Six cyber security essentials for consumers, small businesses
Mike Rogers, managing director, Tarsus Technology Solutions.
Cyber crime attacks are becoming more sophisticated, and the attackers are more relentless than ever, with the criminals increasingly motivated by the promise of high financial rewards at low risk. One study from McAfee and the Center for Strategic and International Studies (CSIS) (*1) shows that cyber crime costs the global economy 0.8% of GDP, or US$600 billion a year.
Meanwhile, Check Point's 2019 Security Report: Volume 1 (*2) shows that new threats are emerging as threat actors adapt their approaches to bypass stronger defences and to take advantage of new vulnerabilities, says Mike Rogers, managing director, Tarsus Technology Solutions.
For example, ransomware attacks affected as few as 4% of global organisations in 2018, versus a peak of 30% in 2017, but there was a simultaneous increase in mobile malware, remote access Trojans (RATs), and crypto-jacking (hijacking a computer's resources to mine crypto-currencies). The Check Point report showed crypto-mining malware is currently the most prominent malware type, affecting nearly 40% of organisations in the past year.
Even if you have the basics of a firewall and good anti-malware software solution in place, your data may still be vulnerable. Here are a few overlooked security tips and best practices to help you keep your personal and business information and computer systems safe from cyber criminals:
1. Use two-factor authentication when it's available
A mere password isn't enough to provide the full level of protection you need to keep your most valuable and sensitive data safe from prying eyes; even if you're doing everything right, your data could be exposed through a data breach at one of your service providers. And that means you might not even know that your password has been compromised until it is too late.
That's why you should use two-factor authentication (2FA) to protect your most valuable data. With 2FA, you will need to provide something you know, a password or a PIN, as well as something you have, a thumb print, a one-time code received on your mobile phone, a code generated by a token, to get access to a system or data.
Without access to your phone or thumb or token, a hacker cannot access your information or account. Receiving a one-time PIN on your mobile phone or via e-mail will also alert you when someone else is trying to access your data or accounts. Most popular services and applications, the Google and Microsoft online apps and services, online banking, Facebook, etc, offer 2FA. It's wise to use it.
2. Make use of a good password manager
By now, most people understand the need to use strong passwords to protect their information. However, it's a good idea to change your passwords every few months and to use different passwords for different applications and services. This causes headaches of its own; who can really remember a dozen passwords used for different Web sites and apps when each is 15-plus characters long and made up of a mix of numbers, upper- and lower-case letters, and special characters?
Rather than writing passwords down on a piece of paper or storing them in a text file on your computer, use a password manager to protect them. Such a service generates passwords for different sites and services, stores them with strong encryption, and enables you to automatically enter passwords when you need them. The password manager will be protected with a master password, so you'll just need to remember one password rather than several.
3. Always keep your data backed up
The first prize in information security is to keep hackers out of your systems, but it's also important to have a recovery plan just in case you experience a breach. Backing up your data at frequent intervals means you can bounce back quickly if, for example, your computer is unusable because of malware or if a ransomware attacker has taken control of your data. You can configure your mobile device or PC to automatically backup your data to a cloud-based service such as Dropbox, meaning you can access your data from another device if you suffer a breach or attack on your primary computer. It is advisable to securely encrypt all backups, otherwise these become just another place where your data can be exposed.
4. Keep your operating system and applications up to date with the latest version
There are few things more irritating than an application or your computer operating system prompting you to download a stability or security update while you're trying to finish an urgent task. But, don't neglect these patches, since they fix security vulnerabilities in your software. You can set automatic updates for your operating system to run at a time you're not using your device to minimise the inconvenience.
5. Control physical access to your devices
As important as it is to protect yourself from criminals on the Internet, you should also secure your physical devices against unauthorised use in the real world. Protect your computer and mobile devices behind PIN codes or passwords that only you know, and configure them to lock the screen after being idle for a minute or two. That can protect your data if you lose your device or it gets stolen or a co-worker in the office decides to pry while you're away. Also, be sure to use data management tools that enable you to track a lost physical device or to remotely wipe data if they are missing or stolen. This underlines the importance of the tip about backing up your data.
6. The user is the weakest link in information security
Many successful cyber attacks feature an element of social engineering. In other words, attackers often succeed by persuading someone to give them the information they need to gain access to an account or service.
Some of their techniques include:
Targeted phone calls to 'verify' your account information; be aware that your bank or software provider will not phone you to ask for your passwords.
'Phishing' e-mails, sometimes personalised and sometimes not. These e-mails will often direct you to change your details or verify your information, and then link you to a phony Web site to harvest your login and password. The Check Point 2018 Security Report (*3) revealed that 76% of organisations experienced a phishing attack in the previous year.
Social media quizzes that ask you for information such as your birth date, your mother's maiden name, the name of your first pet, and so on. Such information could be used to reset your password with some services or to persuade your bank that it is you who are calling when it's actually a criminal. Kaspersky Labs points out in its Threat Predictions for 2019 (*4) that data obtained from attacks on social media giants such as Facebook and Instagram, as well as LinkedIn and Twitter, is now available on the market for anyone to buy.
It's important to stay abreast of the latest scams; rather be cautious than trust when someone phones or e-mails you looking for personal information.
* 1: https://www.cnbc.com/2018/02/22/cybercrime-pandemic-may-have-cost-the-world-600-billion-last-year.html
* 2: https://pages.checkpoint.com/cyber-security-report-2019-trends.html
* 3: https://www.checkpoint.com/downloads/product-related/report/2018-security-report.pdf
* 4: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/11/27082929/KSB_Predictions-2019_General-APT.pdf