Story image

Back to the basics: Five ways to stay safe online

16 Oct 18

Article by Palo Alto Networks systems engineering director Philip Dimitriu

Staying safe online is crucial and as hackers get more sophisticated and aggressive, some of the most effective ways to stay protected are also some of the simplest.

Unfortunately, these are also some of the most overlooked security precautions, perhaps precisely because they seem so basic.

Hardly a day goes by without a news report of another scam or hack in which innocent people lose time, money, or their identity in cyber attacks.

However, people can engage online and keep themselves safe at the same time without needing to become cybersecurity experts.

The first step is awareness.

People who aren’t aware of the need to protect themselves online are more likely to fall for scams or be successfully targeted by hackers.

In Australia and New Zealand, for example, cybersecurity awareness weeks are run annually to remind people that they can’t depend on technology alone to protect them from cybercriminals.

The good news is that it’s relatively easy for people to protect themselves online.

There are five basic security measures that are essential:

  1. Use unique passwords and multi-factor authentication to make it harder for attackers to access multiple accounts.
     
  2. Update apps to close security gaps. App-makers are constantly refining and improving their apps to make them perform better and be more secure, and these updates are free so there’s no reason users shouldn’t keep them updated to the latest version.
     
  3. Check privacy settings to ensure data isn’t being shared with third parties.
     
  4. Be aware of the risk of phishing attacks as well as the form these attacks could take. Phishing attacks rely on social engineering techniques to trick users into divulging information or making unauthorised payments or purchases.
     
  5. Don’t post on social media when executives are travelling. This information can be used to mount a successful phishing attack.

Phishing attacks or social-engineering attacks are on the rise, where cybercriminals trick people into divulging details and participating in scams.

These scams work because the cybercriminals conduct research, mainly through social media, to find out details about a person’s movements, preferences, and activities.

This gold mine of information can then be used to successfully guess a person’s password for example.

Once an attacker gains access to a person’s email account, there’s virtually no limit to the amount of damage they can do to that person individually and to the organisation they work for.

Another approach is to monitor the person’s activity and then create a plausible cover story in which the person is asked to pay an invoice they never incurred or buy gift cards on behalf of a senior person in their organisation.

The attacker sends emails that look legitimate and are convincing enough to make them follow the instructions.

Many smart people have been fooled into providing banking details, confidential system passwords, and more.

They pay the fake invoice because it looks just like an invoice they would normally expect to receive.

Or they buy the gift cards and provide the details to the cybercriminals (who are posing as a colleague or supervisor via email) so they can convert them to cash.

These losses can mount quickly.

In Australia alone, people lost AU$340 million to scammers in 2017, with $49.9 million attributed to scams via email, social media, apps and the internet.

In New Zealand, latest reports are showing losses to online scams of NZ$10 million in 2017.

This highlights the need for continued vigilance to stay safe online, especially as cyber threats continue to evolve and increase.

Organisations must also ensure that employees are fully educated and aware of the types of scams and risks they may encounter, so they’re prepared and know what to do if they’re targeted.

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Updated: Chch crypto-exchange Cryptopia suffers breach
Cryptopia has reportedly experienced a security breach that has taken the entire platform offline – and resulted in ‘significant losses’.
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.