watching out for a dodgy email although it’s still a big part of it. “Phishing” scams are targeting company’s more and more because of the larger potential for making money. That doesn’t mean your personal email is safe however! The same checks apply at work as at home when identifying a scam email;

• Check the email address – Do you recognise it?
• Check the language – If your British brother in law emails you asking you to order them something online and they’re using American spellings or saying “Hey” as a greeting it’s likely that you’re emailing with a hacker. You can always call to confirm anything that could cost you money if you’re in any doubt!
• Don’t enter your username and password – If you click a link in an email and you’re redirected to a site asking for a username and password, think twice before typing them in. No service provider, bank or online shop would ever ask you for your password in an email.
• If you’re still unsure after looking at the link address, type in the website manually or do a search from Google. This stops you being redirected to a scamming site built to look like the original.

Use known websites.

Familiar brands – whilst not always the cheapest or, in some cases, the most moral – are often the safest choice. Quite simply, they’ve got the money to spend on decent security!

Try to use a computer.

Mobile phones and tablets (yes even Apple!) are easier to compromise than a computer with full antivirus and all of it’s updates installed. Even your banking apps can be spoofed to collect your security information!

Use common sense.

If a deal is too good to be true, it most likely is. Don’t buy it or, instead, look up the same product from a trusted seller. They’re likely to have the same or similar deal on if it’s real

If you have the feeling something is wrong and you want to be sure, call the provider directly and ask them to look in to it for you. The bank will be able to confirm or deny sending you an email, even what countries you’ve been login in to your online accounts from.

Finally…please ensure you maintain the same data security principles at home, as you would in the office:

• Lock your screens when you leave the room.
• Dispose of client and Bridge paperwork securely – please let us know if you need a shredder.
• Don’t write down or share your passwords with any one – even family members.
• Don’t download work documents or attachments onto your own personal devices.

20.04.2020 – Weekends @ Bridge

Colleagues across the business come up trumps again and share pictures of what their weekends (and working weeks!) now look like. Cue plenty of four-legged friends and fresh air … click here to download.

31.03.2020 – Money saving tips

Lots of everyday services are offering customers refunds and other money saving opportunities…take a look at our round up below or click here to download.

30.03.2020 – How are you working from home?

We recognise that working from home is very different to being in the office. We really like this infographic, but you can also click here for our latest guide also has some handy working from home information inside.

26.03.2020 – Are you sitting comfortably?

Are you sitting comfortably? Take a moment to read our best practice tips on a good set up whilst working from home. Click here to read.

25.03.2020 – The views from working from home.

As our teams across the business adapt to working from home – we take a look at the view from a range of new desks! Click here to read.