do I need it?
Take a quick look at SonicWall Attack Map or this BitDefender Threat Map or SpamHaus Botnet attacks... there a many of these sites and each one just shows one view of the global hacking and virus attack space. Combine them all and it's literally armageddon out there.
So do you need cyber-security - The short version is that hacking is part of our lives and is probably never going to go away - So YES.
15 years ago i was the victim of a card skimming racket and lost $2000 from my account, fortunately my bank reimbursed me, but that has put me on high alert every since. More recently a client of mine was the subject of spear-phishing, a targetted attack which used information gathered from various sources to hijack her direct online bank access. The final piece in the puzzle was to steal her phone number, by porting her number to another SIM card. This gave them the Multi-factor access they needed to logon to her accounts and steal $7000.
So if you think this can't happen to you, think again
The Scary world of IoTs
IoTs (internet of things) are devices like your smart TV, your smart fridge, those smart lightbulbs your installed in your home, that smart frontdoor lock. Countless new 'Smart' devices and appliances are been developed and 99% of the time without any consideration to security, they have no inbuilt firewalls or defence systems. There is an expectation that if you install smart devices which can communicate with the internet, that you are responsible for making them secure. Yet 99% of people have no idea how to or even that they have to.
And IoT devices are been hacked and used as part of botnets to hack other devices.
Who is hacking and why?
Who, just about anyone with a computer, with a little knowledge and some automated software tools can start a hacking career
organised crime (crypto virus, stealing and selling information)
state backed organisation from most of the major and many minor countries
Why, because they can, because they want to prove they are smarter than you, to prove to their peers they are better than them, to steal, to spy, the reason are numerious and endless
There are so many ways that hackers can attack you, the most effective way is what's called social engineering, using your own good nature against you. For example; there is often told tale, of a small child sent into a reception at a large corporation, she has a USB drive and the child asks if the receptionist can print off something for their mummy who is attending a meeting, or needs some homework for school printed, our nature is to want to help, so dutifully the receptionist takes the USB and inserts it into the reception computer to print 'the document', but the USB contains a virus, which then rapidly spreads through that organisations network. This is not fiction.
Here are just some of the ways people are hacked
- phising (fishing) emails, designed to trick you into taking some action - e.g. change your banking password. They will redirect you to website which will either steal your info as you type it, or result in downloading a virus
- The Nigerian Prince scam, another form of phising, with the promises or large payout - people still fall for this and its many variations
- Stealing your SIM; or more accurately SIM swap; where a hacker has enough info on you to get your mobile number moved to another SIM, which means they now get your SMS and phone calls, and able to get your verification codes from your banks
- Malware that steal your information
- Malware that encrypts your data and then demands a ransome to unlike it - ransomeware
- Direct hacking of your devices, phones, computers, tablets
- Direct hacking of your website to install malcious code
- Direct hacking of your home and/or office network
How can i protect myself?
There are many measures you can take to protect yourself, here are my top five suggestions
- DO NOT click on any link in any email, unless you are 110% sure you know who sent it, and even then, where you expecting them to send you a ZIP file or a link to some website (email addresses can be faked)
- Anti-virus/Anti-Malware software. This should be installed on EVERY device you have, your laptop, your phone, your tablet. Yes some operating systems are more secure than others, but that still does not prevent you been redirected to a malicious site. Whether you are a Windows PC or Apple Mac, and Android or iOS user - install AV software, and pay for it, the costs of this software is a very small insurance policy against what could befall you
- Multi-Factor authentication. This means that at least 3 pieces of information needs to be known in order to access your bank or other online services. Your username, your password and a 3rd randomly changing password (sometimes called a ONE time password OTP) that you have to enter to gain access to a system.
- STRONG Passwords. What is a strong password.... something that is more than 10 character long, random, and nonsensical except to you. READ THIS ARTICLE on Passwords for more information
- Improved firewalls for your home and business. 99% of homes and 90% of small businesses have inadequate firewall technology in place. READ THIS ARTICLE on Firewalls and why you need them
Protect your money
If your bank or credit union does not offer multi-factor authentication (MFA) or One Time Password (OTP) facilities - its time to change banks.
An MFA is typically a random number of 6 numbers, synched to the back end systems at the bank and is valid from 30 to 60 seconds
Typically banks offer MFA in one of three ways
- sending OTP in a text message - if you have this facility it's time to upgrade to another method - this is prone to hacking and SIM swap scams
- Software token - such as google authenticator or Symantec VIP - this is a great option, always available on your phone, if you lose your phone or change phones you will need to setup new on new device
- Hardware token - these are typically small devices (think flash drive size) that have a small LCD with a rotating number, some banks charge a small fee to get the token (worth the cost)
How we can help!
We can do a cyber-security assessment of your business or even personal environments.
We can make recommendations on the best technology to suit your organisation.
We can make recommendation on best Anti-Virus/Anti-Malware solutions for your organisation.