How to be Cyber Secure
It seems like almost every other week that we get another big news story about a major security breach hitting a big multi-national corporation or affecting a critical and widely used piece of software. Indeed, back in July it was discovered that a Russian hacking group had amassed a list of over 1 billion usernames and passwords – that’s potentially one in seven of us! Almost every major player in the industry has had a hack of one sort or another in the last year and two of the most critical and widely used pieces of software that run the Internet, OpenSSL and Bash, have been found to have major flaws in the last few months. There is a saying in I.T security circles that it is no longer a question of when you will be hacked, but what you are going to do about the hackers already in your system. This is beginning to seem increasingly and worryingly accurate! The old days of the Apple OS and Linux users jumping up and down in joy proclaiming they are immune to such deviances are long gone, following several high-profile bugs, attacks and viruses on these systems. It’s safe to say that we are all targets in the mind of a hacker. We are all fair game.Why Me? I hear this a lot…particularly from users who don’t like to encrypt their wireless signal (which is suicide in this day and age!). Unfortunately, we are all targets. It’s rare for hackers to be after specific data (unless you are a big multinational with a huge credit card database!) and much more likely that they are trawling for identity theft or just want to gain control over your machine so they can use it as part of a Botnet to launch attacks against their bigger quarry. Most malware has this purpose in mind. I only go on reputable websites, so surely I’m safe? Unfortunately not. Numerous bugs and exploits exist that can be used by a hacker to take control of a legitimate website and inject some of their own code. A great and ongoing case in point is with eBay posts. Plugins, downloads, those free search toolbars, advertising and “apps” all provide other vectors through which a hacker can covertly gain access to your system. Google, Apple, Facebook…you are not safe on any of them. Surely my antivirus and firewall stops it? Unfortunately not. These systems in their standard and most common configuration can only stop what they know about, so anything new gets through. In an electronic arms race, hackers are always developing clever new ways to circumvent these systems and firewall and antivirus vendors are always playing catch-up. So, what can I do?
RULE #1 – STRONG PASSWORDS. Your password is your key. By all means obfuscate your username, but it is essential to make your password as long and as complex as you can. Mix case, numbers and letters, special characters if you are allowed, and try not to use real words all of the time. One common method is to swap letters that look like numbers to the number, but hackers know this one and code for it, so you need to do a bit more than that. These days anything shorter than 10 characters probably isn’t long enough. Of course, most of us don’t want to remember anything much longer, so you can use a Password Manager to help. KeePass and LastPass are two of the most popular. It is also worth having more than one password. Use a different password for each site or application or device if possible. RULE #2 – TWO FACTOR AUTHENTICATION. If it’s an option, turn it on! Most solutions either use your mobile phone or a separate app on the phone to generate a one-time passcode when you log on. This is almost impossible to hack! That little extra step offers a lot of extra protection. RULE #3 – SAFE SEARCH. Most major search engines offer a Safe Search and some corporate networks enforce it by default. Safe search restricts a lot of the nasty and high-risk sites along with other content of a distasteful nature. Using Safe Search drastically reduces your chance of picking up a malware infection. RULE #4 – KEEP THINGS CLEAN AND TIDY. Tools like CCLeaner can help clear out all of those temp files and cookies that sites and advertisers can use to track you. They often help speed up your machine and stop unexpected crashes, too. It’s also a good idea to keep your system as tidy as possible, filing everything in a consistent and structured manner. That way, any unauthorised and unexpected changes that may be the sign of a hack will stick out. RULE #5 – BE SAFE NOT SORRY. Those emails you get from a bank or Facebook or someone else that look perfectly legitimate but you are just not sure and just not expecting them…they are probably an attack. If you are not sure about something, it’s better to be cautious. Email the sender separately and see what reply you get. If it’s genuine, they’ll tell you. If it’s not, they probably won’t reply. (In fact, it probably didn’t even come from the reported sender, anyway). One quick check – mouse over the link and look at the bottom of the window to see where that link wants to take you. If it’s not going to the correct site (a typical example is: barc1ay5.8ank.ru instead of www.barclays.co.uk) then it’s probably not real. RULE #6 – TURN ON ALL SECURITY SETTINGS. Don’t log on as Administrator. That one is probably worth repeating. Don’t log on as Administrator! Seriously! Don’t! Also, don’t turn off UAC (User Access Control). If you have a firewall then use it. The same goes for Anti-Virus. The more hurdles you can put in the way the more unattractive you make your system to a potential hacker and all hackers have one big thing in common – they are lazy! RULE #7 – WATCH WHAT AND WHERE YOU POST. This one is best explained with a story: John and Jane were going on holiday for a couple of weeks. A few months before they’d purchased a nice, big, new plasma TV and HiFi that they’d posted pictures of on Facebook to share with all of their friends…and their friends’ friends… They also posted on Facebook about how excited they were to be going away for two weeks to Italy for all of their friends and their friends’ friends to see. Remember the six degrees of Kevin Bacon? Well, all of your friends’ friends on Facebook will typically be a group of between a few hundred and a few thousand users…tens of thousands in some cases. Most of whom you will never know and never meet. What John and Jane didn’t realise was that by default the iPhone camera they’d taken the earlier pictures of their plasma TV, their HiFi, their house and garden with had GPS geotagging enabled. It was tagging every picture with their exact location! So, imagine their surprise when they returned from their holidays a couple of weeks later to find the TV, HiFi and all other goods of value gone, the house trashed, all food and drink eaten, beds slept in and left unmade, empty bottles, drinks cans, and cigarette butts strewn all around the place. Social networks and other online public access forums are great for keeping in touch, but they are also incredibly dangerous! Watch what you post…and watch what your kids post, too! Of course, there is plenty more you can do if you have the time and technical know-how, but these seven rules will help most people to be significantly safer online. Just remember – somebody is going to try to hack you. We see it hundreds of times a day. Just don’t make it easy for them!