Security | National Grid

Shellshock bug

Shellshock is a digital security threat affecting many common operating systems and applications. The US government-backed National Vulnerability Database rated Shellshock 10/10 for severity.

The vulnerability affects a piece of software called Bash, widely used in Linux systems, Apple’s Mac operating system and Android devices. Shellshock can be used by hackers to take complete control of a targeted system.

We are in the process of auditing our services and systems for any dangers posed by Shellshock to confirm we are not at risk.

Data security is our number one concern and we regularly scan our perimeter for these types of vulnerabilities. We will continue to monitor all of our systems and notify our customers if there are any changes.

Heartbleed vulnerability

A major security vulnerability named “Heartbleed” has been making headlines around the world. This bug is a severe threat stemming from a coding mistake in a widely-used security technology called OpenSSL.

Heartbleed affects the encryption technology designed to protect your sensitive data on the Internet, like usernames, passwords and emails.

We have audited our online services and systems for any dangers posed by Heartbleed and have confirmed that they are not vulnerable to this bug.

Data security is our number one concern. We will continue to monitor all of our systems and will notify our customers if there are any changes.

At National Grid safety is our highest priority. We take your online safety as seriously as we take the safety of our networks and we employ a number of methods to ensure the security of your information.

Unsolicited and scam emails

When and how we may contact you by email

In the course of our business we may contact you by email to advise about the services we offer or activities we need to undertake in your area. We are committed to respecting your privacy and to complying with applicable data protection and privacy laws.

We will never:

Before disclosing any personal information online, make sure you know who you are dealing with and be suspicious of anyone who asks for your bank account or credit card details or asks for your password and do not click on any links or email attachments unless you are sure you can trust the sender.

Email scams

You may be aware that numerous scams are in operation that are designed to get you to provide personal details, including details of your bank account or credit card, for fraud or ‘identity theft’ purposes.

Some of these scams may try to use the brand of a reputable business, such as National Grid, in order to appear legitimate. We treat these scams very seriously. If you are concerned about an unsolicited or unexpected email that appears to come from National Grid please let us know immediately by sending an email to cyberresponse@nationalgrid.com.

Unsolicited e-mail

If you receive any e-mail from an unrecognised source, you should delete it without opening it. Spam e-mails can be used to elicit personal details from you without your knowledge, and infect your computer with malicious software by inviting you to click on a link or opening an attachment.

Be particularly wary of un-solicited e-mails appearing to come from a trusted source asking you to validate your logon/payment credentials. National Grid will never contact you either by email or phone and ask you for personal and/or account information.

Most e-mail clients have a spam filter which will automatically route spam mail to a separate inbox. Deleting unwanted spam without reading it will also protect you from most phishing e-mails.

What can you do to protect yourself online?

You can also take action to protect yourself online. The following advice on this can help ensure you and your data are protected.

Install the latest security updates and patches on your computer

Check for the latest patches and updates for the programs including the operating system and web browser installed on your computer. These updates are important as they can correct and strengthen weaknesses discovered in the software.

Install antivirus and antispyware software

Antivirus software can help to prevent, detect and remove malicious software such as computer viruses and worms on your computer. If you already use anti-virus software be sure it is updated with the latest virus definition files.

Spyware are programs which run on your computer to monitor and record the way you browse the Internet, sites you visit, personal information that you have entered online, including passwords, telephone numbers, credit card numbers and identity card numbers. Some antivirus software may also include antispyware functionality to help protect against unwanted snooping. Alternatively there are stand alone antispyware programs also available.

When downloading antivirus or antispyware software, be sure to visit the genuine site as there are many fake products claiming to protect your computer but which may actually infect it with viruses.

Tell tale symptoms of infection:

What should you do if this happens?

If you think there might be virus/spyware on your computer, run anti-virus/anti-spyware software to remove it before you download other programs or open emails.

Make sure your personal firewall is turned on

Your computer will contain a program called a firewall which will protect it from unauthorized traffic from between the Internet and your computer. It is usually turned on automatically but you can verify this and configure the firewall settings by selecting the network settings on your computer.

Password-protect your computer

Strong passwords will prevent other people from using your devices it if they are left unattended or stolen. Do not use personal identifiers such as national insurance, social security etc as your username or password. When creating your password it is good practice to use a combination of letters, numbers and special characters.

Always log off

Remember to log off from all websites that require you to log in, e.g. social networking, online banking, and online shopping websites. This will make it harder for unauthorized access to your online accounts if your computer is infected or stolen.

Contact us

To report a possible or actual security incident please email us at cyberresponse@nationalgrid.com.