Over the last few years, people are interacting more and more online. They were forced to during lockdowns, discovered the convenience of e-commerce and collaboration tools, like Zoom, and continued when restrictions relaxed. They had little awareness of Cyber Security.
In turn, businesses saw their staff working from home and increased remote access to their systems. Hackers and other bad actors saw lapses in Cyber Security as an opportunity.
People saw media reports of hacking and online data theft, especially financial data, became alarmed about Online Security and either started looking for ways to increase their Cyber Security or pulled back on their online activities.
A Basic Understanding
Most people think that they are of no interest to hackers. That is completely wrong. Hackers want your personal, especially financial data, it’s valuable. They can use it themselves to steal from you or sell it to someone else to use it for theft.
They spread a wide net to catch as many people as possible who don’t believe that they are targets.
Here are three proven and tested tips for individuals to increase your online security and become cybersmart.
Use Anti-Malware Software and Firewalls
This might seem obvious, particularly with the many anti-malware packages, some free, that are available. They can be implemented on both Windows and Open Systems platforms and are now becoming increasingly available for smart devices like smartphones and tablets. There are also special versions for some other devices like WiFi routers.
An anti-malware application has two basic parts, an engine that does the checking, and data files that enable the engine to recognise malware. More recently, additional features have been added to most anti-malware applications covering other potential gaps in cyber-security.
The basic protections usually cover the desktop itself and incoming web and email services. As an example in the AVG application, there are additional, chargeable modules to provide further protection against hackers stealing website logon credentials and augmenting firewall protection against unauthorised inward network connections. Other modules enhance privacy and protect against internet payment to e-commerce shops and bank payment fraud.
There is an urban myth that they reduce performance. The suppliers have made great strides in reducing the impact of their applications and extending the range of protection they provide. In any event, the benefits they provide in relation to the probability of being attacked make it a no-brainer.
It is particularly important in home networks to have all attached devices fully protected. If one device is compromised, the infection could spread. If you connect to your work network, either with a flash disk or over a network, you could compromise that network as well.
Keep up to date
Systems are being continually updated. The updates correct existing known flaws, add new features and remove outdated or superseded ones.
In parallel, hackers continually search for software implementations that use older software versions that have known, exploitable flaws. They also use this knowledge to deliver malware and attack systems with new exploits that can use those flaws.
All Windows systems have an automatic update feature that covers all Microsoft applications. There are similar features and apps for Open Systems, and which one will depend on the distribution.
Switch the auto-update feature on, and you won’t need to work about keeping up to date.
There are devices attached to home networks like WiFi routers that are not covered by an automatic update feature unless the function is built into the router software itself. It is good practice to check, say monthly to see if there are any firmware updates to the router software.
Be Alert and Aware
Many hackers rely on users being lazy and inattentive. They create fake websites that look the same but aren’t quite the same as the correct one. They use phishing emails as a hook to collect user information. It’s unfortunate, but most malware attacks start with a phishing or spearphishing email as users casually click on a link.
A phishing email is an email supposedly coming from a trusted source, such as a friend or a reputable business like your bank. It asks you to click on an embedded link. The link takes you to a fake website that collects logon credentials and other personal information. Sometimes they install malware, such as a keylogger or screen scraper that sends other personal data back to the hacker. Once they have the credentials, they can empty your account.
A hacker will send a phishing email to an email list of perhaps tens of thousands of addresses in the hope that a few will respond. A spearphishing exercise is slightly different in that the email is sent to a few specially targeted individuals.
Some useful web tricks:
- Hover the cursor over a hyperlink. That should display the web address that the link takes you to. If it looks wrong don’t click.
- If it’s an email, then do the same. If the mail is in the junk mail folder, the link address should be displayed automatically.
- All secure and verified websites will have an https:// prefix. Be suspicious of those that don’t.
- The latest browsers will automatically connect only to websites that are secure. Either you won’t be able to go there, or you must make a conscious decision to do so. In most cases, don’t go there. With known bad sites, you won’t have the option.
Cyber security is not a one-off exercise it is a continual process of awareness, alertness, and continual update.
Think before you click.