Technology Security is very important in 2019, because without any understanding or consideration of the issue you are simply waiting to be attacked (and you will be!). It may not happen now, or next week, but eventually you will become another victim and you will have to deal with the fallout. This could be both financially and a loss of personal data.
Every day, cyber criminals victimize people who shop, bank and send or receive money online. Learn here to understand what happens and what you can to about this threat factor for 2019.
The Australian Institute of Criminology (AIC), the Australian Government’s national research and knowledge centre on crime and justice, states that the under-reporting of such technology crimes is thought to be a serious problem. Click for more information
Criminals and criminal organisations around the world know there is money to be made in technology crime and that policing it, given its international nature, is very difficult. In today’s world, we have moved from the “conventional hacker” just being a nuisance with new viruses, etc, to motivated criminals now harnessing that capacity to steal, threaten and extort for a profit.
Note that only a few of these criminals can be described as being experts or masterminds. It really comes down to the public (user) lack of awareness about security makes most people an easy target for anyone trying to hack into their personal data. Identity Theft also has seen a spike in growth.
I would like to suggest the following points to absorb for your future safety:
You are definitely a Target
Accept that you are an attractive target to modern hackers and scammers. Do not ever say “It won’t happen to me.”
Eight simple characters Is not good enough for a password
Practice good password management. Use a strong mix of alphanumeric characters, and add some non-alphanumeric character(s). Do not share your password with others. Do not write it down, and definitely do not write it on a post-it note attached to your screen.
Lock It Up
Never leave your devices unattended to access from others. If you need to leave your computer, phone, or tablet for any length of time—no matter how short—lock it up so no one can use it while you’re gone. If you keep sensitive information on a flash drive or external hard drive, make sure to lock it up as well.
Use great care when clicking on attachments or links in emails. If the email or the link is either unexpected or suspicious for any reason, do not click on it. Double check the URL of the website the link takes you to: bad actors will often take advantage of spelling mistakes to direct you to a harmful domain. Learn here some of the common appearances a phony website can have.
Beware Of Browsing
Sensitive browsing, such as banking or shopping, should only be done on a device that belongs to you, on a network that you trust (preferably at your home or office). If you are using a friend’s phone, a public computer, or a public free WiFi – your personal data could be copied or stolen.
Back up your data regularly, and make sure that your operating system and security defender is always up to date.
Physical Cyber Safety
Be conscientious of what devices you plug in to your computer. Malware can be spread through infected flash drives, external hard drives, and even smartphones.
Socially share Less Sensitive Information
Use caution what you share on social networks. Criminals can try to ‘befriend’ you and then may gain access to a shocking amount of information—where you go to school, where you work, when you’ are away – that could help them gain access to more valuable data.
Drop the “Middle Man”
Offline, be wary of social engineering, where someone attempts to gain information from you through manipulation. If someone calls or emails you asking for sensitive information, it’s okay to say no. You can always call the company directly to verify a callers credentials before giving out any information.
Monitor your Accounts
Be sure to monitor your accounts for any suspicious activity. If you see something unfamiliar, it could be a indication that you have been compromised.
Increasingly sophisticated hackers in 2019
Almost every business has a website and some have a publicly exposed data system that could provide criminals with entry points into their internal networks. Hackers have a lot to gain from successful data breaches, and there are countless examples of well-funded and coordinated cyber-attacks against some of the largest companies.
With highly sophisticated attacks now commonplace, businesses need to assume that they will be breached at some point and implement controls that help them to detect and respond to malicious activity before it causes damage and disruption.
Reject sites that say you have a virus or that you’re in trouble with the law
These sites and messages will play on your fears and attempt to get you to hand over money or personal information. However, your web browser is never going to be the place to find out if your computer has a virus.
Public availability of [evil] hacking tools (paid and free)
While well-funded and highly skilled hackers pose a significant risk to your business, the wide availability of [paid] hacking tools and program’s on the internet also means there is also a growing threat from the less skilled individuals (criminals) who may pay for a hacking package. The commercialisation of cyber-crime has made it easy for anyone to obtain the resources they need to launch damaging attacks, such as ransomware and crypto-mining.
A proliferation of IoT devices
More smart devices than ever are connected to the internet. These are known as Internet of Things, or IoT, devices and are increasingly common in homes and offices. On the surface, these devices can simplify and speed up tasks, as well as offer greater levels of control and accessibility. There proliferation, however, presents a problem.
If not managed properly, each IoT device that is connected to the internet could provide cyber criminals with a way into a business. IT services giant Cisco estimates there will be 27.1 billion connected devices globally by 2021 – so this problem will only worsen with time. With use of IoT devices potentially introducing a wide range of security weaknesses, it is wise to conduct regular vulnerability assessments to help identify and address risks presented by these assets.
Almost 40 per cent of scams in Australia are committed over the phone (a very high number).
That’s followed by email at 26.5 per cent and text messaging at 15 per cent.
The following are clues you might be on the phone with a scammer:
- If they claim to be from a computer software company wanting access to your computer. “Microsoft, Telstra, etc are not remotely checking your computers unless you have been in contact.”
- If the overall quality of the call is poor
- Calls made on behalf of government agencies asking for bills to be paid in the form of pre-paid gift cards — such as iTunes
- If the caller is applying inappropriate pressure — including threats and potentially inappropriate language, as part of their scam
- Any calls asking for financial details (such as credit card or banking details)
Telstra has also warned its customers on its website to avoid callers that claim to be from the Australian Federal Police, wanting you to help them “track down criminals”.
- If you are unsure whether the caller is legit or not hang up and call the agency they claimed to be from and check whether their story is true.
- If you receive a threatening call asking you to pay money do not respond and hang up immediately.
- Never use the contact details given to you by the caller. If you need to call back the agency find their legitimate number online.
- Never provide the caller with any personal information.
- Don’t give out your passwords or allow anyone to access your computer remotely.
- Don’t make any payments to the caller, whether it be by bank transfer, Bitcoin or through gift cards.
- Delete and don’t open any suspicious texts, pop-up windows or click on links or attachments in emails.
The best thing you can do to protect yourself during any dodgy call is HANG UP!
Otherwise, the ACCC recommends the following options:
- Don’t respond to numbers supplied in an automated call or from numbers you don’t recognise
- Always be sceptical and if you’re unsure the person on the end of the phone is not who they say they are, hang up and call the organisation directly on an independently verified number
- Don’t give someone who calls you out of the blue any money, personal details or access to your computer
- Don’t return calls to international numbers unless you know them
- Don’t pay with an iTunes gift card. No legitimate business in Australia is going to be asked to be paid this way
- Delete any messages left on your voicemail
- Speak to someone you trust about the scam call
If you do think you’ve been scammed, it’s unlikely you’ll get your money back.
However, there are some ways you can limit your losses — including contacting your financial institutions, reporting the scam to authorities, changing your computer password or attempting to recover your stolen identity.
People can report scams and get information at www.scamwatch.gov.au
Tips to protect your computer at home
- Firewall: Windows 10, Windows 8, and Windows 7 have a good firewall already built in and automatically turned on. Check that the firewall stays on.
- Updates: Be sure to turn on automatic updates in Windows Update to keep Windows, Microsoft Office, and other Microsoft applications up to date. Turn on automatic updates for non-Microsoft software, especially browsers and other apps you regularly use.
- Anti-virus Updates: Windows 10 and Windows 8 have Windows Security or Windows Defender Security Center already installed on your device and will update automatically. If you run Windows 7, you can download Microsoft Security Essentials for free. The latest version of Microsoft Security Essentials is likely better than many free or paid anti-virus third party packages (bloat-ware).
- Passwords: Make sure your passwords are protected and not easily available to others to find.
- Risky Links: Risky attachments or unusual links can appear in email, tweets, posts, online ads, messages, or attachments, and sometimes disguise themselves as known and trusted sources.
- Malicious Sites: Do not visit sites that offer potentially illicit content. Many of these sites are very quick to install malware (covertly) on the fly or offer downloads that do contain hostile malware. Use a modern browser like Microsoft Edge, which does have the features to help block malicious websites and prevents malicious code from running on your computer.
- Pirated material: Avoid streaming or downloading movies, music, books, or other applications that do not come from trusted sources. The bait is often about getting something for “free”.
- USB Devices: Ensure that all external devices either belong to you or come from a trusted and reliable source.
Protect your personal information online
Your privacy on the internet depends on your own ability to control and monitor both the amount of personal information that you provide and who has access to that personal information.
Protect yourself from scams
When you read email, use social media, or browse the web, be vigilant of scams that ask for your personal information (also known as identity theft), your money, or both. Many of these scams are known as “phishing scams” because they “fish” for your information. Learn more about how some common “phishing scams” appear.
Prevent and remove malware
One important step toward greater workplace security is to protect your computer against malware.
Windows Security (or Windows Defender Security Center in previous versions of Windows 10) is built in to Windows 10 and Windows 8 and provides real-time malware detection, prevention, and removal with cloud-delivered protection. It is intended for home, small business, and enterprise customers. See Help protect my computer with Windows Security.
To assist all Windows customers, including those who are not running Windows Security, Microsoft provides several malware removal solutions listed below.
Windows Defender Offline
Windows Defender Offline runs outside of Windows to remove rootkits and other threats that hide from the Windows operating system. This tool uses a small, separate operating environment, where evasive threats are unable to hide from antimalware scanners.
With Windows 10, Windows Defender Offline is built in to the operating system and can run from Windows Security. It is provided as a separate download for previous versions of Windows.
Windows Malicious Software Removal Tool
The Malicious Software Remove Tool (MSRT) is released regularly through Microsoft Windows Updates and automatically removes the most prevalent threats. MSRT helps ensure that Windows computers, regardless of their anti-malware solution, are regularly scanned for the most prevalent threats.
MSRT is also provided as a standalone tool that you can download. Customers who want to be able to address the most prevalent threats on demand can download and run the standalone version.