Cyber Security - Do I need it?

Not that long ago i attended a cyber security conference, what i learnt, literally scared the bejeebus out of me. 

One of the services we offer is web development and for a long time i have ensured that all web sites developed by LLOC have a WAF installed (web application firewall). Nearly every website we look after is under constant attack, fortunately the WAF blocks 99% of the attacks, but occasionally a hacker get through and 9 out 10 times this is because they have hacked the actual web hosting company. This barrage is constant.

So I thought I was prepared when I headed to the conference. Not even close.

The short version is that hacking is part of our lives and is probably never going to go away. Years ago i was the victim of a card skimming racket and lost $2000 from my account, fortunately my bank reimburse me, but that has put me on high alert every since.

Just weeks ago a client of mine had their phone SIM hacked, which allows the attackers to gain access to there bank accounts (they were able to get the verification codes sent to new SIM with the same number) and they lost over $3000 in the process.

So if you think this can't happen to you, think again

The Scary world of IoTs

IoTs (internet of things) are devices like your smart TV, your smart fridge, those smart lightbulbs your installed in your home, that smart frontdoor lock. Countless new 'Smart' devices and appliances are been developed constantly and 99% of the time without any consideration to security, they have no inbuilt firewalls or defence systems. There is an expectation that if you install smart devices which can communicate with the internet, that you are responsible for making them secure. Yet 99% of people have no idea how to or even that they have to. 
 

Who is hacking and why?

Who, just about anyone with a computer, with a little knowledge and some automated software tools can start a hacking career

  • kids

  • teenages

  • adults

  • organised crime (crypto virus, stealing and selling information)

  • state backed organisation from most of the major and many minor countries

Why, because they can, because they want to prove they smarter than you, to prove to their peers they are better than them, to steal, to spy, the reason are numerious and endless
 

How? 

There are so many ways that hackers can access attack you, the most effective way is what's called social engineering, using your own good nature against you. For example; there is often told tale, of a small child sent into a reception at a large corporation, she has a USB drive and the child asks if the receptionist can print off something for their mummy who is attending a meeting, or needs some homework for school printed, our nature is to want to help, so dutifully the receptionist takes the USB and inserts it into the reception computer to print 'the document', but the USB contains a virus, which then rapidly spreads through that organisations network. This is not fiction.
 
Here are just some of the ways people are hacked
  1. phising (fishing) emails, designed to trick you into taking some action - e.g. change your banking password. They will redirect you to website which will either steal your info as you type it, or result in downloading a virus
  2. The Nigerian Prince scam, another form of phising, with the promises or large payout - people still fall for this and its many variations
  3. Stealing your SIM; or more accurately SIM swap; where a hacker has enough info on you to get your mobile number moved to another SIM, which means they now get your SMS and phone calls, and able to get your verification codes from your banks
  4. Malware that steal your information
  5. Malware that encrypts your data and then demands a ransome to unlike it - ransomeware
  6. Direct hacking of your devices, phones, computers, tablets
  7. Direct hacking of your website to install malcious code
  8. Direct hacking of your home and/or office network
 

How can i protect myself?

There are many measures you can take to protect yourself, here are my top five suggestions
 
  1. DO NOT click on any link in any email, unless you are 110% sure you know who sent it, and even then, where you expecting them to send you a ZIP file or a link to some website (email addresses can be faked)

  2. Anti-virus/Anti-Malware software. This should be installed on EVERY device you have, your laptop, your phone, your tablet. Yes some operating systems are more secure than others, but that still does not prevent you been redirected to a malicious site. Whether you are a Windows PC or Apple Mac, and Android or iOS user - install AV software, and pay for it, the costs of this software is a very small insurance policy against what could befall you

  3. Multi-Factor authentication. This means that at least 3 pieces of information needs to be known in order to access your bank or other online services. Your username, your password and a 3rd randomly changing password (sometimes called a ONE time password OTP) that you have to enter to gain access to a system. 

  4. STRONG Passwords. What is a strong password.... something that is more than 10 character long, random, and nonsensical except to you.  READ THIS ARTICLE on Passwords for more information

  5. Improved firewalls for your home and business. 99% of homes and 90% of small businesses have inadequate firewall technology in place. READ THIS ARTICLE on Firewalls and why you need them
 

Protect your money

If your bank or credit union does not offer multi-factor authentication (MFA) or One Time Password (OTP) facilities - its time to change banks. 
An MFA is typically a random number of 6 numbers, synched to the back end systems at the bank and is valid from 30 to 60 seconds
Typically banks offer MFA in one of three ways
  1. sending OTP in a text message - if you have this facility it's time to upgrade to another method - this is prone to hacking and SIM swap scams
  2. Software token - such as google authenticator or Symantec VIP - this is a great option, always available on your phone, if you lose your phone or change phones you will need to setup new on new device
  3. Hardware token - these are typically small devices (think flash drive size) that have a small LCD with a rotating number, some banks charge a small fee to get the token (worth the cost)
 

How we can help!

We can do a cyber-security assessment of your business or even personal environments.
We can make recommendations on the best technology to suit your organisation.
We can make recommendation on best Anti-Virus/Anti-Malware solutions for your organisation.
 
 
If you would like a free consultation or help finding the right solution to your business problem, you can book an appointment directly or send a contact request via our contact page

Want to find out more?

CONTACT US