Whether you are new to computers, or are a seasoned user – now is a good time to review your security knowledge and practices. If you think you’re safe because you have security software, I’ve got some bad news for you: The adoption of division of labour tactics, greater and more meaningful use of technology, and poor security knowledge haVE created a perfect storm for cyber criminals.
Most things we do involve some risk. Cars give us mobility, but our safety is never guaranteed; most of us choose to accept that risk. We do our best to minimise risk, but we know not everything on the road is within our control.
Living online is no different. It is impossible to guarantee your security online. Even if you do everything right, you can’t be certain that the other services and products that you rely on will always deliver for you. Security software vendors and cyber criminals are in a running battle. I’d be lying to you if I said that good guys were always one step ahead.
The good news is that cyber criminals target the vulnerable first – and with a few simple steps you can lift yourself up out of the target zone.
Know the Enemy
There are three important things to know about cyber criminals. Firstly, they are not misguided nerds. They are the same people and organisations that were prepared to trade illegal drugs, kidnap, and extort money. They have no morals to appeal to. They don’t care if they take your last dollar. They are real criminals.
Secondly, they have learned to specialise and put their ‘talents’ to greatest use. One group will write malware; another will use it to steal your personal data and pass it on to groups that specialise in ‘using’ it. This specialisation has led to a marked increase in the quality of cyber crime.
Lastly, they are not from around here; our laws and our law enforcement cannot reach them. In most cases, they base themselves in countries where local law enforcement is ineffective or complicit.
It’s not just about you and your security
If your computer becomes infected with malware, you are likely to suffer. That’s pretty obvious. Your financial details may be transferred into the hands of criminals. The quality of your online experience might be diminished by pop-ups and the performance of your PC may suffer.
When your computer gets infected, you are not the only one affected; often malware infects one computer and then starts targeting others. Your computer becomes a tool for the criminals.
Increasingly NetSafe [NZ’s leading educational advocate for cybersafety] is dealing with users who have had their email or social networking sites hacked, and then "they” have contacted their friends requesting money because of an emergency. Obviously, the money actually goes to the criminals. Many of those users have had their passwords stolen through computers infected with keylogger and spyware software.
So whether you want to protect yourself, or those around you – here are some steps to follow to make yourself a hard target.
Step One: Slow down
It will come as no newsflash that the importance of computers and the internet to New Zealanders is increasing. The 2009 AUT-led World Internet Project research found that over 60% of us were banking and paying bills online.
Despite this, most of us don’t really prioritise security; we prioritise convenience. The internet has given us what we want, whenever we want it. We’ve got used to that. Online, we never check the water before jumping in. Many cyber crimes rely on this.
This is especially so in social networking sites like Facebook. The rapid growth in social networking has provided a new opportunity for the criminals. We lower our guard within social networks because we assume that it is just us, our friends and Mark Zuckerberg there. It’s not. Cyber criminals are busy trying to poison links and trick you into downloading malware. That link to a hilarious video from your friend might not link to a hilarious video, and may not have been deliberately sent by your friend.
The single most important security precaution is to slow down. Take your time and be sure.
Step Two: Use the tools we gave you
Security software (anti-virus and anti-spyware) is a must-have. If you have a bit of knowledge about these things you can select from a range of specialist tools. If not, the larger security vendors all have products that tick all of the security boxes. This software will make your computer slightly slower, just as airbags and ABS brake systems make cars slightly heavier. It is a sensible trade-off. A computer infected with malware is also likely to take a performance hit – as well as all the other negative consequences.
If you don’t have security software, don’t connect to the internet. Many internet threats are invisible to you – but not to this software.
The criminals spend a lot of time analysing software and looking for weaknesses that they can use to break into computers. The software vendors patch up these weaknesses with software updates. Your computer is at risk during the time between the weakness being discovered and the update being applied – this is why it is most sensible to set your software to auto-update.
Modern operating systems tend to have the firewall active by default. A firewall is like a little room with two offset doors. From the internet, you can only see into the little room, which is extremely frustrating for malware trying to infect your computer because it doesn’t know how to organise an attack. Don’t turn the firewall off. If your computer tells you the firewall is down, address that straight away.
Internet browsers are your main window to the internet. When the browser warns you that something isn’t right – take heed.
Step Three: Be careful what you download
The easiest way for criminals to infect your computer is to get you to do it. You don’t want your computer to be infected, so they need to trick you into it. For some time there have been malware email attachments, but spam filters and a growing wariness among users reduced their effectiveness.
However when one door closes, another opens. It is now extremely common to download products from the net for free. That old adage "if it’s too good to be true, it probably is” clearly doesn’t apply to Mozilla Firefox, for example. In fact, the internet is full of brilliant free products.
The cyber criminals are also happy to give you their malware for free. Obviously you won’t download a find called ‘steals_your_data.exe’ so they give them other, more positive names. If you can’t verify that a program is legit and malware- free, you shouldn’t download it.
Typing the software name into Google will often expose the fake software, although some criminals have been known to produce fake product reviews!
Step Four: Protect your keys
You can turn a computer system into a fortress, combining the best hardware and software security products – but you have to have a door through which you can access it. That door is only as secure as your password. Most ‘hacked’ computers or services are caused by criminals guessing your password.
This is not as hard as you think. Approximately 1 in 9 people uses a password from the top 500 list. This means that criminals can ‘brute force’ entry to 1 in 9 accounts by rolling through those 500 passwords. That doesn’t take long for a computer.
If you’re wondering if your password is on that list, search "top 500 passwords”. If you cleverly use NCC1701 – the number of the USS Enterprise in Star Trek – you are using the 139th most popular password. If you use ‘123456’ you are top of the list.
If you’re wondering where the numbers for this list came from, hackers accessed social networking sites and analysed the data.
Any passwords should be at least eight characters long, have a combination of letters, numbers and symbols, and not include complete names or words. In a perfect world, you would have a different password for every computer and online service. For most people, that is too many passwords to remember (and you should never write passwords down) – so it is more realistic to have a handful of passwords.
Don’t believe the kids who tell you email is "so last week”. You email is the centre of your online life. When you forget a password, web services will email you to reset it. If somebody accesses your email, as well as reading your email, they can reset all your passwords. This is a very unpleasant situation to be in. If passwords are keys, email is like a set of keys.
Step Five: Back it up
Many of us store large collections of items of personal and financial value on our computers. These should be backed up. There are many low- cost options for backing up data, including online services and burning to DVD. Backing up data means having files stored in two places that are independent of each other.
Some malware infections are so complicated and intrusive that it is cheaper, easier and faster to wipe a hard drive and reinstall the software from scratch. This option is only available to you if you have backed up your files and can afford to lose the copy on your PC.