On the heels of some very high-profile and disturbing data breaches, this year’s Cyber Security Awareness Month is timely. After the announcements of major data breach announcements from Equifax, Deloitte and the Securities and Exchange Commission, and with the increased publicity and impact of social media, the attention and respect that cyber security, information security and data security deserves is starting to pick up steam.
The first step in making changes is building awareness, and this blog in relation to National Cyber Security Month’s Week 1 theme ‘Simple steps to online safety’. This will help consumers understand the threats and how to protect themselves, including what to do if they become a victim of cyber-crime.
Protecting yourself online may seem impossible, but following simple guidelines like enabling stronger authentication, strong password management, and regular update installation can do wonders to protect you from cybercrime.
Enable Stronger Authentication
- Extra layers of security beyond a password are available from most email providers, social media platforms, and financial institutions. Taking advantage of this multifactor authentication helps assure authorized access to all accounts. Remember that all MFA isn’t made equal; MFA that relies on SMS comes with problems of its own.
Figure 1: An advertisement for SS7 bypass services on the dark web
- Install updates for apps and software on your devices as soon as they are available. Keeping software up to date will prevent cybercriminals from taking advantage of known vulnerabilities.
- Do not open emails, links, or attachments from strangers. Phishing attacks often use email or malicious websites or links to infect your device with malware, which can gain access to personal and financial information or accounts.
- As a consumer, stay skeptical. Unless you are dealing with a known and reputable company, those amazing deals are probably amazing frauds. Fake shopping websites are very sophisticated with professional designs often mimicking legitimate sites.
Figure 2: An advertisement for fraudulent goods on the dark web. Not all offers will be this obvious!
- The domain name is the best giveaway – look out for those that are long, with lots of hyphens, slashes, or special characters that include popular brands or stores, but with extra letters or numbers (e.g., www[.]cheapapp1estuff[.]com).
- Also, the URL in the checkout section should start with https:// and have a padlock icon to the left of it indicating SSL encryption; exit immediately if it doesn’t. (Equally, remember that the presence of a padlock icon does not make the site definitely secure!) Don’t assume that links from trusted sites confer legitimacy: Facebook ads have linked to bogus Ray-Ban sites and Instagram promoted a phishing site that lured buyers with discounted Adidas and Coach merchandise.
Do your research on IoT and uPNP devices
- DDoS attacks are only one possible threat from infected IoT devices, and the diversity amongst IoT hardware and software make them extremely difficult to secure. Most IoT devices are meant to be install-and-forget and were not built with patching and updating in mind, thus security maintenance is very challenging if not impossible.
- No one is suggesting that you strike those smart TVs or personal drones off your holiday shopping list, but it is imperative for consumers to stay informed. Do your homework – read online reviews and make sure you’re aware of any security issues. The first time you turn the device on, change default passwords and check for updates and patches. Make sure your home Wi-Fi network is secure and avoid public Wi-Fi when possible.
- When shopping online, use a credit card, not debit, to limit your losses in case of fraud. Don’t make purchases or check bank statements over public Wi-Fi, as malicious actors can intercept data, capture your web traffic, or redirect you to malware or phishing sites. If you use public Wi-Fi frequently, consider encrypting your traffic via a personal VPN connection service. Monitor your bank and credit card transactions frequently and set alerts for suspicious activity.
All members of the public can take some simple actions to protect themselves online and to recover in the event a cyber incident occurs. Cybercriminals often prey on human error – such as people clicking on a link in a phishing email or using weak or repetitive passwords – to gain access to a home networks and financial or social media accounts. You can’t eliminate every risk, but you can keep yourself safer while enjoying this connected world.