Staying safe online is crucial and as hackers get more sophisticated and aggressive, some of the most effective ways to stay protected are also some of the simplest.
Unfortunately, these are also some of the most overlooked security precautions, perhaps precisely because they seem so basic.
Hardly a day goes by without a news report of another scam or hack in which innocent people lose time, money, or their identity in cyber attacks.
However, people can engage online and keep themselves safe at the same time without needing to become cybersecurity experts.
The first step is awareness.
People who aren't aware of the need to protect themselves online are more likely to fall for scams or be successfully targeted by hackers.
In Australia and New Zealand, for example, cybersecurity awareness weeks are run annually to remind people that they can't depend on technology alone to protect them from cybercriminals.
The good news is that it's relatively easy for people to protect themselves online.
There are five basic security measures that are essential:
- Use unique passwords and multi-factor authentication to make it harder for attackers to access multiple accounts.
- Update apps to close security gaps. App-makers are constantly refining and improving their apps to make them perform better and be more secure, and these updates are free so there's no reason users shouldn't keep them updated to the latest version.
- Check privacy settings to ensure data isn't being shared with third parties.
- Be aware of the risk of phishing attacks as well as the form these attacks could take. Phishing attacks rely on social engineering techniques to trick users into divulging information or making unauthorised payments or purchases.
- Don't post on social media when executives are travelling. This information can be used to mount a successful phishing attack.
Phishing attacks or social-engineering attacks are on the rise, where cybercriminals trick people into divulging details and participating in scams.
These scams work because the cybercriminals conduct research, mainly through social media, to find out details about a person's movements, preferences, and activities.
This gold mine of information can then be used to successfully guess a person's password for example.
Once an attacker gains access to a person's email account, there's virtually no limit to the amount of damage they can do to that person individually and to the organisation they work for.
Another approach is to monitor the person's activity and then create a plausible cover story in which the person is asked to pay an invoice they never incurred or buy gift cards on behalf of a senior person in their organisation.
The attacker sends emails that look legitimate and are convincing enough to make them follow the instructions.
Many smart people have been fooled into providing banking details, confidential system passwords, and more.
They pay the fake invoice because it looks just like an invoice they would normally expect to receive.
Or they buy the gift cards and provide the details to the cybercriminals (who are posing as a colleague or supervisor via email) so they can convert them to cash.
These losses can mount quickly.
In Australia alone, people lost AU$340 million to scammers in 2017, with $49.9 million attributed to scams via email, social media, apps and the internet.
In New Zealand, latest reports are showing losses to online scams of NZ$10 million in 2017.
This highlights the need for continued vigilance to stay safe online, especially as cyber threats continue to evolve and increase.
Organisations must also ensure that employees are fully educated and aware of the types of scams and risks they may encounter, so they're prepared and know what to do if they're targeted.