Nowadays, we spend a big chunk of our everyday lives using personal devices to carry out a range of day-to-day tasks like online banking, shopping, checking emails, booking travel and even ordering a takeaway. More lately, we have also seen a huge uptake in the use of different video conference facilities in order to communicate with colleagues, friends and family.
However, have you ever stopped to think about what security features you have installed on these electronic devices? Can you say with absolute certainty that the software on your electronic devices will protect you from hackers looking to find and track your personal data?
For many, the answer is probably ‘I am not really sure’. I mean, yes, we install software on our laptops when we buy them because the security software is included in the price and of course, our work computers have a whole package of anti-virus, anti-malware software going on, which regularly update. So should we assume that it is all OK, or should we be doing something else?
This article hopes to give some insight into what cyber security is, the ways in which you can be hacked and electronically ‘attacked’ and provide a few helpful hints and tips on what you can do to protect yourself against a cyber-attack.
First, let us consider what a cyber-attack looks like and how it can happen. Cyber-attacks can be categorised into four main types:
Phishing is the most common type of cyber-attack and is the practice of sending out fraudulent emails that, on the face of it, look like emails from reputable sources. They aim to steal sensitive data such as credit card details and login information.
To help protect yourself from phishing, you should carefully check the email address and information contained within emails before replying to them or clicking on any links, as there are often clues to suggest that it is has not come from a ‘real’ source.
There are various technology solutions that can be downloaded to your devices, which when running will filter malicious emails from regular, safe ones.
Ransomware is a type of malicious software. It aims to extort money by blocking access to files or the computer system until a ransom is paid. Paying the ransom does not guarantee that the files will be released, recovered or restored.
By way of example, earlier this month a ransomware attack took place on The Campari Group (‘Campari’), the famed Italian beverage vendor of brands like Campari, Cinzano and Appleton. The ransomware attack took down a large part of Campari’s IT network.
The RagnarLocker gang responsible for the attack were trying to extort a ransom from Campari to decrypt its files. Campari refused so the attackers released the files that they had stolen from their network, which included details of an endorsement agreement signed with the US actor Matthew McConaughey, for the Wild Turkey bourbon brand. The ransom demand was for $15 million.
A Malware attack is a cybercrime in which cybercriminals create malicious software (‘malware’) and install it on unsuspecting users’ devices without their knowledge.
Malware is a type of software designed to gain unauthorised access or cause damage to a computer.
A malware program comes with various threats like spyware, viruses, adware, scareware and rogueware, usually in the form of a worm or Trojan.
Social engineering is a tactic used by cybercriminals to trick users into revealing sensitive information. Often used together with one or more of the threats listed above, social engineering tries to make a user click on links or download malware by trusting a malicious source.
Fraudsters typically use such tactics in an attempt to solicit a monetary payment or gain access to confidential data.
Cyber security encompasses the measures taken by individuals or organisations, to mitigate the risk of them falling victim to a cybercrime by protecting the devices and services they use against unauthorised access or attack.
It is fair to say that cyber security has become a hugely important requirement in our everyday lives and is something most of us do not give a second thought to – now is the time to act and to make sure that you are sufficiently protected.
There are a number of things that you can do to help improve your cyber security, whether it be on a personal device at home or a device at work. Below are some things you can do immediately:
How much information or data is stored on your device? Now consider how much you would struggle if such information was to be lost. Regularly backing up your stored data will prevent you losing it all should something go wrong and your device breaks, if it is stolen or should the dreaded ‘computer meltdown’ blue screen appear. Making regular back-ups of your data means that no matter what happens, you can retrieve and restore your system and data to where you left off.
Ensure that you have downloaded anti-virus software to your devices and your firewall remains switched on. A firewall acts like a front door between your home network and the external network that you are connecting to. If fraudsters are knocking at that virtual ‘front door’, the anti-virus software should identify them as dangerous and consequently not let them in.
Do not ignore those ‘update available’ messages on your phone or tablet. Ensuring that your device has the latest updates installed will ensure that they contain the most relevant and applicable security information. You should always password-protect your screen lock and install a track and trace app – that way, should you lose or have your device stolen, there is the ability to track and disable it.
We hear it all the time, “do not use obvious passwords to protect your devices” and “do not use the same password across all devices and applications”. Cyber criminals know how to spell your name and are also highly likely to be able to find details like your date of birth or pets name online. ‘Password’ and ‘1234’ are also far too obvious. Get creative and think outside the box when it comes to your passwords – the whole point is that nobody should be able to guess them.
Phishing attacks are simple yet effective tricks by cyber criminals and one that many people have fallen for. Some attacks can be through emails sent from some far-flung bank manager claiming that there is millions sitting in a bank account, which he can transfer to you if you tell him your bank account number and sort code. However, the more sophisticated attached could be an email, which appears to be from your local tax department with a simple link for you to click to log in, so that you can provide your personal data for that tax return submission.
The key message to avoid a phishing attach is that before you do anything, think!
Are you expecting an email from this person or department? Would you ordinarily receive this kind of communication? Check the sender’s email address thoroughly- is it valid? Is the spelling correct? Was the email addressed to you personally or was it addressed to a generic ‘Dear Sir/Madam’?
Always err on the side of caution and if you are unsure, call the provider and check the facts first before responding or reacting.
Without doubt, the global cyber threat continues to evolve at a rapid pace, and the number of data breaches continue to rise every year. The attacks undertaken by cyber criminals are also ever more sophisticated and whilst the fundamentals remain the same, the types of cyber threats and securities differ significantly from sector to sector.
Was this article of interest? Watch out for additional industry specific cyber threats and securities articles, coming soon.