October is Cyber Security Month. An initiative formed and being driven by the EU, Cyber Security Month seeks to create awareness of cyber security threats, promote cyber security among people and organisations and provide resources and information to help people and organisations protect themselves online through sharing information. Here Rian Schoeman, head of legal at Etion Secure, incorporating LAWtrust, shares his top five cyber security tips.
First, and most importantly, people need to be aware of and protect against phishing attacks. Phishing emails appear to be from a recognised source and aim to trick you into giving them things like your bank details or login credentials to valuable data sources. These attacks are becoming more and more sophisticated over time. You can stop yourself from falling victim by:
- Looking at the sender’s address – they are good at spoofing addresses so that they appear to be from a legitimate source but the address is usually not 100% correct. For example, there is a spelling error or it comes from firstname.lastname@example.org rather than email@example.com.
- Look for bad spelling and grammar – phishers they don’t spend time on the quality of the content in their emails and it is often easy to see by the language, wording, spelling and grammar that it’s likely not from your bank or telco provider (which does spend a lot of time on its content).
- – Hover over links before you click on them to check if it’s a legitimate site – if it isn’t, don’t click on it to check – just delete it.
- If you’re unsure whether an email asking you to confirm your credentials or verify your identity or relogin to your account (and so on) is legitimate, call the sender and ask if they sent it to you – if you can’t reach them – just delete it. Most banks and the like will never ask you to login from a link in an email, so that alone should be a warning sign.
- We use cellphones everyday and a lot of them don’t even have a password or biometric lock. Given the amount of personal (and company) information we keep on our phones, everyone needs some security in place.
- Check your apps – a lot of them, even the legitimate ones, are full of spyware, which captures your data and shares it in the background without your knowledge. Before you download an app look at the permissions it is requesting. If it’s a calculator, for example, does it really need access to your contacts and photos? Checking that the permissions requested are only what is needed.
- Passwords have been around for ages. We all use them, and reuse them. That we reuse them is part of the problem. If your password is compromised on one site, like Facebook, for example, and you’ve used the same password on other sites, attackers now have access to your profiles wherever you’ve used that password. This has become such a problem that many companies are reintroducing PINs as they believe they are more secure..
- If you battle to remember a long line of random numbers, or numbers and letters (and who doesn’t?), you might find a passphrase easier. A passphrase can be a favourite line from a movie or book. Not something obvious like ‘Luke, I am your father’, but something that appealed to you and hasn’t made its way into pop culture history. Make the phrase more secure by swapping letters for numbers. For example, ‘Troy fell’ can become Tr0y f2ll. There are millions of books and movies so you can use a different phrase for each account you have.
Public and private wifi
- If can rather avoid using public wifi, it may be convenient but there is no way to be sure if it’s safe. On a public wifi network you have no idea if you connecting to someone else’s computer who is harvesting your information with each click and keystroke.
When it comes to your private, home wifi make sure you give your router a proper password. Many people take the router out the box, set it up and leave the username and password set to admin. Likewise, don’t call it The Jones’ router, everyone in your street will be able to see it, and know it’s yours. Rather give it an obscure name, and change the username and password to something specific, and not easy to guess.
- Social engineering is on the rise. This is the art of using normal conversation to manipulate people into giving up information on themselves or their companies that hackers can use to access personal and valuable data and systems. Cyber-criminals use phishing emails or face to face or telephone conversations, pretending to be a customer or a person wanting to do business with you to extract information they can use. if you get calls like this, take it to your information or compliance officer who can investigate who they are talking to and why they need that specific information.