Taking care of the cyber security basics by Will Geddes
Doesn’t it seem that not a day goes by without there being yet another reported cyber incident impacting a major corporation or government agency?
I’m sure, like many, you might be thinking: I’m having a hard-enough time keeping myself safe, but what chance have I got when companies and organisations – spending millions on their cyber defences – can’t? It can be somewhat depressing, and many people I talk to can feel, understandably, a bit helpless.
The target for hackers
The readers who know me will also know that I’m not a ‘cyber expert’ in the truest sense. However, I have garnered experience across this subject over the last two decades, working alongside many who are, and the one thing I can say is that if someone is determined enough to hack you, they probably can. And will. Especially if you find yourself in a country where state-sponsored surveillance is prolific, or you are a celebrity, a football team, an IoT device manufacturer, involved in government elections or working on something of specific interest (like NASA) that especially draws the attention of the hacking community. Where is the vulnerability: The person or the technology?
Most hacks are widespread distributed spyware, ransomware, malware or other viruses intended to impact as many devices as they can. Disconcerting though this may be, you can also take solace that unless you are holding specific information or assets of value, it will likely be more a case of you getting affected through the wave of widely spread threats. This means that you can likely also avoid becoming a victim. Why? Well, I honestly believe it actually often has less to do with the technology and more to do with the person operating it. As a very clever ‘techie’ once said, it’s often: PICNIC – Problem in Chair not Computer.
PICNIC – Problem in Chair, Not in Computer
This I’ve certainly found often to be the case. On the vast number of occasions when certain large organisations have been hacked, we’ve usually found out it wasn’t the super-amazing software which let them down, but the persons responsible for managing it. All too often, the problem will be related to not updating software patches, fixing identified weaknesses like ports left open, administrator rights being widely used, simple passwords or something else equally basic that a little ‘housekeeping’ could have easily prevented.
The same applies to us, personally. I wrote a book last year (Parent Alert: How to Keep your Kids Safe Online) and waited with bated breath for the ‘Cyber’ community to tear into me. OK, it is focused on kids and is, in ‘techie’ terms, pretty basic stuff; but even I was taken aback by the number of experienced IT professionals who responded positively.
Too often our considerations are set at such an elevated level we can often – and easily –forget that if we take care of the basics, we can immediately reduce our exposure to the majority of those nasty cyber threats: prevention over solution, and it does not require too much hard work to do this. In fact, it can be relatively straightforward, and in the most part, somewhat easy.
Taking care of the Cyber Security basics
Name your devices anonymously:
Why call them ‘John/Jane Smith’s’ iPhone or computer? Every time you connect to Wi-Fi this will identify you.
Join a Wi-Fi network, search other devices on Bluetooth or airdrop and you’ll see loads of other people’s named devices. Call it something anonymous like ‘Sponge-bob’, ‘ABC’, ‘Radish’; it does not matter what, just as long as it’s something that doesn’t identify you personally by your name or even your gender.
Unless you have this properly locked down, you are exposing yourself to the huge risk of someone going through your files and documents. I remember using someone else’s iTunes library when on holiday once because they left sharing on.
What are they protecting: your banking? Email account? Social media accounts? Which of these contain the most confidential, sensitive or important stuff? Which one of these, if compromised, would cause you the most damage or impact? Rate them from ‘most’ to ‘least’ and create a suitably complex password to correspond.
Every one of them should have the following; upper and lower case, alpha, numeric and a symbol. Replace ‘i’s’ with ‘1’s’, ’S’s’ with ‘5’s’ and use ‘*’s, ‘%’s and other symbols in there somewhere.
Maybe just use ‘1Password’ that will create these for you and also, register your email account on https://haveibeenpwned.com .
This site will alert you if your password has been compromised.
The Google Chrome browser has recently introduced a similar service too. If your password has been stolen (I found mine had been from the servers of some app I once used), then these services will let you know.
Make sure everything you can set up with two-factor authentication you do. This is one of the best ways to ensure that no one accesses that account without you knowing, even if they know your password.
Update your software:
Whenever there’s a new release or update. Each update will have a beneficial security element to it, even if it doesn’t say so. If you’re forgetful or super busy, set your device to ‘auto-update’ to ensure you’re prompted when it needs to be done.
Install a VPN (Virtual Private Network) on all your devices – phone, tablet, computer – so that when you surf the net – especially on a ‘communal Wi-Fi’ – like at a coffee shop, airport or hotel – the bad guys won’t be able to intercept your browsing activity or eavesdrop/sniff your information.
Install a capable anti-virus/malware
Don’t cut corners – get something good.
There are a multitude of other ‘tips’ I can suggest but implementing what I’ve suggested above will give you a good head start.
These cyber threats aren’t going away, but there are things we can do to protect ourselves. There is hope.