Story image

Back to the basics: Five ways to stay safe online

16 Oct 2018

Article by Palo Alto Networks systems engineering director Philip Dimitriu

Staying safe online is crucial and as hackers get more sophisticated and aggressive, some of the most effective ways to stay protected are also some of the simplest.

Unfortunately, these are also some of the most overlooked security precautions, perhaps precisely because they seem so basic.

Hardly a day goes by without a news report of another scam or hack in which innocent people lose time, money, or their identity in cyber attacks.

However, people can engage online and keep themselves safe at the same time without needing to become cybersecurity experts.

The first step is awareness.

People who aren’t aware of the need to protect themselves online are more likely to fall for scams or be successfully targeted by hackers.

In Australia and New Zealand, for example, cybersecurity awareness weeks are run annually to remind people that they can’t depend on technology alone to protect them from cybercriminals.

The good news is that it’s relatively easy for people to protect themselves online.

There are five basic security measures that are essential:

  1. Use unique passwords and multi-factor authentication to make it harder for attackers to access multiple accounts.
     
  2. Update apps to close security gaps. App-makers are constantly refining and improving their apps to make them perform better and be more secure, and these updates are free so there’s no reason users shouldn’t keep them updated to the latest version.
     
  3. Check privacy settings to ensure data isn’t being shared with third parties.
     
  4. Be aware of the risk of phishing attacks as well as the form these attacks could take. Phishing attacks rely on social engineering techniques to trick users into divulging information or making unauthorised payments or purchases.
     
  5. Don’t post on social media when executives are travelling. This information can be used to mount a successful phishing attack.

Phishing attacks or social-engineering attacks are on the rise, where cybercriminals trick people into divulging details and participating in scams.

These scams work because the cybercriminals conduct research, mainly through social media, to find out details about a person’s movements, preferences, and activities.

This gold mine of information can then be used to successfully guess a person’s password for example.

Once an attacker gains access to a person’s email account, there’s virtually no limit to the amount of damage they can do to that person individually and to the organisation they work for.

Another approach is to monitor the person’s activity and then create a plausible cover story in which the person is asked to pay an invoice they never incurred or buy gift cards on behalf of a senior person in their organisation.

The attacker sends emails that look legitimate and are convincing enough to make them follow the instructions.

Many smart people have been fooled into providing banking details, confidential system passwords, and more.

They pay the fake invoice because it looks just like an invoice they would normally expect to receive.

Or they buy the gift cards and provide the details to the cybercriminals (who are posing as a colleague or supervisor via email) so they can convert them to cash.

These losses can mount quickly.

In Australia alone, people lost AU$340 million to scammers in 2017, with $49.9 million attributed to scams via email, social media, apps and the internet.

In New Zealand, latest reports are showing losses to online scams of NZ$10 million in 2017.

This highlights the need for continued vigilance to stay safe online, especially as cyber threats continue to evolve and increase.

Organisations must also ensure that employees are fully educated and aware of the types of scams and risks they may encounter, so they’re prepared and know what to do if they’re targeted.

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.