How to bolster your cyber defences

For weeks now, global security experts have been warning of an increase in cyber-attacks and scams resulting from Russia’s invasion of Ukraine.

And while financial institutions, governments, and critical infrastructure appear most at risk, there’s a real danger that this cyber espionage could spill over into the mainstream.

For individuals and family offices looking to beef up their cyber defences, we caught up with XCyber – our external cyber-security partners at Barclays Private Bank – and have compiled a list of easy-to-implement cybersecurity tips and best practices.

XCyber is a specialist intelligence company with state-grade cybersecurity expertise, who pride themselves on protecting people, data, brands, and reputation in the digital domain.  Our clients can access their services, details of which XCyber have provided below.

1. Be sceptical: Don’t trust emails and text messages

The email scam involving an overseas prince who wants to share his fortune may be one of the internet’s oldest hustles. But today’s attacks are far more sophisticated – and increasingly convincing.

Today, a typical “spoofed” email will look like it has come from a big household brand with a link to a purchase you never made. Or a fake parcel delivery text message directing you to a scam website where you’re tricked into giving over personal or financial information. While spam emails can even come from email addresses you know.

Usually, though, the only giveaways are the odd spelling mistake, bogus email addresses, or fake URL links. 

And fraudsters no longer need just your bank details to steal money from you. If criminals capture your username and password, they can then potentially hack into your email. From there, they can cause havoc – intercepting invoices, diverting payments, and launching identity fraud.

So, if you think something looks wrong, it probably is.

Another risk factor is cyber-criminals knowing that when you’re on-the-go using your mobile phone looking at emails and SMS messages, you’re often distracted or in a hurry – and more likely to be caught unaware.

It’s why a healthy dose of scepticism can guard against the most common cyber threats.

2. Change your passwords and use multi-factor authentication

As we highlighted in an earlier cyber-crime article, credential stuffing is a serious and growing problem.

Credential stuffing attacks work when criminals obtain large volumes of stolen usernames and passwords – usually from data breaches – and attempt to use this information to try to break into thousands of websites at a time. 

And while it’s a crude form of cyber-attack, the scammers know they only have to hit the bullseye once for it to be a success.

As many as 35% of us never change their passwords¹, and two-thirds continue to use the same passwords across multiple sites². Worryingly, the most popular passwords are still the very unoriginal ‘123456’ and ‘Password’³.

Online password managers allow you to store all your passwords securely – enabling unique and strong passwords for all your accounts. It also makes sense to periodically reset passwords as part of any cyber-security hygiene checklist. While, more importantly, you should always enable two-factor authentication on accounts where you can – this alone stops 99.9% of attacks in their tracks⁴.

3. Be discreet and use privacy settings

You may think you have nothing to hide on the internet, but you should always pay attention to what you share on social media networks and other platforms.

Many key security questions ask for biographical information – like your mother’s maiden name, the city you were born in, or the name of your pet – yet your answers may already be littered across various sites that are all publicly available.

Security settings should therefore be configured where you can, limiting the amount of unknown people who can view your personal information.

High-net-worth individuals also tend to have more of an online footprint with details of their personal lives there for all to see – leaving you more susceptible to social engineering and “phishing” email scams that are targeted towards a specific individual.

4. Spotting a scam before it’s too late

Bank transfer scams happen when individuals are tricked into transferring money to a fraudster’s account – believing they were making payments to their bank or another trusted organisation.

A fraudster may pretend to be from a bank’s fraud team asking to move money into a safe account. Or they can trick you into thinking they are from HM Revenue & Customs, saying they need a bill or fine paying immediately.

And if they’ve hacked into your email and noticed that you’re moving house or are about to pay your children’s school fees, they may try to intercept these messages – sending duped emails in their place asking for house deposits or school fees.

To avoid falling victim, never call telephone numbers you don’t recognise. Instead, call back on numbers found on official websites. Also, never give out passwords or PIN numbers over the phone. And don’t be rushed into transferring any money – genuine organisations will never pressure you into making decisions. As once any payment has been made, it can be hard to recover the money – as payment is usually instant.

5. Striking the right balance with cyber security

“Cyber security is always a question of balance,” says Archie Nelson, XCyber’s Operational Requirements Lead.

“The challenge for prudent and proactive high-net-worth individuals and family offices is determining what that balance is and how best to achieve it on an ongoing basis.

“Right now, the risks are greater because of the Russia-Ukraine conflict. We would strongly recommend reviewing your personal cyber security to prevent an incident from affecting you.

“But too often, people react having suffered an incident and by then it’s too late. The money has gone and the harm has been done.”

How to access XCyber’s security services

XCyber referrals can be made to all our Private Bank clients, apart from in Monaco and Switzerland. Barclays Private Bank does not receive a referral fee for facilitating introductions.

XCyber’s services include conducting a full review of a client’s existing security measures, and identifying potential weaknesses, before recommending a personalised strategy to help strengthen their defences.

If you’d like to learn more, please contact your Private Banker who will put you in touch with XCyber.

Any service provided herein is offered directly by XCyber only. Barclays sole role is to refer you to XCyber and is not providing any recommendation or advice. Barclays receives no payment or fee for this referral. We provide no guarantee to the services herein and that the client should engage their own legal and specialist advisers for documentation, etc.

Related articles

Your World

This communication:

• Has been prepared by Barclays Bank PLC (Barclays) and is provided for information purposes only and is subject to change.  It is indicative only and not binding. References to Barclays means any entity within the Barclays Group of companies, where “Barclays Group” means Barclays and its affiliates, subsidiaries and undertakings. 
• Is general in nature and does not take into account any specific investment objectives, financial situation or particular needs of any particular person.
• Does not constitute an offer, an invitation or a recommendation to enter into any product or service and does not constitute investment advice, solicitation to buy or sell securities and/or a personal recommendation. Any entry into any product or service requires Barclays’ subsequent formal agreement which will be subject to internal approvals and execution of binding documents.
• Is confidential and is for the benefit of the recipient. No part of it may be reproduced, distributed or transmitted without the prior written permission of Barclays.
• Has not been reviewed or approved by any regulatory authority.

This communication is a marketing communication for the purposes of the relevant conduct of business requirements applicable to the communication.

Where information in this communication has been obtained from third party sources, we believe those sources to be reliable but we do not guarantee the information’s accuracy and you should note that it may be incomplete or condensed.

Neither Barclays nor any of its directors, officers, employees, representatives or agents, accepts any liability whatsoever for any direct, indirect or consequential losses (in contract, tort or otherwise) arising from the use of this communication or its contents or reliance on the information contained herein, except to the extent this would be prohibited by law or regulation.

Law or regulation in certain countries may restrict the manner of distribution of this communication and the availability of the products and services, and persons who come into possession of this publication are required to inform themselves of and observe such restrictions.

You have sole responsibility for the management of your tax and legal affairs including making any applicable filings and payments and complying with any applicable laws and regulations. We have not and will not provide you with tax or legal advice and recommend that you obtain independent tax and legal advice tailored to your individual circumstances.