October is Security / Cyber Security Awareness Month so I thought that I would spend a little time lowering the level to some general security awareness stuff.
Introduction & Cyber Awareness in General
Cyber attacks are on the increase, new strains of ransomware seem to be coming out weekly, we hear of new threats and vulnerabilities daily………. the list goes on and on. Unfortunately there is no silver bullet!, we cannot subscribe to a service nor install a software or hardware device which will totally secure our systems, technology alone will not mitigate the risks.
Still to this day, most attacks happen starting with a user: clicking on links, opening unknown attachments etc. In order to mitigate this we need to raise the awareness of all staff members to potential types of attacks, and eventually to change the culture within an organisation.
Do we need to be connected to internet services
We all see friends, colleagues and children constantly online which for some causes concern, we hear about the younger generations not regarding their privacy as much as they should and / or they cannot communicate without technology, maybe you are one who is ‘in touch with technology’ and you face colleagues / peers and friends who are not and wonder why not, how will I get them to change!
I think it is important to remember that generations differ, even within generations we have different types of people, those more or less of a risk appetite, those who are early adapters of technology, those who are not – I believe that we need to respect both sides, every body has their own thoughts and feelings with regards to the use and amount of information held and shared online about them.
I worked a few years ago with a student on his Masters Thesis based around the use of the internet and the different perceptions of Privacy people have, this reviewed different categories of people (age, roles etc.) and looked at how much they used the internet in general, from those who use it continuously to others who did not trust it and generally tried not to use it at all.
The overall outcome of this thesis was interesting as it showed that when people seldom used the internet or not at all it actually impeded their ability to educate themselves on a day to day basis – but obviously there was the other side where others put themselves at risk by lowering their guard.
The other problem for those who did not want to use online services was that it became impossible to subscribe to some services – even the likes of refuse collection, banking and other services now require us all to be connected!
5 Steps to help you stay secure.
Although the equipment and software that we use may change, there are fundamental things you can always do to help protect yourself. Regardless of what technology you are using or where you are using it, therefore I recommend the following five key steps.
Each of these steps is purely an overview, other articles and information can be acquired on this and other sites for more specific information accordingly. This is therefore not a definitive list or a ‘Make you SAFE online’ guide but instead is designed to review some of the easier steps which when taken increases your defences against a lot of the threats while working online.
You and Your Actions
Keep in mind that first and foremost we have to take some responsibility to our own actions, technology will not alone protect you, if an attacker wants your credit card data, they may fool you into giving it to them in some way or another. This could be via an Email, a Website or even a telephone call or brief encounter.
Ultimately, the greatest defence against attackers is yourself. Be suspicious. By using common sense, you can spot and stop most attacks.
New software and updates come out all the time, you may be of the belief that this is all just for commercial gain – this is a motive in some cases, but it is us (humans) who write software and created devices, with this we make mistakes and these lead to vulnerabilities or flaws in systems and software. Attackers use these flaws to infiltrate systems to gain access to data and other resources. When manufacturers identify these vulnerabilities they write and release patches or updates to repair these flaws by updating the code. This applies to all devices be it your computer, laptop, mobile device and even in some cases baby monitors!
The next step to protecting yourself involves using a strong, unique password for each of your devices to include online accounts and applications. The main aspect here is strong and unique.
A strong password is one that cannot be easily guessed by attackers or by automated programs. Use a long passphrase of multiple words with symbols and numbers.
Unique means using a different password for each device and account. This way, if one password is compromised, all of your other accounts and devices are still safe.
Especially for accounts with a higher risk (banking etc) if they support two-step verification, I highly recommend you always enable it, as this is one of the strongest ways to protect your account.
Encryption jumbles up information so that it cannot be ready by unauthorised people thereby protecting it. Data can be encrypted in two places: at rest and in motion.
Encrypting data at rest means protecting it when it is stored as files on places like your hard drive or a USB stick. Most operating systems allow you to automatically encrypt all of your data using features such as Full Disk Encryption.
Encrypting data in motion means encrypting data as it’s transmitted from your computer or device to others, such as when you are banking online. A simple way to verify if encryption is enabled is to make sure that the address of the website you’re visiting starts with “https:” and has the image of a closed padlock next to it, this restricts who and what gains access to your data while it passes between you and the hosting website.
Devices fail and get lost, new forms of malware (ransomware) are designed to simply lock you out so that you cannot gain access to your data. So if you have a device failure, you are unfortunately struck with ransomware or even have lost your device (hopefully it was encrypted!) Your only option might be to restore all of your personal information from a backup.
Make sure you are doing regular backups of any important information and verify that you can restore from them. Most operating systems and mobile devices support automatic backups.
Remember this is not an exhaustive list, it is designed to highlight some of the areas through which you can help to protect yourself and your information, remember you also have a responsibility to yourself and that it is important to use common sense and be sceptical when information about you is requested from third parties
As part of my services, I deliver Cyber / Security awareness briefings – if you would like to find out more about these services email me on training at tombrett.ie