Story image

Back to the basics: Five ways to stay safe online

16 Oct 2018

Article by Palo Alto Networks systems engineering director Philip Dimitriu

Staying safe online is crucial and as hackers get more sophisticated and aggressive, some of the most effective ways to stay protected are also some of the simplest.

Unfortunately, these are also some of the most overlooked security precautions, perhaps precisely because they seem so basic.

Hardly a day goes by without a news report of another scam or hack in which innocent people lose time, money, or their identity in cyber attacks.

However, people can engage online and keep themselves safe at the same time without needing to become cybersecurity experts.

The first step is awareness.

People who aren’t aware of the need to protect themselves online are more likely to fall for scams or be successfully targeted by hackers.

In Australia and New Zealand, for example, cybersecurity awareness weeks are run annually to remind people that they can’t depend on technology alone to protect them from cybercriminals.

The good news is that it’s relatively easy for people to protect themselves online.

There are five basic security measures that are essential:

  1. Use unique passwords and multi-factor authentication to make it harder for attackers to access multiple accounts.  
  2. Update apps to close security gaps. App-makers are constantly refining and improving their apps to make them perform better and be more secure, and these updates are free so there’s no reason users shouldn’t keep them updated to the latest version.  
  3. Check privacy settings to ensure data isn’t being shared with third parties.  
  4. Be aware of the risk of phishing attacks as well as the form these attacks could take. Phishing attacks rely on social engineering techniques to trick users into divulging information or making unauthorised payments or purchases.  
  5. Don’t post on social media when executives are travelling. This information can be used to mount a successful phishing attack.

Phishing attacks or social-engineering attacks are on the rise, where cybercriminals trick people into divulging details and participating in scams.

These scams work because the cybercriminals conduct research, mainly through social media, to find out details about a person’s movements, preferences, and activities.

This gold mine of information can then be used to successfully guess a person’s password for example.

Once an attacker gains access to a person’s email account, there’s virtually no limit to the amount of damage they can do to that person individually and to the organisation they work for.

Another approach is to monitor the person’s activity and then create a plausible cover story in which the person is asked to pay an invoice they never incurred or buy gift cards on behalf of a senior person in their organisation.

The attacker sends emails that look legitimate and are convincing enough to make them follow the instructions.

Many smart people have been fooled into providing banking details, confidential system passwords, and more.

They pay the fake invoice because it looks just like an invoice they would normally expect to receive.

Or they buy the gift cards and provide the details to the cybercriminals (who are posing as a colleague or supervisor via email) so they can convert them to cash.

These losses can mount quickly.

In Australia alone, people lost AU$340 million to scammers in 2017, with $49.9 million attributed to scams via email, social media, apps and the internet.

In New Zealand, latest reports are showing losses to online scams of NZ$10 million in 2017.

This highlights the need for continued vigilance to stay safe online, especially as cyber threats continue to evolve and increase.

Organisations must also ensure that employees are fully educated and aware of the types of scams and risks they may encounter, so they’re prepared and know what to do if they’re targeted.

Survey: IT pros nostalgic over on-prem data centre visibility
There are significant security and monitoring challenges faced by IT staff responsible for managing public and private cloud deployments.
61% of CIOs believe employees leak data maliciously
Egress conducted a survey to examine the root causes of employee-driven data breaches, their frequency, and impact.
Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
SIS announces a partnership with Platform 4
“We are looking forward to a strong future in the New Zealand security industry with this global giant as our strategic partner."
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.