What is cyber-security, and how is cyber-security different for businesses than it is personal use? Both impact you. So, it would be a good idea to understand the differences and what you can do to protect yourself online for both your home and at the office.
Cyber-security is defined as the practice of defending our computers, servers, mobile devices, electronic systems, networks, and data from various malicious attacks.
When you hear the term cyber-security in the news, it’s often referred to cyber-security for businesses. Large organizations have a very different cyber-security landscape that they must maintain when compared to home users with computer devices. We will talk about personal cyber-security more below, but first let’s talk about cyber-security for businesses and how that impacts you.
Cyber Security for Business
Businesses store a lot of personal information about their customers. That is often privileged information that typically includes names, addresses, credit card information, and possibly social security data. Businesses need to protect their intellectual property as well as employee information.
Businesses present as very attractive treasure trove of information for hackers to access. A single hack against any company could potentially impact millions of people. This is the reason why you might hear so many news stories about companies being breached. Popular examples of this include the Sony, Target and Experian hack. All three of those hacks resulted in hundreds of millions of customers financial and personal information being leaked on to the dark web.
We hear so many stories about breached websites that many of us have grown numb to these reports. Nonetheless, these are important stories that we should pay attention to. It might be difficult to care about a website breach. After all, what are we going to do? We can’t prevent them, and we are just on person.
Unfortunately, businesses like Sony calculate breached data and lawsuits into their budget. Sony made a public statement stating that it was cheaper to absorb potential lawsuits and fines as opposed to implementing proper cyber-security measures. Experian made a profit from their data breach despite fines imposed by law makers.
What can we do to protect ourselves?
We do have some protection in Australian governmental systems. On Feb 22 2018 the Australian Government’s Notifiable Data Breach (NDB) Scheme came into effect. Under the NDB Scheme companies that handle people’s personal data like bank account information, credit card details, medical records etc, are obliged to report data breaches to the Office of the Australian Information Commissioner (OAIC).
The Notifiable Data Breaches (NDB) scheme has now been in place for over a year. The scheme applies to all organisations that are subject to the Privacy Act 1988 (Cth) (Privacy Act) and requires them to: 1) assess suspected ‘eligible data breaches’; and 2) notify the Office of the Australian Information Commissioner (OAIC) and any affected individuals of an ‘eligible data breach’.
Very few businesses implement proper cyber-security through altruism. Unfortunately, businesses will not take cyber-security seriously until the penalties businesses may face will be more expensive than implementing proper security measures.
Cyber-security for individuals is very different, though the goal for many hackers is still the same. People want to steal your identity or access your financial information. Some hackers might also have other goals, like holding your data for ransom, and we will discuss those edge cases below.
So, what are some of the threats that home users of technology face? Let’s go through a few of them and discuss how you can keep yourself safe from each type of attack.
Viruses and Worms
Truly, the only thing you want wormable in your life is your pets. That’s not a phrase that you would want to associate with your computer or smart-phone. Nonetheless, viruses and worms are something we all need to worry about.
It used to be that hackers would only spread viruses and worms for the amusement. Otherwise, they did it to get a kick out of it. These types of viruses and worms were more of a nuisance.
Hackers eventually realized that they could use worms to create large botnets. These botnets were used to disrupt other websites and services. Hackers would rent out these botnets to would-be attackers. The botnets would send a large amount of data to a website or service and overload it. This is called a distributed denial-of-service attack, or DDOS. These attacks were popular in the news cycle a few years back.
Today, we have much bigger threats to worry about. Hackers now spread crypto viruses with hopes of making money from victims. Crypto viruses encrypt data on computers so that data can’t be accessed. Hackers claim to hand over the key to unlock this data if they receive a ransom payment from their victims.
Unlike the movies, decrypting or recovering this data is not as easy as it looks. Encryption algorithms have become so strong today that even security agencies have lots of trouble dealing with it. It could take the most powerful computers years to decrypt data that was encrypted with good encryption schemes.
So, how do we handle viruses and worms?
Protecting yourself from viruses and worms is a huge subject. We could write a book about this. Despite that, we are going to discuss some of the easiest steps you can take to protect yourself. Some of these steps might sound like they come from a person wearing a tinfoil hat, but they are very easy steps to take.
Turn off UPnP (Universal Plug and Play) on your router. UPnP can make life very easy when attaching electronics to your network, but it also makes it easy for hackers to gain access to your network as well. You will need to consult the user manual of your router to find this setting.
Sadly, most universal plug and play device implementations do not have authentication methods because they assume that local systems and their users can be trusted.
If authentication techniques are not implemented, firewalls and routers that run the UPnP protocol become vulnerable to attacks.
Reboot your router once a week. Attackers target home routers by targeting the known default passwords (they are often posted on the Internet) for common routers and they could also take advantage of any security weaknesses of out-of-date software on your router. You could simply unplug your router for 15 seconds and plug it back in. However, It is highly recommended that you stay safe by 1) changing the default password on your router and 2) updating the software. If you’re not sure how to do this, contact your Internet Service Provider (ISP) for help if they provided the router, otherwise read the manual.
Be wary of unsolicited communications!
Do not follow instructions from someone who rings (unexpectedly) to tell you your personal device has some technical problem (no matter who or what they claim).
Also, if you are sent an SMS, instant message or email that you think is strange (including requests to click on a link, open attachments or to provide a password), do delete it.
Don’t buy cheap IoT devices. IoT devices are currently going through a renaissance and device manufacturers are rushing to get popular gadgets, like smart light bulbs and cameras, out the door. These device manufacturers don’t care about security, though. Make sure to only purchase IoT devices from well-known companies like Ring, Wyze, etc… Do a little research before purchasing an IoT device.
If you want to get extra geeky, buy a second router for your IoT devices. Plug that router into your first router. Attach any IoT devices you own to that second router.
Routers use something called NAT. Anything that happens in your network stays behind your router. When it leaves your router, and thus your home, it looks like it’s coming from the router and not a specific computer. Think of it as a mini firewall. By putting a second router behind your first one, you create a double NAT situation. This means that your IoT devices can’t see the rest of your devices in your home. This could also create issues for apps that connect to these IoT devices, but if you are extra security conscious this is a tactic worth investigating.
What about your computer? How do you protect that?
Don’t buy into the hype that you need a good antivirus application on your computer. The Windows operating system has come a long way. Because of how much better Windows has become, many antivirus applications can make your computer less secure. They must open holes in the operating system to function properly.
Instead, just stick with Windows Defender. Windows Defender is a very capable antivirus app built into Windows. It receives regular updates, and it has access to other parts of the OS that other antivirus apps may not.
Then, make sure no one has an administrator account on your computer. Create a special Windows account on your computer for doing things you need administrative rights for. Make all normal accounts standard user accounts in Windows. Viruses depend on the fact that people run their accounts as administrators. By not running as an administrator, you immediately prevent more than 90% of cyber-security threats that attack your computer.
Don’t download random software on to your computer. Do a little research in to that software first. It never hurts to spend 10 minutes looking to see if anyone else has had issues with a program before you install it.
If you are using Chrome or Firefox, download a plugin called uBlock Origin. uBlock Origin is like a web firewall for your browser.
It will block malicious ads and websites from accessing your browser. It’s also a great ad-blocker, too!
While we are talking about browsers, limit how many plugins you use. It’s become a common practice for plugins to gain popularity and then be sold to hackers. This is how hackers get past the Google Web Store security checks.
While we are on the topic of plugins, use a password manager like LastPass. Password managers are great ways to create strong passwords for each website you visit. Don’t use the same password at every website. That is why a password manager is so useful. They can remember strong, complicated passwords for you. LastPass is a great password manager that has been vetted by security professionals. Before you jump in to using LastPass, though, watch a couple of videos to learn the best way to use it.
What about phishing attacks?
The cyber-security industry has been saying for years not to click on links inside of emails. The hackers that send phishing emails have gotten really good at crafting these emails to trick you into clicking on links! Nonetheless, despite how convincing an email looks, the tried and true advice of not clicking on links remains prevalent.
Here’s what you do. Instead of clicking on a link, go to that website directly. Let’s use PayPal as an example. If you receive an email from PayPal claiming there is an issue with your account, PayPal will also leave a notice on your account when you log in. So, instead of clicking that link in the email, go to the website instead.
If someone is sending you an email that doesn’t involve a notice for some type of business, email that person independently. Don’t use the email address in that email. Look up the email address for the person claiming to contact you and email them with that email address you found independently. If someone is truly trying to contact you, they will respond to your emails.
What about credit card safety?
Credit card safety may seem like a losing cause, but out of this entire list, it’s the easiest cyber-security threat to mitigate. Use virtual credit cards instead of your real card information!
There are a lot of services that provide this. Many large banks and credit card companies have this feature, too. It’s easy enough to use. You’ll log in to your bank or service and create a new virtual credit card. That card can only be used online. You won’t get a physical copy of it. This allows you to create a different credit card for each website. If you ever see charges being placed against that card, you can shut it off. Likewise, if you are making a one-time payment, you can shut-off that virtual card immediately after using it. This will prevent your credit card information from ever being stolen.
There is a lot more you can do
This article is not by any means an exhaustive list of things you can do to prevent your information or credit cards from being stolen. There’s a lot more you can do. This list only contains some of the easiest and most impactful changes you can make right now.
Cyber-security, especially personal cyber-security, is an ever-changing thing. Your personal cyber-security is something you need to check up on every once in a while. I recommend scheduling a little time about once a year to take a personal inventory of your computer habits and what security processes you are following. Also, check for any new things you should be doing or if old measures you have been taking no longer work.